Windows Analysis Report
SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe
Analysis ID:	1447253
MD5:	166dffbe964c48c778e24617ec1a683d
SHA1:	463813d3e78537dce33dffe1adcfcaaab2b7f3a5
SHA256:	97d5ae489ea5268f5ac420ec13e5e2b15b9ea69d6a61ee5c70b39a23dda9e7d0
Tags:	exe
Infos:

Detection

Score:	9
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Checks for available system drives (often done to infect USB drives)

Contains functionality to call native functions

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to query locales information (e.g. system language)

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found potential string decryption / allocating functions

HTML body with high number of embedded images detected

HTML body with high number of large embedded background images detected

IP address seen in connection with other malware

Is looking for software installed on the system

JA3 SSL client fingerprint seen in connection with other malware

PE / OLE file has an invalid certificate

PE file contains executable resources (Code or Archives)

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Registers a DLL

Sample file is different than original file name gathered from version info

Sigma detected: Use NTFS Short Name in Command Line

Sigma detected: Use Short Name Path in Command Line

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

HTML body with high number of embedded images detected

Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register

HTTP Parser: Total embedded image size: 34780

HTML body with high number of large embedded background images detected

Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register

HTTP Parser: Total embedded background img size: 879584

Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register	HTTP Parser: No favicon
Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register	HTTP Parser: No favicon
Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register	HTTP Parser: No favicon

Uses 32bit PE files

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:60691 version: TLS 1.0

Source: C:\Windows\System32\msiexec.exe

File opened: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.164.15:443 -> 192.168.2.4:60594 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:60595 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:60596 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:60597 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:60598 version: TLS 1.2

Source:	Binary string: vcomp.i386.pdb source: vcomp.dll.6.dr
Source:	Binary string: MFCM80U.i386.pdb source: mfcm80u.dll.6.dr
Source:	Binary string: vcomp.i386.pdbp source: vcomp.dll.6.dr
Source:	Binary string: msvcp70.pdb source: is-QQFVQ.tmp.1.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	1_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004511DC FindFirstFileA,GetLastError,	1_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	1_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	10_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	10_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004511DC FindFirstFileA,GetLastError,	10_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	10_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	10_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	10_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	10_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	10_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	14_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	14_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004511DC FindFirstFileA,GetLastError,	14_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	14_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	14_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	14_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	14_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	14_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	16_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	16_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004511DC FindFirstFileA,GetLastError,	16_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	16_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	16_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	16_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	16_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	16_2_0045DE20

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.4:52685 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:60593 -> 162.159.36.2:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 13.107.253.67 13.107.253.67
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:60691 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rU+HBvaC1yu2Tc9&MD=p3aPXsTG HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rU+HBvaC1yu2Tc9&MD=p3aPXsTG HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rU+HBvaC1yu2Tc9&MD=p3aPXsTG HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Register.aspx?Type=Install&ProgID=72&URL=Register HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /content/check_affiliate_v2.js HTTP/1.1Host: secure.avangate.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /checkout/client/twoCoInlineCart.js HTTP/1.1Host: secure.2checkout.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /impact-write-cookie.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webpack-runtime-c3e566b68af78f5a1881.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /framework-4cf5ecd37f9363b1291b.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /app-ec6a9b7fc501dcfa2bce.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /styles-e9d24b1846c7d6eb9685.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /commons-6d24d96f29bfebe3476c.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fc36456533b5c3f455badd7fedf67d455632ae09-d47c18182f1ea88950d1.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /065285d60ba513d3bcbdfb63a33fa8101bb0b358-4821f749d7a07c3e7df2.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /2065217a474d4a3fd54097f75f88115fcb365010-adda0b8e31f45949fb70.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /33e6b7bb568ff42f71b848c5df167b4296d898c4-ac14a9bffec845baa13f.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /component---src-pages-register-aspx-js-6f46d8866c51b1dcd83a.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/register.aspx/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/sq/d/1818369706.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/app-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/korea-flag-79791aa1b82ec319446a28648f789d47.svg HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/portugal-flag-fbf130c4cf651d793ef080714eb235d7.svg HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /j.php?a=279977&u=https%3A%2F%2Fwww.avs4you.com%2FRegister.aspx%3FType%3DInstall%26ProgID%3D72%26URL%3DRegister&f=1&r=0.39962393127720364 HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/korea-flag-79791aa1b82ec319446a28648f789d47.svg HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/portugal-flag-fbf130c4cf651d793ef080714eb235d7.svg HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /impact-affiliates-run.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/246926afbd284fb716642aa731f7a86a/77c99/register-available-carts.png HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/privacy.aspx/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,/;q=0.8Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/index/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,/;q=0.8Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7.0/va-02675bafc3b15c3fe9607f49f9c72a3c.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7.0/track-02675bafc3b15c3fe9607f49f9c72a3c.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analysis/4.0/opa-2015714ead7ef389f4c17a73331ce8c0.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v.gif?cd=0&a=279977&d=avs4you.com&u=D7089C87ED9985DECDFE20D474BE53994&h=76d0d9c659f6f247740bd2ae94d457e2&t=false HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /settings.js?a=279977&settings_type=1&vn=7.0&exc=18\|25 HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analysis/worker-70faafffa0475802f5ee03ca5ff74179.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.avs4you.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/246926afbd284fb716642aa731f7a86a/77c99/register-available-carts.png HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151
Source: global traffic	HTTP traffic detected: GET /v.gif?cd=0&a=279977&d=avs4you.com&u=D7089C87ED9985DECDFE20D474BE53994&h=76d0d9c659f6f247740bd2ae94d457e2&t=false HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analysis/worker-70faafffa0475802f5ee03ca5ff74179.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /component---src-pages-privacy-aspx-js-a7a853f585e8da46a6a3.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
Source: global traffic	HTTP traffic detected: GET /component---src-pages-index-js-61c1fcfe70144a5f0bfa.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
Source: global traffic	HTTP traffic detected: GET /tag/uet/4024645 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/privacy.aspx/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
Source: global traffic	HTTP traffic detected: GET /page-data/index/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
Source: global traffic	HTTP traffic detected: GET /td/ga/rul?tid=G-BWSZ9WEBRH&gacid=1987730708.1716565152&gtm=45je45m0v9102177972z876934661za200zb76934661&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=1807214805 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/0.7.32/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=3de2ac6fe27f4600a8f7c15bf03c6d47.20240524.20250524
Source: global traffic	HTTP traffic detected: GET /td/ga/rul?tid=G-FEYVLL88YK&gacid=1987730708.1716565152&gtm=45je45m0v9123194436za200&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=845811239 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&_u=YADAAUAAAAAAACAAI~&z=87124993 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&gjid=1175162250&_gid=46386595.1716565154&_u=YADAAUAAAAAAACAAI~&z=1129856423 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmqpvDYlxfcWstlwcoqkKeD4dYxWfdNkHnYfEJyDppLZtaUrWLZz_LyGCWF
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&_u=YADAAUAAAAAAACAAI~&z=87124993 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ed7f220203bc9be09c14ffd0c19f9a1d0b534e3f-82d027f8e710db6311dc.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /ead3ba2693165d7b73a42f285fc121a8252cf06a-642d45fdbaba40596fd0.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /1b9a2f2d6d29c30dd1e8760cd3a43981f2804204-435dd3d34a8fa193caf3.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /9dca3c060c98a2ec0e5a6368c886bb5833c66958-6c0ebfb674551fc6862e.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /dbfd5dde42d0c6776b28c56d4c3e613fa59d0324-5229893a2299067c0dab.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /4a429f41750768c4912c7a69233f153b0200c016-b04f582e48009a30a2ad.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /page-data/app-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /Register.aspx?Type=Install&ProgID=72&URL=Register HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043C8000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000C9D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <lnu><lau>Cada video no podra superar 10 minutos de duracion y 1GB de tamano. A veces hay que esperar unos 30 minutos o mas hasta que un fichero demasiado grande aparezca en YouTube. Si sus ficheros son demasiado grandes, usted puede usar el <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> para cortar video o crear ficheros de menor tamano. equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223647373.0000000000724000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: <lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes.AlignText equals www.youtube.com (Youtube)
Source: AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043C8000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000BEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes. equals www.youtube.com (Youtube)
Source: AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes.$<lnu><lau> equals www.youtube.com (Youtube)
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000BEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes.ile pi equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: Best regards1.0*.lickeyxshttp://www.avsdop.com/avswebservice/service.asmxAVS4YOU\LicenceAVS4YOU\LicenceAVSMedia\LicenceSOFTWARE\Digital River\SoftwarePassport\\\BuyURLBuyURLSavePassUserNamePassNameFieldTitleTagsCategoryDescriptionSizeLast Folderc:\Category.iniCategoryCountCategoryCategorySavePassNameFieldTitleTitleTagsTagsCategoryCategoryDescriptionDescriptionSizeSizeIDS_7IDS_20All SuccessAVS4You, b IDS_21 IDS_22YouTubeUploaderSourceFileNamePropertiestitledescriptiontagscategoryIDS_23IDS_6IDS_5IDS_0IDS_1IDS_2IDS_3IDS_4-ti:-ta:-vc:-de:auto-hp:IDS_23IDS_8PathToExeLast Folder openCategory.iniCategoryCountCategoryCategory\Software\AVS4YOU\VideoConverter6\\Software\AVS4YOU\VideoConverter\PathToExePathToExePathToExePathToExeopenhttp://www.avs4you.com/AVS-Video-Converter.aspxopenhttp://youtube.com/signupUserNamePassHelpPathPathToLicenceAVS4YOU_EULA.rtfAppPathdata\About.rtfPathToExeRegistration.exe equals www.youtube.com (Youtube)
Source: chromecache_249.21.dr	String found in binary or memory: Sony PSP, Android and BlackBerry and upload it right to the device\" : \"Create a video for mobile phones or gaming consoles such as Apple iPod, Apple iPhone, Apple iPad, Sony PSP, Android and BlackBerry and upload it right to the device.\",\n\"Save video into Flash or WebM format and upload to the popular web services\" : \"Save video into Flash or WebM format and upload to the popular web services\",\n\"YouTube, Facebook, Telly, Dailymotion, Flickr and Dropbox\" : \"YouTube, Facebook, Telly, Dailymotion, Flickr and Dropbox.\",\n\"Become an expert in video editing right now\" : \"Become an expert in video editing right now!\",\n\"Purchasing AVS Video Editor 1 year subscription, you acquire full access to the program during 1 year\" : \"Purchasing AVS Video Editor 1 year subscription, you acquire full access to the program during 1 year.\",\n\"At the end of your 1 year subscription, your subscription auto-renews on an annual basis and you will incur the cost for the subscription until you explicitly cancel your subscription by logging into My account and clicking Cancel Subscription in your account settings\" : \"At the end of your 1 year subscription, your subscription auto-renews on an annual basis and you will incur the cost for the subscription until you explicitly cancel your subscription by logging into My account and clicking Cancel Subscription in your account settings.\",\n\"Purchasing AVS Video Editor unlimited subscription, you acquire full access to the program without any time limitations\" : \"Purchasing AVS Video Editor unlimited subscription, you acquire full access to the program without any time limitations.\",\n\"There is no need to renew the subscription\" : \"There is no need to renew the subscription.\",\n\"Trim\" : \"Trim\",\n\"Crop\" : \"Crop\",\n\"Split\" : \"Split\",\n\"Join\" : \"Join\",\n\n\n\"***************************MONEYBACK****************************\" : \"*************************MONEYBACK******************************\",\n\"30 Days\" : \"30 Days \",\n\"Moneyback\" : \"Moneyback\",\n\"Guarantee\" : \" Guarantee\",\n\"In case you are not satisfied with the software bought from the wwwavs4youcom web site, you can have your money back within 30 days since the purchase\" : \"In case you are not satisfied with the software bought from the www.avs4you.com web site, you can have your money back within 30 days since the purchase.\",\n\"Learn more\" : \"LEARN MORE\",\n\"Moneyback rules\" : \"Moneyback rules\",\n\"The moneyback is applicable for all the subscription types (at the moment this includes the unlimited and the one-year subscription types)\" : \"The moneyback is applicable for all the subscription types (at the moment this includes the unlimited and the one-year subscription types).\",\n\"We reserve the right to suspend moneyback service at any moment Nevertheless all the requests for moneyback before this date will be accepted\" : \"We reserve the right to suspend moneyback service at any moment.
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2229703630.000000000018C000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: TfrmMain.IDS_6=<lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes.$<lnu><lau> equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2229703630.000000000018C000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: er un fichier de taille plus petite.$<lnu><lau>Cada video no podra superar 10 minutos de duracion y 1GB de tamano. A veces hay que esperar unos 30 minutos o mas hasta que un fichero demasiado grande aparezca en YouTube. Si sus ficheros son demasiado grandes, usted puede usar el <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> para cortar video o crear ficheros de menor tamano.$<lnu><lau>Ogni video pu equals www.youtube.com (Youtube)
Source: chromecache_249.21.dr	String found in binary or memory: s why this video editing software is a great choice for beginners. At the same time it is fully packed with advanced editing features such as color correction, video stabilization, overlay, chromakey and many others which will be handy for video experts as well.\",\n\t\"hrefRegister\" : \"https://www.avs4you.com/register.aspx\",\n\t\"japanTextVideoeditor\" : \" \",\n\t\"Reviewed and highly rated by\" : \"Reviewed and highly rated by\",\n\n\n\n\t\"***************************AVS Video Converter****************************\": \"*************************AVS Video Converter******************************\",\n\t\"Free Video Converter for Windows\" : \"Free Video Converter for Windows\",\n\t\"Convert any video with AVS Free Video Converter for Windows\": \"Convert any video with AVS Free Video Converter for Windows\",\n\t\"AVS Free Video Converter converts video files to all popular video formats MP4, DVD, MPEG, MOV, FLV and others absolutely free Download Free AVS Video Converter\": \"AVS Free Video Converter converts video files to all popular video formats MP4, DVD, MPEG, MOV and others absolutely free. Download Free AVS Video Converter\",\n\t\"Convert videos for iPhone, iPad, Android, Samsung, YouTube, Facebook, etc\" : \"Convert videos for iPhone, iPad, Android, Samsung, YouTube, Facebook, etc.\",\n\t\"free video converter, video to mp3, video converter, video download converter, video converter to mp4, avs video converter, avs4you, avs, avs converter, avs4u, video converter tool, video converter software, mp4 to mp3 converter, mp4 to avi converter, mp4 to 3gp converter, mp4 video converter, convert dvd, convert avi, convert mp4, convert wmv, convert mov, video file converter, dvd converter, convert mp4 to dvd, avi converter, video converting, video conversion\": \"free video converter, video to mp3, video converter, video download converter, video converter to mp4, avs video converter, avs4you, avs, avs converter, avs4u, video converter tool, video converter software, mp4 to mp3 converter, mp4 to avi converter, mp4 to 3gp converter, mp4 video converter, convert dvd, convert avi, convert mp4, convert wmv, convert mov, video file converter, dvd converter, convert mp4 to dvd, avi converter, video converting, video conversion\",\n\t\"Convert to from video formats MP4, DVD, AVI, WMV,MOV, MPEG4, VOB, FLV, MKV, MTS, 2K QHD, 4K UHD and DCI 4K etc fast and easily\": \"Convert from/to 150+ formats: MP4, MOV, MKV, WEBM, DVD, AVI, WMV, MPEG, M2TS, TS, 2K QHD, 4K UHD and DCI 4K, etc.\",\n\t\" equals www.facebook.com (Facebook)
Source: chromecache_249.21.dr	String found in binary or memory: s why this video editing software is a great choice for beginners. At the same time it is fully packed with advanced editing features such as color correction, video stabilization, overlay, chromakey and many others which will be handy for video experts as well.\",\n\t\"hrefRegister\" : \"https://www.avs4you.com/register.aspx\",\n\t\"japanTextVideoeditor\" : \" \",\n\t\"Reviewed and highly rated by\" : \"Reviewed and highly rated by\",\n\n\n\n\t\"***************************AVS Video Converter****************************\": \"*************************AVS Video Converter******************************\",\n\t\"Free Video Converter for Windows\" : \"Free Video Converter for Windows\",\n\t\"Convert any video with AVS Free Video Converter for Windows\": \"Convert any video with AVS Free Video Converter for Windows\",\n\t\"AVS Free Video Converter converts video files to all popular video formats MP4, DVD, MPEG, MOV, FLV and others absolutely free Download Free AVS Video Converter\": \"AVS Free Video Converter converts video files to all popular video formats MP4, DVD, MPEG, MOV and others absolutely free. Download Free AVS Video Converter\",\n\t\"Convert videos for iPhone, iPad, Android, Samsung, YouTube, Facebook, etc\" : \"Convert videos for iPhone, iPad, Android, Samsung, YouTube, Facebook, etc.\",\n\t\"free video converter, video to mp3, video converter, video download converter, video converter to mp4, avs video converter, avs4you, avs, avs converter, avs4u, video converter tool, video converter software, mp4 to mp3 converter, mp4 to avi converter, mp4 to 3gp converter, mp4 video converter, convert dvd, convert avi, convert mp4, convert wmv, convert mov, video file converter, dvd converter, convert mp4 to dvd, avi converter, video converting, video conversion\": \"free video converter, video to mp3, video converter, video download converter, video converter to mp4, avs video converter, avs4you, avs, avs converter, avs4u, video converter tool, video converter software, mp4 to mp3 converter, mp4 to avi converter, mp4 to 3gp converter, mp4 video converter, convert dvd, convert avi, convert mp4, convert wmv, convert mov, video file converter, dvd converter, convert mp4 to dvd, avi converter, video converting, video conversion\",\n\t\"Convert to from video formats MP4, DVD, AVI, WMV,MOV, MPEG4, VOB, FLV, MKV, MTS, 2K QHD, 4K UHD and DCI 4K etc fast and easily\": \"Convert from/to 150+ formats: MP4, MOV, MKV, WEBM, DVD, AVI, WMV, MPEG, M2TS, TS, 2K QHD, 4K UHD and DCI 4K, etc.\",\n\t\" equals www.youtube.com (Youtube)
Source: regsvr32.exe, 00000008.00000002.2097720419.000000000334A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/watch?v= equals www.youtube.com (Youtube)
Source: regsvr32.exe, 00000008.00000002.2097720419.000000000334A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/watch?v=Cej equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: www.avs4you.com
Source: global traffic	DNS traffic detected: DNS query: secure.avangate.com
Source: global traffic	DNS traffic detected: DNS query: secure.2checkout.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dev.visualwebsiteoptimizer.com
Source: global traffic	DNS traffic detected: DNS query: www.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: s.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: c.clarity.ms

Source: unknown

HTTP traffic detected: POST /g/collect?v=2&tid=G-BWSZ9WEBRH&cid=1987730708.1716565152&gtm=45je45m0v9102177972z876934661za200zb76934661&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.avs4you.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://avs4you.comdefresitavs4you.comavs4you.com/My
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/AVSRequest
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/AVSRequestP
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/Z
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/h
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/utf-8http://avsdop.com/AVSWebService/AVSRequestSOFTWARE
Source: Registration.exe, 00000009.00000003.2185938608.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185973886.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172021158.00000000021A0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171545162.000000000217C000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171531135.0000000002180000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172412820.00000000021A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171343419.000000000219C000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171511857.0000000002184000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171193252.0000000002198000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/
Source: Registration.tmp, 0000000A.00000003.2171560764.000000000218C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/4%
Source: Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171531135.0000000002180000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140037805.0000000002098000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136995709.0000000002210000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168713723.0000000001F84000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168755599.0000000001F88000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166620254.0000000002150000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/A
Source: Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172021158.00000000021A0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172412820.00000000021A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171343419.000000000219C000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171193252.0000000002198000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138413957.0000000002250000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136877808.0000000002249000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136924245.000000000224C000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/About
Source: Registration.exe, 00000009.00000003.2185938608.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171531135.0000000002180000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140037805.0000000002098000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140150875.000000000209C000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136976122.0000000002214000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168784667.0000000001F8C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168713723.0000000001F84000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/Acerca
Source: AVSUpdateManager.tmp, 00000010.00000003.2166693055.0000000002158000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/H5
Source: Registration.exe, 00000009.00000003.2185938608.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185973886.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171511857.0000000002184000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140037805.0000000002098000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140281048.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140150875.000000000209C000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136976122.0000000002214000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168784667.0000000001F8C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168820099.0000000001F90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/Informazioni
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140534216.00000000020A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/d
Source: Registration.exe, 00000009.00000003.2186006945.00000000020B4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/x(
Source: AVSYouTubeUploader.exe, 00000012.00000002.2922494111.00000000006E1000.00000004.00000001.01000000.00000010.sdmp	String found in binary or memory: http://reg.avs4you.com/prolongation/prol
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://reg.avs4you.com/prolongation/prolongation.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/prolongation/prolongation.aspx?Type=App&ProgID=72&URL=Prolong
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/prolongation/prolongation.aspxa
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136924245.000000000224C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Suppor
Source: AVS4YOUSoftwareNavigator.tmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Supporp
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Supporpo
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Support
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137136716.0000000000589000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Support~G
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/4)
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223269311.0000000000401000.00000020.00000001.01000000.00000010.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types
Source: Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167346208.0000000000618000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166481192.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166856160.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000002.2168076276.0000000000619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com#http://www.avs4you.com/support.aspx6http://www.avs4you.com/SoftwareNavigator/
Source: Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com)http://www.avs4you.com/support/index.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229337585.00000000021A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654724224.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/#http://www.avs4you.com/support.aspx0http://www.avs4you.com/AVS-YouTube-Uploa
Source: AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/.
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2245216281.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229221226.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/2
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/?Type=App&ProgId=72&URL=Main
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/?utm_medium=Navigator&utm_source=Navigator&utm_content=Main
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/?utm_medium=Navigator&utm_source=Navigator&utm_content=Mainopen
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137454297.0000000000546000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138910442.0000000000549000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/?utm_medium=Navigator&utm_source=Navigator&utm_content=Mains
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000005259000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspx9
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspxA
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspxI
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspxQ
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Converter.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Converter.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Editor.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Editor.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Grabber.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Grabber.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Mix.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Mix.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Recorder.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Recorder.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Cover-Editor.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Cover-Editor.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Authoring.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Authoring.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Copy.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Copy.aspxP
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000005259000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxY
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxi
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxq
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Disc-Creator.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Disc-Creator.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Image-Converter.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Image-Converter.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Media-Player.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Media-Player.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Mobile-Uploader.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Mobile-Uploader.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Photo-Editor.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Photo-Editor.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Registry-Cleaner.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Registry-Cleaner.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Ringtone-Maker.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Ringtone-Maker.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Slideshow-Maker.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Slideshow-Maker.aspxa
Source: Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-System-Cleaner.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-System-Info.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-System-Info.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-TV-Box.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-TV-Box.aspxP
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000C9D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Converter.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Converter.aspxopenhttp://youtube.com/signupUserNamePassHelpPathPath
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Converter6.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Converter6.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Editor4.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Editor4.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Recorder.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Recorder.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Remaker.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Remaker.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-Flash.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-Flash.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx)
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx1
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx9
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-YouTube-Uploader.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2245216281.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229221226.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-YouTube-Uploader.aspx.
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-YouTube-Uploader.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-iDevice-Explorer.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-iDevice-Explorer.aspxa
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSAudioConverter.exe?utm_medium=Navigator&utm_source=Navigator&utm
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSAudioEditor.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSAudioRecorder.exe?utm_medium=Navigator&utm_source=Navigator&utm_
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSDVDAuthoring.exe?utm_medium=Navigator&utm_source=Navigator&utm_c
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSDVDCopy.exe?utm_medium=Navigator&utm_source=Navigator&utm_conten
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSDiscCreator.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSFirewall.exe?utm_medium=Navigator&utm_source=Navigator&utm_conte
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSMediaPlayer.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSMusicMix.exe?utm_medium=Navigator&utm_source=Navigator&utm_conte
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSRegistryCleaner.exe?utm_medium=Navigator&utm_source=Navigator&ut
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSRingtoneMaker.exe?utm_medium=Navigator&utm_source=Navigator&utm_
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSSystemInfo.exe?utm_medium=Navigator&utm_source=Navigator&utm_con
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoConverter.exe?utm_medium=Navigator&utm_source=Navigator&utm
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoEditor.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoReMaker.exe?utm_medium=Navigator&utm_source=Navigator&utm_c
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoRecorder.exe?utm_medium=Navigator&utm_source=Navigator&utm_
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138044565.00000000021F5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideotoFlash.exe?utm_medium=Navigator&utm_source=Navigator&utm_c
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideotoGO.exe?utm_medium=Navigator&utm_source=Navigator&utm_cont
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideotoPSP.exe?utm_medium=Navigator&utm_source=Navigator&utm_con
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideotoiPod.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/Encrypted-DVD.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Encrypted-DVD.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Encrypted-DVD.aspxy
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138044565.00000000021F5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Guides/index.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Guide
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/OnlineHelp/index.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=O
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspt
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register%/
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register:
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterJ
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterX
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerb
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registercoll
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229435648.000000000057C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230192487.000000000057F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerhttp://www.avs4you.com
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registern.
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerse_P
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerste
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000BEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?utm_medium=Register&utm_source=Navigator&utm_content=Register
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?utm_medium=Register&utm_source=Navigator&utm_content=RegisterPa
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/SoftwareNavigator/Download.aspx
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/SoftwareNavigator/Download.aspx2
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137136716.0000000000589000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/SoftwareNavigator/Download.aspx~
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/audio.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Audio
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/?Type=App&ProgId=72&URL=Main
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2229703630.000000000018C000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043E7000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043C8000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2928475760.0000000004553000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000042F2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/AVS-Video-Converter.aspx
Source: Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/Register.aspxx
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/disc.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=D
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/disc.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Dis
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/disc.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Disk
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/disc.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Diskpk&
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSArchiver.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSArchiver.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioConverter.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioConverter.exe9
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioEditor.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioEditor.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioGrabber.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioGrabber.exeq
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioGrabber.exey
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioMix.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioMix.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioRecorder.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioRecorder.exe)
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioRecorder.exe1
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSCoverEditor.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSCoverEditor.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDAuthoring.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDAuthoring.exeA
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDAuthoring.exeI
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDCopy.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDCopy.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDPlayer.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDPlayer.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDiscCreator.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDiscCreator.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSImageConverter.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSImageConverter.exeq
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMediaPlayer.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMediaPlayer.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exeI
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exeQ
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exeY
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSPhotoEditor.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSPhotoEditor.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSRegistryCleaner.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSRegistryCleaner.exe9
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSRingtoneMaker.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSRingtoneMaker.exei
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSlideshowMaker.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSlideshowMaker.exe)
Source: Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSystemCleaner.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSystemInfo.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSystemInfo.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSTVBox.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSTVBox.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoConverter6.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoConverter6.exeI
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoEditor4.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoEditor4.exeQ
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoEditor4.exeY
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRecorder.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRecorder.exeQ
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRemaker.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRemaker.exei
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRemaker.exeq
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoFlash.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoFlash.exe)
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoFlash.exey
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoGo.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoGo.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSYouTubeUploader.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSYouTubeUploader.exe1
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSYouTubeUploader.exeA
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSiDeviceExplorer.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSiDeviceExplorer.exea
Source: AVSUpdateManager.tmp, 00000010.00000003.2166716303.000000000215C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/update/UpdateList.x
Source: AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/update/UpdateList.xml
Source: AVSUpdateManager.tmp, 00000010.00000003.2167346208.0000000000618000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166481192.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166856160.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000002.2168076276.0000000000619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/update/UpdateList.xml0t
Source: AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/update/UpdateList.xmlUpdateList.xmlUpdateList.xmlUpdateList.xmlAVS.
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228894355.0000000002164000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/wmfdist.ex
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/wmfdist.exe
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/?Type=App&ProgId=72&URL=Main
Source: Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/Register.aspx?Type=Install&ProgID=72&URL=Register
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/Register.aspxx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/fr/?Type=App&ProgId=72&URL=Main
Source: Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/fr/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/fr/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/fr/Register.aspxx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000265F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/index.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2922850333.00000000006F1000.00000004.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2922494111.00000000006E1000.00000004.00000001.01000000.00000010.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/index.aspxhttp://www.avs4you.com/support.aspxhttp://www.avs4you.com/Encrypted
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000265F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/index.aspxq
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/it/?Type=App&ProgId=72&URL=Main
Source: Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/it/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/it/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/it/Register.aspxx
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/mobile.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Mobile
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/register.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/register.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000265F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654724224.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspx0
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspx6
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000265F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspxA
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2245216281.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229221226.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspxB
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspxF
Source: Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167346208.0000000000618000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166481192.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166856160.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000002.2168076276.0000000000619000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support/index.aspx
Source: AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support/index.aspx&
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/system-utilities.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=S
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/video.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Video
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com2
Source: Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com:
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137136716.0000000000589000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com_
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000C8E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxAVS4YOU
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxAVS4YOUSoftwareNavigatorTSoftwareNavigatorMainFormAV
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxOnline
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxProductIDSOFTWARE
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2233071754.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654724224.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2233312922.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2232960458.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228842588.0000000002158000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avsmedia.com/
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types0t
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesc0da53f
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesc0da53k
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesde1097d
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesgdiplum
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesmmon-cm
Source: AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: AVSUpdateManager.tmp, AVSUpdateManager.tmp, 00000010.00000000.2155537547.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, is-7IQCS.tmp.1.dr	String found in binary or memory: http://www.innosetup.com/
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.regnow.com/softsell/nph-softsell.cgi?item=
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655618164.00000000020C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655422820.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000000.1656101245.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Registration.exe, 00000009.00000003.2099523510.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099803134.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, Registration.tmp, 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125525259.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125355086.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138693801.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2153287660.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2154854250.0000000001F94000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, AVSUpdateManager.tmp, 00000010.00000000.2155537547.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, is-7IQCS.tmp.1.dr	String found in binary or memory: http://www.remobjects.com/?ps
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655618164.00000000020C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655422820.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000000.1656101245.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Registration.exe, 00000009.00000003.2099523510.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099803134.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125525259.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125355086.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138693801.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2153287660.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2154854250.0000000001F94000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000000.2155537547.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, is-7IQCS.tmp.1.dr	String found in binary or memory: http://www.remobjects.com/?psU
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://youtube.com/signup
Source: chromecache_249.21.dr	String found in binary or memory: https://developers.google.com/analytics/resources/concepts/gaConceptsTrackingOverview
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1pL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2pL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWSw
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWT4
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV0
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV4
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV8
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVA
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVI
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVM
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVQ
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVw
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_249.21.dr	String found in binary or memory: https://onlinehelpstaticcontents.avs4you.com/downloads/documents/refund.pdf
Source: chromecache_249.21.dr	String found in binary or memory: https://store.avs4you.com/order/checkout.php?PRODS=604110&QTY=1&CART=1&CARD=2&SHORT_FORM=1&CURRENCY=
Source: chromecache_249.21.dr	String found in binary or memory: https://store.avs4you.com/order/checkout.php?PRODS=604132&QTY=1&CART=1&CARD=2&SHORT_FORM=1&CURRENCY=
Source: chromecache_249.21.dr	String found in binary or memory: https://store.avs4you.com/order/checkout.php?PRODS=604132&QTY=1&CART=1&CARD=2&SHORT_FORM=1&LANGUAGES
Source: chromecache_249.21.dr	String found in binary or memory: https://www.avs4you.com/register.aspx
Source: chromecache_249.21.dr	String found in binary or memory: https://www.onlyoffice.com/download-desktop.aspx?utm_source=email&utm_medium=email&utm_campaign=avs-

Source: unknown	Network traffic detected: HTTP traffic on port 60598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60655 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60617 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60652
Source: unknown	Network traffic detected: HTTP traffic on port 60706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60659
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60658
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60657
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60656
Source: unknown	Network traffic detected: HTTP traffic on port 60641 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60655
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60658 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60706
Source: unknown	Network traffic detected: HTTP traffic on port 60637 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60612 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60663
Source: unknown	Network traffic detected: HTTP traffic on port 60644 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60662
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60661
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60660
Source: unknown	Network traffic detected: HTTP traffic on port 60696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60669 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60669
Source: unknown	Network traffic detected: HTTP traffic on port 60661 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60668
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60667
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60700
Source: unknown	Network traffic detected: HTTP traffic on port 60623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60657 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60615 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60638 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60674
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60673
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60671
Source: unknown	Network traffic detected: HTTP traffic on port 60691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60643 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60678
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60677
Source: unknown	Network traffic detected: HTTP traffic on port 60610 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60607
Source: unknown	Network traffic detected: HTTP traffic on port 60652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60595 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60618 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60683
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60680
Source: unknown	Network traffic detected: HTTP traffic on port 60694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60629 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60663 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60621 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60687
Source: unknown	Network traffic detected: HTTP traffic on port 60680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60619
Source: unknown	Network traffic detected: HTTP traffic on port 60659 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60618
Source: unknown	Network traffic detected: HTTP traffic on port 60594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60613 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60695
Source: unknown	Network traffic detected: HTTP traffic on port 60645 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60694
Source: unknown	Network traffic detected: HTTP traffic on port 60697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60668 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60617
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60616
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60615
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60613
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60612
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60611
Source: unknown	Network traffic detected: HTTP traffic on port 60607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60610
Source: unknown	Network traffic detected: HTTP traffic on port 60622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60698
Source: unknown	Network traffic detected: HTTP traffic on port 60633 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60597 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60629
Source: unknown	Network traffic detected: HTTP traffic on port 60616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60628
Source: unknown	Network traffic detected: HTTP traffic on port 60640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60627
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60625
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60623
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60622
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60621
Source: unknown	Network traffic detected: HTTP traffic on port 60682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60611 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60598
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60597
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60630
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60596
Source: unknown	Network traffic detected: HTTP traffic on port 60619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60595
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60594
Source: unknown	Network traffic detected: HTTP traffic on port 60695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60639
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60638
Source: unknown	Network traffic detected: HTTP traffic on port 60628 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60637
Source: unknown	Network traffic detected: HTTP traffic on port 60662 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60633
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60632
Source: unknown	Network traffic detected: HTTP traffic on port 60656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60639 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60642
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60641
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60640
Source: unknown	Network traffic detected: HTTP traffic on port 60673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60667 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60649
Source: unknown	Network traffic detected: HTTP traffic on port 60625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60642 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60645
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60644
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60643

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.164.15:443 -> 192.168.2.4:60594 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:60595 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:60596 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:60597 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:60598 version: TLS 1.2

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00423B2C NtdllDefWindowProc_A,	1_2_00423B2C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004722D4 NtdllDefWindowProc_A,	1_2_004722D4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00412580 NtdllDefWindowProc_A,	1_2_00412580
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0042ED38 NtdllDefWindowProc_A,	1_2_0042ED38
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	1_2_004551F4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0042ED38 NtdllDefWindowProc_A,	10_2_0042ED38
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00423B2C NtdllDefWindowProc_A,	10_2_00423B2C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004722D4 NtdllDefWindowProc_A,	10_2_004722D4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00412580 NtdllDefWindowProc_A,	10_2_00412580
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	10_2_004551F4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00423B2C NtdllDefWindowProc_A,	14_2_00423B2C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004722D4 NtdllDefWindowProc_A,	14_2_004722D4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00412580 NtdllDefWindowProc_A,	14_2_00412580
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0042ED38 NtdllDefWindowProc_A,	14_2_0042ED38
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	14_2_004551F4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00423B2C NtdllDefWindowProc_A,	16_2_00423B2C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004722D4 NtdllDefWindowProc_A,	16_2_004722D4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00412580 NtdllDefWindowProc_A,	16_2_00412580
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0042ED38 NtdllDefWindowProc_A,	16_2_0042ED38
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	16_2_004551F4

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_0042E6CC: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,

1_2_0042E6CC

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	0_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	1_2_00453AF8
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: 9_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	9_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	10_2_00453AF8
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: 12_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	12_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	14_2_00453AF8
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: 15_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	15_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	16_2_00453AF8

Creates files inside the system directory

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-59604.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-45HP1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-QQFVQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-AOVL1.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4d11bc.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{7299052b-02a4-4627-81f2-1818da5d550d}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI146C.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A39.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.0\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.0\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.1\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.1\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.0\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.0\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.1\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.1\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844835.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844835.0\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844835.0\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4d11bf.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4d11bf.msi	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI146C.tmp

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004082E8	0_2_004082E8
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00462994	1_2_00462994
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0046AC90	1_2_0046AC90
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004797C1	1_2_004797C1
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00485FE0	1_2_00485FE0
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004800E8	1_2_004800E8
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0044416C	1_2_0044416C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004305D0	1_2_004305D0
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00444864	1_2_00444864
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004588EC	1_2_004588EC
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0046498C	1_2_0046498C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00434A2C	1_2_00434A2C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00444C70	1_2_00444C70
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0047F238	1_2_0047F238
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0043D44C	1_2_0043D44C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045B694	1_2_0045B694
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0042FB74	1_2_0042FB74
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00443BC4	1_2_00443BC4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00433D28	1_2_00433D28
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: 9_2_004082E8	9_2_004082E8
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00462994	10_2_00462994
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0046AC90	10_2_0046AC90
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004797C1	10_2_004797C1
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00485FE0	10_2_00485FE0
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004800E8	10_2_004800E8
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0044416C	10_2_0044416C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004305D0	10_2_004305D0
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00444864	10_2_00444864
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004588EC	10_2_004588EC
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0046498C	10_2_0046498C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00434A2C	10_2_00434A2C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00444C70	10_2_00444C70
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0047F238	10_2_0047F238
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0043D44C	10_2_0043D44C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045B694	10_2_0045B694
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0042FB74	10_2_0042FB74
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00443BC4	10_2_00443BC4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00433D28	10_2_00433D28
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: 12_2_004082E8	12_2_004082E8
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00462994	14_2_00462994
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0046AC90	14_2_0046AC90
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004797C1	14_2_004797C1
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00485FE0	14_2_00485FE0
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004800E8	14_2_004800E8
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0044416C	14_2_0044416C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004305D0	14_2_004305D0
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00444864	14_2_00444864
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004588EC	14_2_004588EC
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0046498C	14_2_0046498C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00434A2C	14_2_00434A2C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00444C70	14_2_00444C70
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0047F238	14_2_0047F238
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0043D44C	14_2_0043D44C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045B694	14_2_0045B694
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0042FB74	14_2_0042FB74
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00443BC4	14_2_00443BC4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00433D28	14_2_00433D28
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: 15_2_004082E8	15_2_004082E8
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00462994	16_2_00462994
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0046AC90	16_2_0046AC90
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004797C1	16_2_004797C1
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004800E8	16_2_004800E8
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0044416C	16_2_0044416C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004305D0	16_2_004305D0
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00444864	16_2_00444864
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004588EC	16_2_004588EC
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0046498C	16_2_0046498C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00434A2C	16_2_00434A2C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00444C70	16_2_00444C70
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0047F238	16_2_0047F238
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0043D44C	16_2_0043D44C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045B694	16_2_0045B694
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0042FB74	16_2_0042FB74
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00443BC4	16_2_00443BC4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00433D28	16_2_00433D28
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00485FE0	16_2_00485FE0

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00405964 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 004454D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00407894 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00433C40 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00455970 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00451AC0 appears 72 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00455B70 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 004457A0 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00403684 appears 204 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00408BAC appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00405964 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 004454D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00407894 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00433C40 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00455970 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00451AC0 appears 72 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00455B70 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 004457A0 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00403684 appears 204 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00408BAC appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00405964 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 004454D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00407894 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00433C40 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00455970 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00451AC0 appears 72 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00455B70 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 004457A0 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00403684 appears 204 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00408BAC appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00405964 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 004454D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00407894 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00433C40 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00455970 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00451AC0 appears 72 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00455B70 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 004457A0 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00403684 appears 204 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00408BAC appears 44 times

PE / OLE file has an invalid certificate

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Static PE information: invalid certificate

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-H552E.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-74BKC.tmp.10.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: is-HAFFP.tmp.10.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped

PE file does not import any functions

Source: mfc80CHS.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80DEU.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80ESP.dll.6.dr	Static PE information: No import functions for PE file found
Source: is-AOVL1.tmp.1.dr	Static PE information: No import functions for PE file found
Source: mfc80FRA.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80ITA.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80KOR.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80CHT.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80ENU.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80JPN.dll.6.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655618164.00000000020C0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655422820.0000000002310000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Uses 32bit PE files

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: _RegDLL.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: _RegDLL.tmp.10.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: clean9.winEXE@44/266@12/10

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	0_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	1_2_00453AF8
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: 9_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	9_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	10_2_00453AF8
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: 12_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	12_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	14_2_00453AF8
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: 15_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	15_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	16_2_00453AF8

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_00454320 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,

1_2_00454320

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Code function: 0_2_00409A04 FindResourceA,SizeofResource,LoadResource,LockResource,

0_2_00409A04

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

File created: C:\Program Files (x86)\AVS4YOU

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\AVS YouTube Uploader.lnk

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

File created: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp

Jump to behavior

Source: Yara match	File source: 18.0.AVSYouTubeUploader.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.0.AVSUpdateManager.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000000.2272634371.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.2223269311.0000000000401000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2165588256.0000000005259000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-U55IL.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\AVS4YOU\is-G618K.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-1O3D5.tmp, type: DROPPED

Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Process created: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp "C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp" /SL5="$1044A,10568020,53248,C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredist.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 82837F4300B66549CD108A749FF00E18
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll"
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Process created: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp "C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp" /SL5="$304A0,5538535,53248,C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Process created: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp "C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp" /SL5="$104D6,1455797,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Process created: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp "C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp" /SL5="$A04F2,1689432,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ATL.dll"
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1968,i,9419666226059867181,14086244882520364381,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Process created: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp "C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp" /SL5="$1044A,10568020,53248,C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredist.msi"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ATL.dll"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 82837F4300B66549CD108A749FF00E18	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Process created: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp "C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp" /SL5="$304A0,5538535,53248,C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Process created: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp "C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp" /SL5="$104D6,1455797,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Process created: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp "C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp" /SL5="$A04F2,1689432,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1968,i,9419666226059867181,14086244882520364381,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: atl.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: olepro32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: textshaping.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: riched32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: riched20.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: usp10.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: msls31.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: acgenral.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: mpr.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: aclayers.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: sfc.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: sfc_os.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: olepro32.dll

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: AVS YouTube Uploader.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe
Source: AVS YouTube Uploader.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe
Source: AVS YouTube Uploader.lnk1.1.dr	LNK file: ..\..\..\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe
Source: Activation.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\AVS4YOU\Registration.exe
Source: Uninstall.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\AVS4YOU\Uninstall.exe
Source: License Agreement.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\AVS4YOU\License Agreement.rtf
Source: Help.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\AVS4YOU\AVS4YOUHelp.chm
Source: Repair.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Common Files\AVSMedia\ActiveX\Repairing.exe

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Automated click: Continue

Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Static file information: File size 10891576 > 1048576

Source: C:\Windows\System32\msiexec.exe

File opened: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll

Jump to behavior

Source:	Binary string: vcomp.i386.pdb source: vcomp.dll.6.dr
Source:	Binary string: MFCM80U.i386.pdb source: mfcm80u.dll.6.dr
Source:	Binary string: vcomp.i386.pdbp source: vcomp.dll.6.dr
Source:	Binary string: msvcp70.pdb source: is-QQFVQ.tmp.1.dr

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_0044AD34 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_0044AD34

Registers a DLL

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll"

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00406518 push 00406555h; ret	0_2_0040654D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004040B5 push eax; ret	0_2_004040F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00404185 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00404206 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_0040C218 push eax; ret	0_2_0040C219
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004042E8 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00404283 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00408D90 push 00408DC3h; ret	0_2_00408DBB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00407FE0 push ecx; mov dword ptr [esp], eax	0_2_00407FE5
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004098EC push 00409929h; ret	1_2_00409921
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004062CC push ecx; mov dword ptr [esp], eax	1_2_004062CD
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004305D0 push ecx; mov dword ptr [esp], eax	1_2_004305D5
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00410678 push ecx; mov dword ptr [esp], edx	1_2_0041067D
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004128D0 push 00412933h; ret	1_2_0041292B
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0047C88C push 0047C96Ah; ret	1_2_0047C962
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00450A78 push 00450AABh; ret	1_2_00450AA3
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00442B3C push ecx; mov dword ptr [esp], ecx	1_2_00442B40
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040CFD0 push ecx; mov dword ptr [esp], edx	1_2_0040CFD2
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004573DC push 00457420h; ret	1_2_00457418
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045B38C push ecx; mov dword ptr [esp], eax	1_2_0045B391
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040546D push eax; ret	1_2_004054A9
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040F530 push ecx; mov dword ptr [esp], edx	1_2_0040F532
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040553D push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004715E8 push ecx; mov dword ptr [esp], edx	1_2_004715E9
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004055BE push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040563B push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004056A0 push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00419BD0 push ecx; mov dword ptr [esp], ecx	1_2_00419BD5
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00455C0C push 00455C44h; ret	1_2_00455C3C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0047DEE0 push ecx; mov dword ptr [esp], ecx	1_2_0047DEE5
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00409FE7 push ds; ret	1_2_00409FE8

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-45HP1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\Repairing.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\Updater.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msxml3a.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-7IQCS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\AVS4YOU\Registration.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-DS07H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-59604.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-1O3D5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\AVS4YOU\Uninstall.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI146C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-H0AS6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BAU28.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-74BKC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-62FLE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-QQFVQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\AVS4YOU\is-G618K.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateOptions.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcp70.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\AVS4YOU\is-JBP6O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-AOVL1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcr70.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	File created: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	File created: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-HAFFP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-PEHBR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	Jump to dropped file
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	File created: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Jump to dropped file
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	File created: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-VRG54.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-H552E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-U55IL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_setup64.tmp	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-QQFVQ.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-45HP1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcp70.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-AOVL1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcr70.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msxml3a.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-59604.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI146C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Video	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Video\AVS YouTube Uploader.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Activation.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Uninstall.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\License Agreement.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Help.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Repair.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\AVS4YOU Software Navigator.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\AVS Update Manager.lnk

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	1_2_00422804
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0042413C IsIconic,SetActiveWindow,	1_2_0042413C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00424184 IsIconic,SetActiveWindow,SetFocus,	1_2_00424184
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	1_2_0047C25C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	1_2_0041832C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00417540 IsIconic,GetCapture,	1_2_00417540
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00417C76 IsIconic,SetWindowPos,	1_2_00417C76
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	1_2_00417C78
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	10_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	10_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0042413C IsIconic,SetActiveWindow,	10_2_0042413C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00424184 IsIconic,SetActiveWindow,SetFocus,	10_2_00424184
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	10_2_0047C25C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	10_2_0041832C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	10_2_00422804
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00417540 IsIconic,GetCapture,	10_2_00417540
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00417C76 IsIconic,SetWindowPos,	10_2_00417C76
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	10_2_00417C78
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	14_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	14_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0042413C IsIconic,SetActiveWindow,	14_2_0042413C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00424184 IsIconic,SetActiveWindow,SetFocus,	14_2_00424184
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	14_2_0047C25C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	14_2_0041832C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	14_2_00422804
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00417540 IsIconic,GetCapture,	14_2_00417540
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00417C76 IsIconic,SetWindowPos,	14_2_00417C76
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	14_2_00417C78
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	16_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	16_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0042413C IsIconic,SetActiveWindow,	16_2_0042413C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00424184 IsIconic,SetActiveWindow,SetFocus,	16_2_00424184
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	16_2_0047C25C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	16_2_0041832C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	16_2_00422804
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00417540 IsIconic,GetCapture,	16_2_00417540
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00417C76 IsIconic,SetWindowPos,	16_2_00417C76
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	16_2_00417C78

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

1_2_0044AD34

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-45HP1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\Repairing.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\Updater.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\msxml3a.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-7IQCS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\Registration.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-DS07H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-59604.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\Registration\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\Uninstall.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI146C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-H0AS6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BAU28.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-62FLE.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-QQFVQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\is-G618K.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateOptions.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\msvcp70.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\is-JBP6O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\msvcr70.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-AOVL1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-PEHBR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-VRG54.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_setup64.tmp	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Evasive API call chain: GetSystemTime,DecisionNodes

Is looking for software installed on the system

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Registry key enumerated: More than 105 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	1_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004511DC FindFirstFileA,GetLastError,	1_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	1_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	10_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	10_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004511DC FindFirstFileA,GetLastError,	10_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	10_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	10_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	10_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	10_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	10_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	14_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	14_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004511DC FindFirstFileA,GetLastError,	14_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	14_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	14_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	14_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	14_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	14_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	16_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	16_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004511DC FindFirstFileA,GetLastError,	16_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	16_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	16_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	16_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	16_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	16_2_0045DE20

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Code function: 0_2_00409948 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

0_2_00409948

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Enterprise without Hyper-V (full installation)
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Microsoft Hyper-V Server
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Datacenter without Hyper-V (full installation)
Source: AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: pkernel32.dllGetProductInfoBusinessBusiness NHPC EditionServer Datacenter (full installation)Server Datacenter (core installation)Server Datacenter without Hyper-V (core installation)Server Datacenter without Hyper-V (full installation)EnterpriseEnterprise NServer Enterprise (full installation)Server Enterprise (core installation)Server Enterprise without Hyper-V (core installation)Server Enterprise for Itanium-based SystemsServer Enterprise without Hyper-V (full installation)Home BasicHome Basic NHome PremiumHome Premium NMicrosoft Hyper-V ServerWindows Essential Business Server Management ServerWindows Essential Business Server Messaging ServerWindows Essential Business Server Security ServerWindows Server 2008 for Windows Essential Server SolutionsWindows Server 2008 without Hyper-V for Windows Essential Server SolutionsWindows Small Business ServerServer Standard (full installation)Server Standard (core installation)Server Standard without Hyper-V (core installation)Server Standard without Hyper-V (full installation)StarterStorage Server EnterpriseStorage Server ExpressStorage Server StandardStorage Server WorkgroupUltimateUltimate NWeb Server (full installation)Web Server (core installation)Microsoft Windows 7Microsoft Windows VistaWindows Server "Longhorn"kernel32.dllGetNativeSystemInfoMicrosoft Windows Server 2003 "R2"Microsoft Windows XP Professional x64 EditionMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows NTMajorVersion: MinorVersion: Workstation 4.0 Home Edition Professional Datacenter Edition for Itanium-based Systems Enterprise Edition for Itanium-based Systems Datacenter x64 Edition Enterprise x64 EditionStandard x64 Edition Datacenter Edition Enterprise Edition Web Edition Standard Edition Datacenter Server Advanced Server Server Server 4.0, Enterprise Edition Server 4.0SYSTEM\CurrentControlSet\Control\ProductOptionsProductTypeWINNT WorkstationLANMANNT ServerSERVERNT Advanced Server .Service Pack 6SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009Service Pack 6a (Build ) (Build ) (Build ) Microsoft Windows 95 OSR2 Microsoft Windows 98 SE Microsoft Windows Millennium EditionMicrosoft Win32sBytesKBMBGB0.00 _%03dSeShutdownPrivilege deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly D
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Enterprise without Hyper-V (core installation)
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Standard without Hyper-V (core installation)
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: 4lrkernel32.dllGetProductInfoBusinessBusiness NHPC EditionServer Datacenter (full installation)Server Datacenter (core installation)Server Datacenter without Hyper-V (core installation)Server Datacenter without Hyper-V (full installation)EnterpriseEnterprise NServer Enterprise (full installation)Server Enterprise (core installation)Server Enterprise without Hyper-V (core installation)Server Enterprise for Itanium-based SystemsServer Enterprise without Hyper-V (full installation)Home BasicHome Basic NHome PremiumHome Premium NMicrosoft Hyper-V ServerWindows Essential Business Server Management ServerWindows Essential Business Server Messaging ServerWindows Essential Business Server Security ServerWindows Server 2008 for Windows Essential Server SolutionsWindows Server 2008 without Hyper-V for Windows Essential Server SolutionsWindows Small Business ServerServer Standard (full installation)Server Standard (core installation)Server Standard without Hyper-V (core installation)Server Standard without Hyper-V (full installation)StarterStorage Server EnterpriseStorage Server ExpressStorage Server StandardStorage Server WorkgroupUltimateUltimate NWeb Server (full installation)Web Server (core installation)Microsoft Windows 7Microsoft Windows VistaWindows Server "Longhorn"kernel32.dllGetNativeSystemInfoMicrosoft Windows Server 2003 "R2"Microsoft Windows XP Professional x64 EditionMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows NTMajorVersion: MinorVersion: Workstation 4.0 Home Edition Professional Datacenter Edition for Itanium-based Systems Enterprise Edition for Itanium-based Systems Datacenter x64 Edition Enterprise x64 EditionStandard x64 Edition Datacenter Edition Enterprise Edition Web Edition Standard Edition Datacenter Server Advanced Server Server Server 4.0, Enterprise Edition Server 4.0SYSTEM\CurrentControlSet\Control\ProductOptionsProductTypeWINNT WorkstationLANMANNT ServerSERVERNT Advanced Server .Service Pack 6SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009Service Pack 6a (Build ) (Build ) (Build ) Microsoft Windows 95 OSR2 Microsoft Windows 98 SE Microsoft Windows Millennium EditionMicrosoft Win32sBytesKBMBGB0.00 _%03dSeShutdownPrivilege
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Datacenter without Hyper-V (core installation)
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Windows Server 2008 without Hyper-V for Windows Essential Server Solutions
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Standard without Hyper-V (full installation)

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

1_2_0044AD34

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_00471D70 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,

1_2_00471D70

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredist.msi"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_0045A0E8 GetVersion,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,AllocateAndInitializeSid,GetLastError,LocalFree,

1_2_0045A0E8

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: GetLocaleInfoA,	0_2_0040515C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: GetLocaleInfoA,	0_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: GetLocaleInfoA,	1_2_00408508
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: GetLocaleInfoA,	1_2_00408554
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: GetLocaleInfoA,	9_2_0040515C
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: GetLocaleInfoA,	9_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: GetLocaleInfoA,	10_2_00408508
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: GetLocaleInfoA,	10_2_00408554
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: GetLocaleInfoA,	12_2_0040515C
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: GetLocaleInfoA,	12_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: GetLocaleInfoA,	14_2_00408508
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: GetLocaleInfoA,	14_2_00408554
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: GetLocaleInfoA,	15_2_0040515C
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: GetLocaleInfoA,	15_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: GetLocaleInfoA,	16_2_00408508
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: GetLocaleInfoA,	16_2_00408554

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_004566B8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,

1_2_004566B8

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Code function: 0_2_004026C4 GetSystemTime,

0_2_004026C4

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_00453AB0 GetUserNameA,

1_2_00453AB0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Code function: 0_2_00405C44 GetVersionExA,

0_2_00405C44

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.96.102.137	dev.visualwebsiteoptimizer.com	United States	15169	GOOGLEUS	false
13.107.253.67	s-part-0039.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
74.125.206.156	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
172.217.23.110	analytics.google.com	United States	15169	GOOGLEUS	false
18.244.140.117	www.avs4you.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
45.60.14.94	sab84n7.x.incapdns.net	United States	19551	INCAPSULAUS	false
142.250.186.66	td.doubleclick.net	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
dev.visualwebsiteoptimizer.com	34.96.102.137	true
sab84n7.x.incapdns.net	45.60.14.94	true
www.google.com	216.58.206.68	true
analytics.google.com	172.217.23.110	true
td.doubleclick.net	142.250.186.66	true
s-part-0039.t-0009.fb-t-msedge.net	13.107.253.67	true
mdig4.x.incapdns.net	45.60.14.94	true
www.avs4you.com	18.244.140.117	true
stats.g.doubleclick.net	74.125.206.156	true
secure.avangate.com	unknown	unknown
s.clarity.ms	unknown	unknown
15.164.165.52.in-addr.arpa	unknown	unknown
www.clarity.ms	unknown	unknown
secure.2checkout.com	unknown	unknown
c.clarity.ms	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.avs4you.com/4a429f41750768c4912c7a69233f153b0200c016-b04f582e48009a30a2ad.js	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/component---src-pages-index-js-61c1fcfe70144a5f0bfa.js	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/static/korea-flag-79791aa1b82ec319446a28648f789d47.svg	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/ed7f220203bc9be09c14ffd0c19f9a1d0b534e3f-82d027f8e710db6311dc.js	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/styles-e9d24b1846c7d6eb9685.js	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/framework-4cf5ecd37f9363b1291b.js	false	Avira URL Cloud: safe	unknown
https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-2015714ead7ef389f4c17a73331ce8c0.js	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/component---src-pages-register-aspx-js-6f46d8866c51b1dcd83a.js	false	Avira URL Cloud: safe	unknown
https://dev.visualwebsiteoptimizer.com/7.0/track-02675bafc3b15c3fe9607f49f9c72a3c.js	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/page-data/app-data.json	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/app-ec6a9b7fc501dcfa2bce.js	false	Avira URL Cloud: safe	unknown

HTML body with high number of embedded images detected

Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register

HTTP Parser: Total embedded image size: 34780

HTML body with high number of large embedded background images detected

Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register

HTTP Parser: Total embedded background img size: 879584

Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register	HTTP Parser: No favicon
Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register	HTTP Parser: No favicon
Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register	HTTP Parser: No favicon

Uses 32bit PE files

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:60691 version: TLS 1.0

Source: C:\Windows\System32\msiexec.exe

File opened: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.164.15:443 -> 192.168.2.4:60594 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:60595 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:60596 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:60597 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:60598 version: TLS 1.2

Source:	Binary string: vcomp.i386.pdb source: vcomp.dll.6.dr
Source:	Binary string: MFCM80U.i386.pdb source: mfcm80u.dll.6.dr
Source:	Binary string: vcomp.i386.pdbp source: vcomp.dll.6.dr
Source:	Binary string: msvcp70.pdb source: is-QQFVQ.tmp.1.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	1_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004511DC FindFirstFileA,GetLastError,	1_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	1_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	10_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	10_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004511DC FindFirstFileA,GetLastError,	10_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	10_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	10_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	10_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	10_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	10_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	14_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	14_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004511DC FindFirstFileA,GetLastError,	14_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	14_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	14_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	14_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	14_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	14_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	16_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	16_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004511DC FindFirstFileA,GetLastError,	16_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	16_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	16_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	16_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	16_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	16_2_0045DE20

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.4:52685 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:60593 -> 162.159.36.2:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 13.107.253.67 13.107.253.67
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:60691 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rU+HBvaC1yu2Tc9&MD=p3aPXsTG HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rU+HBvaC1yu2Tc9&MD=p3aPXsTG HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rU+HBvaC1yu2Tc9&MD=p3aPXsTG HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Register.aspx?Type=Install&ProgID=72&URL=Register HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /content/check_affiliate_v2.js HTTP/1.1Host: secure.avangate.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /checkout/client/twoCoInlineCart.js HTTP/1.1Host: secure.2checkout.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /impact-write-cookie.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webpack-runtime-c3e566b68af78f5a1881.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /framework-4cf5ecd37f9363b1291b.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /app-ec6a9b7fc501dcfa2bce.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /styles-e9d24b1846c7d6eb9685.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /commons-6d24d96f29bfebe3476c.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fc36456533b5c3f455badd7fedf67d455632ae09-d47c18182f1ea88950d1.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /065285d60ba513d3bcbdfb63a33fa8101bb0b358-4821f749d7a07c3e7df2.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /2065217a474d4a3fd54097f75f88115fcb365010-adda0b8e31f45949fb70.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /33e6b7bb568ff42f71b848c5df167b4296d898c4-ac14a9bffec845baa13f.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /component---src-pages-register-aspx-js-6f46d8866c51b1dcd83a.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/register.aspx/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/sq/d/1818369706.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/app-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/korea-flag-79791aa1b82ec319446a28648f789d47.svg HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/portugal-flag-fbf130c4cf651d793ef080714eb235d7.svg HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /j.php?a=279977&u=https%3A%2F%2Fwww.avs4you.com%2FRegister.aspx%3FType%3DInstall%26ProgID%3D72%26URL%3DRegister&f=1&r=0.39962393127720364 HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/korea-flag-79791aa1b82ec319446a28648f789d47.svg HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/portugal-flag-fbf130c4cf651d793ef080714eb235d7.svg HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /impact-affiliates-run.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/246926afbd284fb716642aa731f7a86a/77c99/register-available-carts.png HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/privacy.aspx/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,/;q=0.8Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/index/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,/;q=0.8Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7.0/va-02675bafc3b15c3fe9607f49f9c72a3c.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7.0/track-02675bafc3b15c3fe9607f49f9c72a3c.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analysis/4.0/opa-2015714ead7ef389f4c17a73331ce8c0.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v.gif?cd=0&a=279977&d=avs4you.com&u=D7089C87ED9985DECDFE20D474BE53994&h=76d0d9c659f6f247740bd2ae94d457e2&t=false HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /settings.js?a=279977&settings_type=1&vn=7.0&exc=18\|25 HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analysis/worker-70faafffa0475802f5ee03ca5ff74179.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.avs4you.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/246926afbd284fb716642aa731f7a86a/77c99/register-available-carts.png HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151
Source: global traffic	HTTP traffic detected: GET /v.gif?cd=0&a=279977&d=avs4you.com&u=D7089C87ED9985DECDFE20D474BE53994&h=76d0d9c659f6f247740bd2ae94d457e2&t=false HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analysis/worker-70faafffa0475802f5ee03ca5ff74179.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /component---src-pages-privacy-aspx-js-a7a853f585e8da46a6a3.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
Source: global traffic	HTTP traffic detected: GET /component---src-pages-index-js-61c1fcfe70144a5f0bfa.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
Source: global traffic	HTTP traffic detected: GET /tag/uet/4024645 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/privacy.aspx/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
Source: global traffic	HTTP traffic detected: GET /page-data/index/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
Source: global traffic	HTTP traffic detected: GET /td/ga/rul?tid=G-BWSZ9WEBRH&gacid=1987730708.1716565152&gtm=45je45m0v9102177972z876934661za200zb76934661&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=1807214805 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/0.7.32/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=3de2ac6fe27f4600a8f7c15bf03c6d47.20240524.20250524
Source: global traffic	HTTP traffic detected: GET /td/ga/rul?tid=G-FEYVLL88YK&gacid=1987730708.1716565152&gtm=45je45m0v9123194436za200&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=845811239 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&_u=YADAAUAAAAAAACAAI~&z=87124993 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&gjid=1175162250&_gid=46386595.1716565154&_u=YADAAUAAAAAAACAAI~&z=1129856423 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmqpvDYlxfcWstlwcoqkKeD4dYxWfdNkHnYfEJyDppLZtaUrWLZz_LyGCWF
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&_u=YADAAUAAAAAAACAAI~&z=87124993 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ed7f220203bc9be09c14ffd0c19f9a1d0b534e3f-82d027f8e710db6311dc.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /ead3ba2693165d7b73a42f285fc121a8252cf06a-642d45fdbaba40596fd0.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /1b9a2f2d6d29c30dd1e8760cd3a43981f2804204-435dd3d34a8fa193caf3.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /9dca3c060c98a2ec0e5a6368c886bb5833c66958-6c0ebfb674551fc6862e.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /dbfd5dde42d0c6776b28c56d4c3e613fa59d0324-5229893a2299067c0dab.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /4a429f41750768c4912c7a69233f153b0200c016-b04f582e48009a30a2ad.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /page-data/app-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /Register.aspx?Type=Install&ProgID=72&URL=Register HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043C8000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000C9D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <lnu><lau>Cada video no podra superar 10 minutos de duracion y 1GB de tamano. A veces hay que esperar unos 30 minutos o mas hasta que un fichero demasiado grande aparezca en YouTube. Si sus ficheros son demasiado grandes, usted puede usar el <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> para cortar video o crear ficheros de menor tamano. equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223647373.0000000000724000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: <lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes.AlignText equals www.youtube.com (Youtube)
Source: AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043C8000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000BEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes. equals www.youtube.com (Youtube)
Source: AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes.$<lnu><lau> equals www.youtube.com (Youtube)
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000BEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes.ile pi equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: Best regards1.0*.lickeyxshttp://www.avsdop.com/avswebservice/service.asmxAVS4YOU\LicenceAVS4YOU\LicenceAVSMedia\LicenceSOFTWARE\Digital River\SoftwarePassport\\\BuyURLBuyURLSavePassUserNamePassNameFieldTitleTagsCategoryDescriptionSizeLast Folderc:\Category.iniCategoryCountCategoryCategorySavePassNameFieldTitleTitleTagsTagsCategoryCategoryDescriptionDescriptionSizeSizeIDS_7IDS_20All SuccessAVS4You, b IDS_21 IDS_22YouTubeUploaderSourceFileNamePropertiestitledescriptiontagscategoryIDS_23IDS_6IDS_5IDS_0IDS_1IDS_2IDS_3IDS_4-ti:-ta:-vc:-de:auto-hp:IDS_23IDS_8PathToExeLast Folder openCategory.iniCategoryCountCategoryCategory\Software\AVS4YOU\VideoConverter6\\Software\AVS4YOU\VideoConverter\PathToExePathToExePathToExePathToExeopenhttp://www.avs4you.com/AVS-Video-Converter.aspxopenhttp://youtube.com/signupUserNamePassHelpPathPathToLicenceAVS4YOU_EULA.rtfAppPathdata\About.rtfPathToExeRegistration.exe equals www.youtube.com (Youtube)
Source: chromecache_249.21.dr	String found in binary or memory: Sony PSP, Android and BlackBerry and upload it right to the device\" : \"Create a video for mobile phones or gaming consoles such as Apple iPod, Apple iPhone, Apple iPad, Sony PSP, Android and BlackBerry and upload it right to the device.\",\n\"Save video into Flash or WebM format and upload to the popular web services\" : \"Save video into Flash or WebM format and upload to the popular web services\",\n\"YouTube, Facebook, Telly, Dailymotion, Flickr and Dropbox\" : \"YouTube, Facebook, Telly, Dailymotion, Flickr and Dropbox.\",\n\"Become an expert in video editing right now\" : \"Become an expert in video editing right now!\",\n\"Purchasing AVS Video Editor 1 year subscription, you acquire full access to the program during 1 year\" : \"Purchasing AVS Video Editor 1 year subscription, you acquire full access to the program during 1 year.\",\n\"At the end of your 1 year subscription, your subscription auto-renews on an annual basis and you will incur the cost for the subscription until you explicitly cancel your subscription by logging into My account and clicking Cancel Subscription in your account settings\" : \"At the end of your 1 year subscription, your subscription auto-renews on an annual basis and you will incur the cost for the subscription until you explicitly cancel your subscription by logging into My account and clicking Cancel Subscription in your account settings.\",\n\"Purchasing AVS Video Editor unlimited subscription, you acquire full access to the program without any time limitations\" : \"Purchasing AVS Video Editor unlimited subscription, you acquire full access to the program without any time limitations.\",\n\"There is no need to renew the subscription\" : \"There is no need to renew the subscription.\",\n\"Trim\" : \"Trim\",\n\"Crop\" : \"Crop\",\n\"Split\" : \"Split\",\n\"Join\" : \"Join\",\n\n\n\"***************************MONEYBACK****************************\" : \"*************************MONEYBACK******************************\",\n\"30 Days\" : \"30 Days \",\n\"Moneyback\" : \"Moneyback\",\n\"Guarantee\" : \" Guarantee\",\n\"In case you are not satisfied with the software bought from the wwwavs4youcom web site, you can have your money back within 30 days since the purchase\" : \"In case you are not satisfied with the software bought from the www.avs4you.com web site, you can have your money back within 30 days since the purchase.\",\n\"Learn more\" : \"LEARN MORE\",\n\"Moneyback rules\" : \"Moneyback rules\",\n\"The moneyback is applicable for all the subscription types (at the moment this includes the unlimited and the one-year subscription types)\" : \"The moneyback is applicable for all the subscription types (at the moment this includes the unlimited and the one-year subscription types).\",\n\"We reserve the right to suspend moneyback service at any moment Nevertheless all the requests for moneyback before this date will be accepted\" : \"We reserve the right to suspend moneyback service at any moment.
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2229703630.000000000018C000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: TfrmMain.IDS_6=<lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes.$<lnu><lau> equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2229703630.000000000018C000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: er un fichier de taille plus petite.$<lnu><lau>Cada video no podra superar 10 minutos de duracion y 1GB de tamano. A veces hay que esperar unos 30 minutos o mas hasta que un fichero demasiado grande aparezca en YouTube. Si sus ficheros son demasiado grandes, usted puede usar el <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> para cortar video o crear ficheros de menor tamano.$<lnu><lau>Ogni video pu equals www.youtube.com (Youtube)
Source: chromecache_249.21.dr	String found in binary or memory: s why this video editing software is a great choice for beginners. At the same time it is fully packed with advanced editing features such as color correction, video stabilization, overlay, chromakey and many others which will be handy for video experts as well.\",\n\t\"hrefRegister\" : \"https://www.avs4you.com/register.aspx\",\n\t\"japanTextVideoeditor\" : \" \",\n\t\"Reviewed and highly rated by\" : \"Reviewed and highly rated by\",\n\n\n\n\t\"***************************AVS Video Converter****************************\": \"*************************AVS Video Converter******************************\",\n\t\"Free Video Converter for Windows\" : \"Free Video Converter for Windows\",\n\t\"Convert any video with AVS Free Video Converter for Windows\": \"Convert any video with AVS Free Video Converter for Windows\",\n\t\"AVS Free Video Converter converts video files to all popular video formats MP4, DVD, MPEG, MOV, FLV and others absolutely free Download Free AVS Video Converter\": \"AVS Free Video Converter converts video files to all popular video formats MP4, DVD, MPEG, MOV and others absolutely free. Download Free AVS Video Converter\",\n\t\"Convert videos for iPhone, iPad, Android, Samsung, YouTube, Facebook, etc\" : \"Convert videos for iPhone, iPad, Android, Samsung, YouTube, Facebook, etc.\",\n\t\"free video converter, video to mp3, video converter, video download converter, video converter to mp4, avs video converter, avs4you, avs, avs converter, avs4u, video converter tool, video converter software, mp4 to mp3 converter, mp4 to avi converter, mp4 to 3gp converter, mp4 video converter, convert dvd, convert avi, convert mp4, convert wmv, convert mov, video file converter, dvd converter, convert mp4 to dvd, avi converter, video converting, video conversion\": \"free video converter, video to mp3, video converter, video download converter, video converter to mp4, avs video converter, avs4you, avs, avs converter, avs4u, video converter tool, video converter software, mp4 to mp3 converter, mp4 to avi converter, mp4 to 3gp converter, mp4 video converter, convert dvd, convert avi, convert mp4, convert wmv, convert mov, video file converter, dvd converter, convert mp4 to dvd, avi converter, video converting, video conversion\",\n\t\"Convert to from video formats MP4, DVD, AVI, WMV,MOV, MPEG4, VOB, FLV, MKV, MTS, 2K QHD, 4K UHD and DCI 4K etc fast and easily\": \"Convert from/to 150+ formats: MP4, MOV, MKV, WEBM, DVD, AVI, WMV, MPEG, M2TS, TS, 2K QHD, 4K UHD and DCI 4K, etc.\",\n\t\" equals www.facebook.com (Facebook)
Source: chromecache_249.21.dr	String found in binary or memory: s why this video editing software is a great choice for beginners. At the same time it is fully packed with advanced editing features such as color correction, video stabilization, overlay, chromakey and many others which will be handy for video experts as well.\",\n\t\"hrefRegister\" : \"https://www.avs4you.com/register.aspx\",\n\t\"japanTextVideoeditor\" : \" \",\n\t\"Reviewed and highly rated by\" : \"Reviewed and highly rated by\",\n\n\n\n\t\"***************************AVS Video Converter****************************\": \"*************************AVS Video Converter******************************\",\n\t\"Free Video Converter for Windows\" : \"Free Video Converter for Windows\",\n\t\"Convert any video with AVS Free Video Converter for Windows\": \"Convert any video with AVS Free Video Converter for Windows\",\n\t\"AVS Free Video Converter converts video files to all popular video formats MP4, DVD, MPEG, MOV, FLV and others absolutely free Download Free AVS Video Converter\": \"AVS Free Video Converter converts video files to all popular video formats MP4, DVD, MPEG, MOV and others absolutely free. Download Free AVS Video Converter\",\n\t\"Convert videos for iPhone, iPad, Android, Samsung, YouTube, Facebook, etc\" : \"Convert videos for iPhone, iPad, Android, Samsung, YouTube, Facebook, etc.\",\n\t\"free video converter, video to mp3, video converter, video download converter, video converter to mp4, avs video converter, avs4you, avs, avs converter, avs4u, video converter tool, video converter software, mp4 to mp3 converter, mp4 to avi converter, mp4 to 3gp converter, mp4 video converter, convert dvd, convert avi, convert mp4, convert wmv, convert mov, video file converter, dvd converter, convert mp4 to dvd, avi converter, video converting, video conversion\": \"free video converter, video to mp3, video converter, video download converter, video converter to mp4, avs video converter, avs4you, avs, avs converter, avs4u, video converter tool, video converter software, mp4 to mp3 converter, mp4 to avi converter, mp4 to 3gp converter, mp4 video converter, convert dvd, convert avi, convert mp4, convert wmv, convert mov, video file converter, dvd converter, convert mp4 to dvd, avi converter, video converting, video conversion\",\n\t\"Convert to from video formats MP4, DVD, AVI, WMV,MOV, MPEG4, VOB, FLV, MKV, MTS, 2K QHD, 4K UHD and DCI 4K etc fast and easily\": \"Convert from/to 150+ formats: MP4, MOV, MKV, WEBM, DVD, AVI, WMV, MPEG, M2TS, TS, 2K QHD, 4K UHD and DCI 4K, etc.\",\n\t\" equals www.youtube.com (Youtube)
Source: regsvr32.exe, 00000008.00000002.2097720419.000000000334A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/watch?v= equals www.youtube.com (Youtube)
Source: regsvr32.exe, 00000008.00000002.2097720419.000000000334A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/watch?v=Cej equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: www.avs4you.com
Source: global traffic	DNS traffic detected: DNS query: secure.avangate.com
Source: global traffic	DNS traffic detected: DNS query: secure.2checkout.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dev.visualwebsiteoptimizer.com
Source: global traffic	DNS traffic detected: DNS query: www.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: s.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: c.clarity.ms

Source: unknown

Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://avs4you.comdefresitavs4you.comavs4you.com/My
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/AVSRequest
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/AVSRequestP
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/Z
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/h
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/utf-8http://avsdop.com/AVSWebService/AVSRequestSOFTWARE
Source: Registration.exe, 00000009.00000003.2185938608.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185973886.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172021158.00000000021A0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171545162.000000000217C000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171531135.0000000002180000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172412820.00000000021A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171343419.000000000219C000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171511857.0000000002184000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171193252.0000000002198000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/
Source: Registration.tmp, 0000000A.00000003.2171560764.000000000218C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/4%
Source: Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171531135.0000000002180000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140037805.0000000002098000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136995709.0000000002210000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168713723.0000000001F84000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168755599.0000000001F88000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166620254.0000000002150000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/A
Source: Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172021158.00000000021A0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172412820.00000000021A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171343419.000000000219C000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171193252.0000000002198000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138413957.0000000002250000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136877808.0000000002249000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136924245.000000000224C000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/About
Source: Registration.exe, 00000009.00000003.2185938608.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171531135.0000000002180000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140037805.0000000002098000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140150875.000000000209C000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136976122.0000000002214000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168784667.0000000001F8C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168713723.0000000001F84000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/Acerca
Source: AVSUpdateManager.tmp, 00000010.00000003.2166693055.0000000002158000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/H5
Source: Registration.exe, 00000009.00000003.2185938608.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185973886.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171511857.0000000002184000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140037805.0000000002098000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140281048.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140150875.000000000209C000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136976122.0000000002214000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168784667.0000000001F8C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168820099.0000000001F90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/Informazioni
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140534216.00000000020A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/d
Source: Registration.exe, 00000009.00000003.2186006945.00000000020B4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/x(
Source: AVSYouTubeUploader.exe, 00000012.00000002.2922494111.00000000006E1000.00000004.00000001.01000000.00000010.sdmp	String found in binary or memory: http://reg.avs4you.com/prolongation/prol
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://reg.avs4you.com/prolongation/prolongation.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/prolongation/prolongation.aspx?Type=App&ProgID=72&URL=Prolong
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/prolongation/prolongation.aspxa
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136924245.000000000224C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Suppor
Source: AVS4YOUSoftwareNavigator.tmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Supporp
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Supporpo
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Support
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137136716.0000000000589000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Support~G
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/4)
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223269311.0000000000401000.00000020.00000001.01000000.00000010.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types
Source: Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167346208.0000000000618000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166481192.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166856160.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000002.2168076276.0000000000619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com#http://www.avs4you.com/support.aspx6http://www.avs4you.com/SoftwareNavigator/
Source: Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com)http://www.avs4you.com/support/index.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229337585.00000000021A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654724224.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/#http://www.avs4you.com/support.aspx0http://www.avs4you.com/AVS-YouTube-Uploa
Source: AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/.
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2245216281.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229221226.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/2
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/?Type=App&ProgId=72&URL=Main
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/?utm_medium=Navigator&utm_source=Navigator&utm_content=Main
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/?utm_medium=Navigator&utm_source=Navigator&utm_content=Mainopen
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137454297.0000000000546000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138910442.0000000000549000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/?utm_medium=Navigator&utm_source=Navigator&utm_content=Mains
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000005259000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspx9
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspxA
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspxI
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspxQ
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Converter.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Converter.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Editor.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Editor.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Grabber.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Grabber.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Mix.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Mix.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Recorder.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Recorder.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Cover-Editor.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Cover-Editor.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Authoring.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Authoring.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Copy.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Copy.aspxP
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000005259000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxY
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxi
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxq
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Disc-Creator.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Disc-Creator.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Image-Converter.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Image-Converter.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Media-Player.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Media-Player.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Mobile-Uploader.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Mobile-Uploader.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Photo-Editor.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Photo-Editor.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Registry-Cleaner.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Registry-Cleaner.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Ringtone-Maker.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Ringtone-Maker.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Slideshow-Maker.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Slideshow-Maker.aspxa
Source: Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-System-Cleaner.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-System-Info.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-System-Info.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-TV-Box.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-TV-Box.aspxP
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000C9D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Converter.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Converter.aspxopenhttp://youtube.com/signupUserNamePassHelpPathPath
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Converter6.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Converter6.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Editor4.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Editor4.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Recorder.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Recorder.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Remaker.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Remaker.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-Flash.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-Flash.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx)
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx1
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx9
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-YouTube-Uploader.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2245216281.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229221226.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-YouTube-Uploader.aspx.
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-YouTube-Uploader.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-iDevice-Explorer.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-iDevice-Explorer.aspxa
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSAudioConverter.exe?utm_medium=Navigator&utm_source=Navigator&utm
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSAudioEditor.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSAudioRecorder.exe?utm_medium=Navigator&utm_source=Navigator&utm_
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSDVDAuthoring.exe?utm_medium=Navigator&utm_source=Navigator&utm_c
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSDVDCopy.exe?utm_medium=Navigator&utm_source=Navigator&utm_conten
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSDiscCreator.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSFirewall.exe?utm_medium=Navigator&utm_source=Navigator&utm_conte
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSMediaPlayer.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSMusicMix.exe?utm_medium=Navigator&utm_source=Navigator&utm_conte
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSRegistryCleaner.exe?utm_medium=Navigator&utm_source=Navigator&ut
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSRingtoneMaker.exe?utm_medium=Navigator&utm_source=Navigator&utm_
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSSystemInfo.exe?utm_medium=Navigator&utm_source=Navigator&utm_con
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoConverter.exe?utm_medium=Navigator&utm_source=Navigator&utm
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoEditor.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoReMaker.exe?utm_medium=Navigator&utm_source=Navigator&utm_c
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoRecorder.exe?utm_medium=Navigator&utm_source=Navigator&utm_
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138044565.00000000021F5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideotoFlash.exe?utm_medium=Navigator&utm_source=Navigator&utm_c
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideotoGO.exe?utm_medium=Navigator&utm_source=Navigator&utm_cont
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideotoPSP.exe?utm_medium=Navigator&utm_source=Navigator&utm_con
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideotoiPod.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/Encrypted-DVD.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Encrypted-DVD.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Encrypted-DVD.aspxy
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138044565.00000000021F5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Guides/index.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Guide
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/OnlineHelp/index.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=O
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspt
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register%/
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register:
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterJ
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterX
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerb
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registercoll
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229435648.000000000057C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230192487.000000000057F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerhttp://www.avs4you.com
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registern.
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerse_P
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerste
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000BEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?utm_medium=Register&utm_source=Navigator&utm_content=Register
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?utm_medium=Register&utm_source=Navigator&utm_content=RegisterPa
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/SoftwareNavigator/Download.aspx
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/SoftwareNavigator/Download.aspx2
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137136716.0000000000589000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/SoftwareNavigator/Download.aspx~
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/audio.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Audio
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/?Type=App&ProgId=72&URL=Main
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2229703630.000000000018C000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043E7000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043C8000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2928475760.0000000004553000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000042F2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/AVS-Video-Converter.aspx
Source: Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/Register.aspxx
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/disc.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=D
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/disc.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Dis
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/disc.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Disk
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/disc.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Diskpk&
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSArchiver.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSArchiver.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioConverter.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioConverter.exe9
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioEditor.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioEditor.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioGrabber.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioGrabber.exeq
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioGrabber.exey
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioMix.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioMix.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioRecorder.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioRecorder.exe)
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioRecorder.exe1
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSCoverEditor.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSCoverEditor.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDAuthoring.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDAuthoring.exeA
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDAuthoring.exeI
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDCopy.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDCopy.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDPlayer.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDPlayer.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDiscCreator.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDiscCreator.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSImageConverter.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSImageConverter.exeq
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMediaPlayer.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMediaPlayer.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exeI
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exeQ
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exeY
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSPhotoEditor.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSPhotoEditor.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSRegistryCleaner.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSRegistryCleaner.exe9
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSRingtoneMaker.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSRingtoneMaker.exei
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSlideshowMaker.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSlideshowMaker.exe)
Source: Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSystemCleaner.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSystemInfo.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSystemInfo.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSTVBox.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSTVBox.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoConverter6.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoConverter6.exeI
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoEditor4.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoEditor4.exeQ
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoEditor4.exeY
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRecorder.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRecorder.exeQ
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRemaker.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRemaker.exei
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRemaker.exeq
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoFlash.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoFlash.exe)
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoFlash.exey
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoGo.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoGo.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSYouTubeUploader.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSYouTubeUploader.exe1
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSYouTubeUploader.exeA
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSiDeviceExplorer.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSiDeviceExplorer.exea
Source: AVSUpdateManager.tmp, 00000010.00000003.2166716303.000000000215C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/update/UpdateList.x
Source: AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/update/UpdateList.xml
Source: AVSUpdateManager.tmp, 00000010.00000003.2167346208.0000000000618000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166481192.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166856160.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000002.2168076276.0000000000619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/update/UpdateList.xml0t
Source: AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/update/UpdateList.xmlUpdateList.xmlUpdateList.xmlUpdateList.xmlAVS.
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228894355.0000000002164000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/wmfdist.ex
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/wmfdist.exe
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/?Type=App&ProgId=72&URL=Main
Source: Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/Register.aspx?Type=Install&ProgID=72&URL=Register
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/Register.aspxx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/fr/?Type=App&ProgId=72&URL=Main
Source: Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/fr/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/fr/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/fr/Register.aspxx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000265F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/index.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2922850333.00000000006F1000.00000004.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2922494111.00000000006E1000.00000004.00000001.01000000.00000010.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/index.aspxhttp://www.avs4you.com/support.aspxhttp://www.avs4you.com/Encrypted
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000265F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/index.aspxq
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/it/?Type=App&ProgId=72&URL=Main
Source: Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/it/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/it/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/it/Register.aspxx
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/mobile.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Mobile
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/register.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/register.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000265F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654724224.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspx0
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspx6
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000265F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspxA
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2245216281.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229221226.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspxB
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspxF
Source: Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167346208.0000000000618000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166481192.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166856160.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000002.2168076276.0000000000619000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support/index.aspx
Source: AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support/index.aspx&
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/system-utilities.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=S
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/video.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Video
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com2
Source: Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com:
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137136716.0000000000589000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com_
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000C8E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxAVS4YOU
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxAVS4YOUSoftwareNavigatorTSoftwareNavigatorMainFormAV
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxOnline
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxProductIDSOFTWARE
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2233071754.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654724224.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2233312922.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2232960458.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228842588.0000000002158000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avsmedia.com/
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types0t
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesc0da53f
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesc0da53k
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesde1097d
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesgdiplum
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesmmon-cm
Source: AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: AVSUpdateManager.tmp, AVSUpdateManager.tmp, 00000010.00000000.2155537547.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, is-7IQCS.tmp.1.dr	String found in binary or memory: http://www.innosetup.com/
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.regnow.com/softsell/nph-softsell.cgi?item=
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655618164.00000000020C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655422820.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000000.1656101245.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Registration.exe, 00000009.00000003.2099523510.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099803134.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, Registration.tmp, 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125525259.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125355086.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138693801.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2153287660.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2154854250.0000000001F94000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, AVSUpdateManager.tmp, 00000010.00000000.2155537547.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, is-7IQCS.tmp.1.dr	String found in binary or memory: http://www.remobjects.com/?ps
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655618164.00000000020C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655422820.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000000.1656101245.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Registration.exe, 00000009.00000003.2099523510.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099803134.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125525259.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125355086.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138693801.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2153287660.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2154854250.0000000001F94000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000000.2155537547.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, is-7IQCS.tmp.1.dr	String found in binary or memory: http://www.remobjects.com/?psU
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://youtube.com/signup
Source: chromecache_249.21.dr	String found in binary or memory: https://developers.google.com/analytics/resources/concepts/gaConceptsTrackingOverview
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1pL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2pL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWSw
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWT4
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV0
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV4
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV8
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVA
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVI
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVM
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVQ
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVw
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_249.21.dr	String found in binary or memory: https://onlinehelpstaticcontents.avs4you.com/downloads/documents/refund.pdf
Source: chromecache_249.21.dr	String found in binary or memory: https://store.avs4you.com/order/checkout.php?PRODS=604110&QTY=1&CART=1&CARD=2&SHORT_FORM=1&CURRENCY=
Source: chromecache_249.21.dr	String found in binary or memory: https://store.avs4you.com/order/checkout.php?PRODS=604132&QTY=1&CART=1&CARD=2&SHORT_FORM=1&CURRENCY=
Source: chromecache_249.21.dr	String found in binary or memory: https://store.avs4you.com/order/checkout.php?PRODS=604132&QTY=1&CART=1&CARD=2&SHORT_FORM=1&LANGUAGES
Source: chromecache_249.21.dr	String found in binary or memory: https://www.avs4you.com/register.aspx
Source: chromecache_249.21.dr	String found in binary or memory: https://www.onlyoffice.com/download-desktop.aspx?utm_source=email&utm_medium=email&utm_campaign=avs-

Source: unknown	Network traffic detected: HTTP traffic on port 60598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60655 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60617 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60652
Source: unknown	Network traffic detected: HTTP traffic on port 60706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60659
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60658
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60657
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60656
Source: unknown	Network traffic detected: HTTP traffic on port 60641 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60655
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60658 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60706
Source: unknown	Network traffic detected: HTTP traffic on port 60637 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60612 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60663
Source: unknown	Network traffic detected: HTTP traffic on port 60644 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60662
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60661
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60660
Source: unknown	Network traffic detected: HTTP traffic on port 60696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60669 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60669
Source: unknown	Network traffic detected: HTTP traffic on port 60661 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60668
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60667
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60700
Source: unknown	Network traffic detected: HTTP traffic on port 60623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60657 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60615 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60638 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60674
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60673
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60671
Source: unknown	Network traffic detected: HTTP traffic on port 60691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60643 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60678
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60677
Source: unknown	Network traffic detected: HTTP traffic on port 60610 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60607
Source: unknown	Network traffic detected: HTTP traffic on port 60652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60595 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60618 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60683
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60680
Source: unknown	Network traffic detected: HTTP traffic on port 60694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60629 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60663 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60621 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60687
Source: unknown	Network traffic detected: HTTP traffic on port 60680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60619
Source: unknown	Network traffic detected: HTTP traffic on port 60659 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60618
Source: unknown	Network traffic detected: HTTP traffic on port 60594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60613 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60695
Source: unknown	Network traffic detected: HTTP traffic on port 60645 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60694
Source: unknown	Network traffic detected: HTTP traffic on port 60697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60668 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60617
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60616
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60615
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60613
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60612
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60611
Source: unknown	Network traffic detected: HTTP traffic on port 60607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60610
Source: unknown	Network traffic detected: HTTP traffic on port 60622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60698
Source: unknown	Network traffic detected: HTTP traffic on port 60633 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60597 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60629
Source: unknown	Network traffic detected: HTTP traffic on port 60616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60628
Source: unknown	Network traffic detected: HTTP traffic on port 60640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60627
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60625
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60623
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60622
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60621
Source: unknown	Network traffic detected: HTTP traffic on port 60682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60611 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60598
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60597
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60630
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60596
Source: unknown	Network traffic detected: HTTP traffic on port 60619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60595
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60594
Source: unknown	Network traffic detected: HTTP traffic on port 60695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60639
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60638
Source: unknown	Network traffic detected: HTTP traffic on port 60628 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60637
Source: unknown	Network traffic detected: HTTP traffic on port 60662 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60633
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60632
Source: unknown	Network traffic detected: HTTP traffic on port 60656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60639 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60642
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60641
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60640
Source: unknown	Network traffic detected: HTTP traffic on port 60673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60667 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60649
Source: unknown	Network traffic detected: HTTP traffic on port 60625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60642 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60645
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60644
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60643

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.164.15:443 -> 192.168.2.4:60594 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:60595 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:60596 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:60597 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:60598 version: TLS 1.2

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00423B2C NtdllDefWindowProc_A,	1_2_00423B2C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004722D4 NtdllDefWindowProc_A,	1_2_004722D4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00412580 NtdllDefWindowProc_A,	1_2_00412580
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0042ED38 NtdllDefWindowProc_A,	1_2_0042ED38
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	1_2_004551F4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0042ED38 NtdllDefWindowProc_A,	10_2_0042ED38
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00423B2C NtdllDefWindowProc_A,	10_2_00423B2C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004722D4 NtdllDefWindowProc_A,	10_2_004722D4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00412580 NtdllDefWindowProc_A,	10_2_00412580
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	10_2_004551F4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00423B2C NtdllDefWindowProc_A,	14_2_00423B2C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004722D4 NtdllDefWindowProc_A,	14_2_004722D4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00412580 NtdllDefWindowProc_A,	14_2_00412580
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0042ED38 NtdllDefWindowProc_A,	14_2_0042ED38
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	14_2_004551F4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00423B2C NtdllDefWindowProc_A,	16_2_00423B2C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004722D4 NtdllDefWindowProc_A,	16_2_004722D4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00412580 NtdllDefWindowProc_A,	16_2_00412580
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0042ED38 NtdllDefWindowProc_A,	16_2_0042ED38
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	16_2_004551F4

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_0042E6CC: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,

1_2_0042E6CC

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	0_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	1_2_00453AF8
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: 9_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	9_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	10_2_00453AF8
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: 12_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	12_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	14_2_00453AF8
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: 15_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	15_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	16_2_00453AF8

Creates files inside the system directory

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-59604.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-45HP1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-QQFVQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-AOVL1.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4d11bc.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{7299052b-02a4-4627-81f2-1818da5d550d}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI146C.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A39.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.0\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.0\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.1\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.1\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.0\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.0\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.1\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.1\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844835.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844835.0\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844835.0\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4d11bf.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4d11bf.msi	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI146C.tmp

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004082E8	0_2_004082E8
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00462994	1_2_00462994
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0046AC90	1_2_0046AC90
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004797C1	1_2_004797C1
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00485FE0	1_2_00485FE0
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004800E8	1_2_004800E8
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0044416C	1_2_0044416C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004305D0	1_2_004305D0
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00444864	1_2_00444864
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004588EC	1_2_004588EC
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0046498C	1_2_0046498C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00434A2C	1_2_00434A2C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00444C70	1_2_00444C70
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0047F238	1_2_0047F238
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0043D44C	1_2_0043D44C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045B694	1_2_0045B694
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0042FB74	1_2_0042FB74
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00443BC4	1_2_00443BC4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00433D28	1_2_00433D28
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: 9_2_004082E8	9_2_004082E8
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00462994	10_2_00462994
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0046AC90	10_2_0046AC90
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004797C1	10_2_004797C1
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00485FE0	10_2_00485FE0
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004800E8	10_2_004800E8
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0044416C	10_2_0044416C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004305D0	10_2_004305D0
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00444864	10_2_00444864
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004588EC	10_2_004588EC
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0046498C	10_2_0046498C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00434A2C	10_2_00434A2C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00444C70	10_2_00444C70
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0047F238	10_2_0047F238
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0043D44C	10_2_0043D44C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045B694	10_2_0045B694
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0042FB74	10_2_0042FB74
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00443BC4	10_2_00443BC4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00433D28	10_2_00433D28
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: 12_2_004082E8	12_2_004082E8
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00462994	14_2_00462994
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0046AC90	14_2_0046AC90
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004797C1	14_2_004797C1
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00485FE0	14_2_00485FE0
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004800E8	14_2_004800E8
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0044416C	14_2_0044416C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004305D0	14_2_004305D0
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00444864	14_2_00444864
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004588EC	14_2_004588EC
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0046498C	14_2_0046498C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00434A2C	14_2_00434A2C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00444C70	14_2_00444C70
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0047F238	14_2_0047F238
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0043D44C	14_2_0043D44C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045B694	14_2_0045B694
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0042FB74	14_2_0042FB74
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00443BC4	14_2_00443BC4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00433D28	14_2_00433D28
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: 15_2_004082E8	15_2_004082E8
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00462994	16_2_00462994
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0046AC90	16_2_0046AC90
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004797C1	16_2_004797C1
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004800E8	16_2_004800E8
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0044416C	16_2_0044416C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004305D0	16_2_004305D0
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00444864	16_2_00444864
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004588EC	16_2_004588EC
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0046498C	16_2_0046498C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00434A2C	16_2_00434A2C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00444C70	16_2_00444C70
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0047F238	16_2_0047F238
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0043D44C	16_2_0043D44C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045B694	16_2_0045B694
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0042FB74	16_2_0042FB74
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00443BC4	16_2_00443BC4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00433D28	16_2_00433D28
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00485FE0	16_2_00485FE0

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00405964 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 004454D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00407894 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00433C40 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00455970 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00451AC0 appears 72 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00455B70 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 004457A0 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00403684 appears 204 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00408BAC appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00405964 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 004454D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00407894 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00433C40 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00455970 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00451AC0 appears 72 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00455B70 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 004457A0 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00403684 appears 204 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00408BAC appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00405964 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 004454D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00407894 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00433C40 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00455970 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00451AC0 appears 72 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00455B70 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 004457A0 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00403684 appears 204 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00408BAC appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00405964 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 004454D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00407894 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00433C40 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00455970 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00451AC0 appears 72 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00455B70 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 004457A0 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00403684 appears 204 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00408BAC appears 44 times

PE / OLE file has an invalid certificate

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Static PE information: invalid certificate

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-H552E.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-74BKC.tmp.10.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: is-HAFFP.tmp.10.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped

PE file does not import any functions

Source: mfc80CHS.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80DEU.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80ESP.dll.6.dr	Static PE information: No import functions for PE file found
Source: is-AOVL1.tmp.1.dr	Static PE information: No import functions for PE file found
Source: mfc80FRA.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80ITA.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80KOR.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80CHT.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80ENU.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80JPN.dll.6.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655618164.00000000020C0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655422820.0000000002310000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Uses 32bit PE files

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: _RegDLL.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: _RegDLL.tmp.10.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: clean9.winEXE@44/266@12/10

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	0_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	1_2_00453AF8
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: 9_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	9_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	10_2_00453AF8
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: 12_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	12_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	14_2_00453AF8
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: 15_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	15_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	16_2_00453AF8

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_00454320 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,

1_2_00454320

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Code function: 0_2_00409A04 FindResourceA,SizeofResource,LoadResource,LockResource,

0_2_00409A04

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

File created: C:\Program Files (x86)\AVS4YOU

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\AVS YouTube Uploader.lnk

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

File created: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp

Jump to behavior

Source: Yara match	File source: 18.0.AVSYouTubeUploader.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.0.AVSUpdateManager.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000000.2272634371.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.2223269311.0000000000401000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2165588256.0000000005259000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-U55IL.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\AVS4YOU\is-G618K.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-1O3D5.tmp, type: DROPPED

Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Process created: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp "C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp" /SL5="$1044A,10568020,53248,C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredist.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 82837F4300B66549CD108A749FF00E18
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll"
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Process created: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp "C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp" /SL5="$304A0,5538535,53248,C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Process created: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp "C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp" /SL5="$104D6,1455797,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Process created: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp "C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp" /SL5="$A04F2,1689432,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ATL.dll"
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1968,i,9419666226059867181,14086244882520364381,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Process created: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp "C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp" /SL5="$1044A,10568020,53248,C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredist.msi"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ATL.dll"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 82837F4300B66549CD108A749FF00E18	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Process created: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp "C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp" /SL5="$304A0,5538535,53248,C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Process created: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp "C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp" /SL5="$104D6,1455797,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Process created: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp "C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp" /SL5="$A04F2,1689432,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1968,i,9419666226059867181,14086244882520364381,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: atl.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: olepro32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: textshaping.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: riched32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: riched20.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: usp10.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: msls31.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: acgenral.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: mpr.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: aclayers.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: sfc.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: sfc_os.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: olepro32.dll

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: AVS YouTube Uploader.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe
Source: AVS YouTube Uploader.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe
Source: AVS YouTube Uploader.lnk1.1.dr	LNK file: ..\..\..\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe
Source: Activation.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\AVS4YOU\Registration.exe
Source: Uninstall.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\AVS4YOU\Uninstall.exe
Source: License Agreement.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\AVS4YOU\License Agreement.rtf
Source: Help.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\AVS4YOU\AVS4YOUHelp.chm
Source: Repair.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Common Files\AVSMedia\ActiveX\Repairing.exe

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Automated click: Continue

Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Static file information: File size 10891576 > 1048576

Source: C:\Windows\System32\msiexec.exe

File opened: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll

Jump to behavior

Source:	Binary string: vcomp.i386.pdb source: vcomp.dll.6.dr
Source:	Binary string: MFCM80U.i386.pdb source: mfcm80u.dll.6.dr
Source:	Binary string: vcomp.i386.pdbp source: vcomp.dll.6.dr
Source:	Binary string: msvcp70.pdb source: is-QQFVQ.tmp.1.dr

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

1_2_0044AD34

Registers a DLL

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll"

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00406518 push 00406555h; ret	0_2_0040654D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004040B5 push eax; ret	0_2_004040F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00404185 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00404206 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_0040C218 push eax; ret	0_2_0040C219
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004042E8 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00404283 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00408D90 push 00408DC3h; ret	0_2_00408DBB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00407FE0 push ecx; mov dword ptr [esp], eax	0_2_00407FE5
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004098EC push 00409929h; ret	1_2_00409921
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004062CC push ecx; mov dword ptr [esp], eax	1_2_004062CD
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004305D0 push ecx; mov dword ptr [esp], eax	1_2_004305D5
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00410678 push ecx; mov dword ptr [esp], edx	1_2_0041067D
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004128D0 push 00412933h; ret	1_2_0041292B
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0047C88C push 0047C96Ah; ret	1_2_0047C962
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00450A78 push 00450AABh; ret	1_2_00450AA3
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00442B3C push ecx; mov dword ptr [esp], ecx	1_2_00442B40
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040CFD0 push ecx; mov dword ptr [esp], edx	1_2_0040CFD2
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004573DC push 00457420h; ret	1_2_00457418
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045B38C push ecx; mov dword ptr [esp], eax	1_2_0045B391
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040546D push eax; ret	1_2_004054A9
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040F530 push ecx; mov dword ptr [esp], edx	1_2_0040F532
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040553D push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004715E8 push ecx; mov dword ptr [esp], edx	1_2_004715E9
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004055BE push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040563B push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004056A0 push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00419BD0 push ecx; mov dword ptr [esp], ecx	1_2_00419BD5
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00455C0C push 00455C44h; ret	1_2_00455C3C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0047DEE0 push ecx; mov dword ptr [esp], ecx	1_2_0047DEE5
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00409FE7 push ds; ret	1_2_00409FE8

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-45HP1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\Repairing.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\Updater.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msxml3a.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-7IQCS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\AVS4YOU\Registration.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-DS07H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-59604.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-1O3D5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\AVS4YOU\Uninstall.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI146C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-H0AS6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BAU28.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-74BKC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-62FLE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-QQFVQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\AVS4YOU\is-G618K.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateOptions.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcp70.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\AVS4YOU\is-JBP6O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-AOVL1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcr70.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	File created: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	File created: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-HAFFP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-PEHBR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	Jump to dropped file
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	File created: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Jump to dropped file
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	File created: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-VRG54.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-H552E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-U55IL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_setup64.tmp	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-QQFVQ.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-45HP1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcp70.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-AOVL1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcr70.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msxml3a.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-59604.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI146C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Video	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Video\AVS YouTube Uploader.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Activation.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Uninstall.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\License Agreement.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Help.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Repair.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\AVS4YOU Software Navigator.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\AVS Update Manager.lnk

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	1_2_00422804
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0042413C IsIconic,SetActiveWindow,	1_2_0042413C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00424184 IsIconic,SetActiveWindow,SetFocus,	1_2_00424184
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	1_2_0047C25C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	1_2_0041832C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00417540 IsIconic,GetCapture,	1_2_00417540
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00417C76 IsIconic,SetWindowPos,	1_2_00417C76
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	1_2_00417C78
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	10_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	10_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0042413C IsIconic,SetActiveWindow,	10_2_0042413C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00424184 IsIconic,SetActiveWindow,SetFocus,	10_2_00424184
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	10_2_0047C25C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	10_2_0041832C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	10_2_00422804
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00417540 IsIconic,GetCapture,	10_2_00417540
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00417C76 IsIconic,SetWindowPos,	10_2_00417C76
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	10_2_00417C78
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	14_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	14_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0042413C IsIconic,SetActiveWindow,	14_2_0042413C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00424184 IsIconic,SetActiveWindow,SetFocus,	14_2_00424184
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	14_2_0047C25C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	14_2_0041832C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	14_2_00422804
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00417540 IsIconic,GetCapture,	14_2_00417540
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00417C76 IsIconic,SetWindowPos,	14_2_00417C76
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	14_2_00417C78
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	16_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	16_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0042413C IsIconic,SetActiveWindow,	16_2_0042413C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00424184 IsIconic,SetActiveWindow,SetFocus,	16_2_00424184
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	16_2_0047C25C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	16_2_0041832C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	16_2_00422804
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00417540 IsIconic,GetCapture,	16_2_00417540
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00417C76 IsIconic,SetWindowPos,	16_2_00417C76
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	16_2_00417C78

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

1_2_0044AD34

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-45HP1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\Repairing.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\Updater.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\msxml3a.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-7IQCS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\Registration.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-DS07H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-59604.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\Registration\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\Uninstall.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI146C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-H0AS6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BAU28.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-62FLE.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-QQFVQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\is-G618K.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateOptions.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\msvcp70.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\is-JBP6O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\msvcr70.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-AOVL1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-PEHBR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-VRG54.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_setup64.tmp	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Evasive API call chain: GetSystemTime,DecisionNodes

Is looking for software installed on the system

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Registry key enumerated: More than 105 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	1_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004511DC FindFirstFileA,GetLastError,	1_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	1_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	10_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	10_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004511DC FindFirstFileA,GetLastError,	10_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	10_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	10_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	10_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	10_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	10_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	14_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	14_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004511DC FindFirstFileA,GetLastError,	14_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	14_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	14_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	14_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	14_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	14_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	16_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	16_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004511DC FindFirstFileA,GetLastError,	16_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	16_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	16_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	16_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	16_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	16_2_0045DE20

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Code function: 0_2_00409948 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

0_2_00409948

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Enterprise without Hyper-V (full installation)
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Microsoft Hyper-V Server
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Datacenter without Hyper-V (full installation)
Source: AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: pkernel32.dllGetProductInfoBusinessBusiness NHPC EditionServer Datacenter (full installation)Server Datacenter (core installation)Server Datacenter without Hyper-V (core installation)Server Datacenter without Hyper-V (full installation)EnterpriseEnterprise NServer Enterprise (full installation)Server Enterprise (core installation)Server Enterprise without Hyper-V (core installation)Server Enterprise for Itanium-based SystemsServer Enterprise without Hyper-V (full installation)Home BasicHome Basic NHome PremiumHome Premium NMicrosoft Hyper-V ServerWindows Essential Business Server Management ServerWindows Essential Business Server Messaging ServerWindows Essential Business Server Security ServerWindows Server 2008 for Windows Essential Server SolutionsWindows Server 2008 without Hyper-V for Windows Essential Server SolutionsWindows Small Business ServerServer Standard (full installation)Server Standard (core installation)Server Standard without Hyper-V (core installation)Server Standard without Hyper-V (full installation)StarterStorage Server EnterpriseStorage Server ExpressStorage Server StandardStorage Server WorkgroupUltimateUltimate NWeb Server (full installation)Web Server (core installation)Microsoft Windows 7Microsoft Windows VistaWindows Server "Longhorn"kernel32.dllGetNativeSystemInfoMicrosoft Windows Server 2003 "R2"Microsoft Windows XP Professional x64 EditionMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows NTMajorVersion: MinorVersion: Workstation 4.0 Home Edition Professional Datacenter Edition for Itanium-based Systems Enterprise Edition for Itanium-based Systems Datacenter x64 Edition Enterprise x64 EditionStandard x64 Edition Datacenter Edition Enterprise Edition Web Edition Standard Edition Datacenter Server Advanced Server Server Server 4.0, Enterprise Edition Server 4.0SYSTEM\CurrentControlSet\Control\ProductOptionsProductTypeWINNT WorkstationLANMANNT ServerSERVERNT Advanced Server .Service Pack 6SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009Service Pack 6a (Build ) (Build ) (Build ) Microsoft Windows 95 OSR2 Microsoft Windows 98 SE Microsoft Windows Millennium EditionMicrosoft Win32sBytesKBMBGB0.00 _%03dSeShutdownPrivilege deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly D
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Enterprise without Hyper-V (core installation)
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Standard without Hyper-V (core installation)
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: 4lrkernel32.dllGetProductInfoBusinessBusiness NHPC EditionServer Datacenter (full installation)Server Datacenter (core installation)Server Datacenter without Hyper-V (core installation)Server Datacenter without Hyper-V (full installation)EnterpriseEnterprise NServer Enterprise (full installation)Server Enterprise (core installation)Server Enterprise without Hyper-V (core installation)Server Enterprise for Itanium-based SystemsServer Enterprise without Hyper-V (full installation)Home BasicHome Basic NHome PremiumHome Premium NMicrosoft Hyper-V ServerWindows Essential Business Server Management ServerWindows Essential Business Server Messaging ServerWindows Essential Business Server Security ServerWindows Server 2008 for Windows Essential Server SolutionsWindows Server 2008 without Hyper-V for Windows Essential Server SolutionsWindows Small Business ServerServer Standard (full installation)Server Standard (core installation)Server Standard without Hyper-V (core installation)Server Standard without Hyper-V (full installation)StarterStorage Server EnterpriseStorage Server ExpressStorage Server StandardStorage Server WorkgroupUltimateUltimate NWeb Server (full installation)Web Server (core installation)Microsoft Windows 7Microsoft Windows VistaWindows Server "Longhorn"kernel32.dllGetNativeSystemInfoMicrosoft Windows Server 2003 "R2"Microsoft Windows XP Professional x64 EditionMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows NTMajorVersion: MinorVersion: Workstation 4.0 Home Edition Professional Datacenter Edition for Itanium-based Systems Enterprise Edition for Itanium-based Systems Datacenter x64 Edition Enterprise x64 EditionStandard x64 Edition Datacenter Edition Enterprise Edition Web Edition Standard Edition Datacenter Server Advanced Server Server Server 4.0, Enterprise Edition Server 4.0SYSTEM\CurrentControlSet\Control\ProductOptionsProductTypeWINNT WorkstationLANMANNT ServerSERVERNT Advanced Server .Service Pack 6SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009Service Pack 6a (Build ) (Build ) (Build ) Microsoft Windows 95 OSR2 Microsoft Windows 98 SE Microsoft Windows Millennium EditionMicrosoft Win32sBytesKBMBGB0.00 _%03dSeShutdownPrivilege
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Datacenter without Hyper-V (core installation)
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Windows Server 2008 without Hyper-V for Windows Essential Server Solutions
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Standard without Hyper-V (full installation)

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

1_2_0044AD34

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_00471D70 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,

1_2_00471D70

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredist.msi"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_0045A0E8 GetVersion,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,AllocateAndInitializeSid,GetLastError,LocalFree,

1_2_0045A0E8

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: GetLocaleInfoA,	0_2_0040515C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: GetLocaleInfoA,	0_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: GetLocaleInfoA,	1_2_00408508
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: GetLocaleInfoA,	1_2_00408554
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: GetLocaleInfoA,	9_2_0040515C
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: GetLocaleInfoA,	9_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: GetLocaleInfoA,	10_2_00408508
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: GetLocaleInfoA,	10_2_00408554
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: GetLocaleInfoA,	12_2_0040515C
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: GetLocaleInfoA,	12_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: GetLocaleInfoA,	14_2_00408508
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: GetLocaleInfoA,	14_2_00408554
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: GetLocaleInfoA,	15_2_0040515C
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: GetLocaleInfoA,	15_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: GetLocaleInfoA,	16_2_00408508
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: GetLocaleInfoA,	16_2_00408554

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

1_2_004566B8

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Code function: 0_2_004026C4 GetSystemTime,

0_2_004026C4

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_00453AB0 GetUserNameA,

1_2_00453AB0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Code function: 0_2_00405C44 GetVersionExA,

0_2_00405C44

Windows Analysis Report
SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

ID:	1447253
Product:	CloudBasic
Start time:	17:37:13
Start date:	24.05.2024
Sample:	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	166dffbe964c48c778e24617ec1a683d
SHA1:	463813d3e78537dce33dffe1adcfcaaab2b7f3a5
SHA256:	97d5ae489ea5268f5ac420ec13e5e2b15b9ea69d6a61ee5c70b39a23dda9e7d0
Filetype:	Win32 Executable (generic) a (10002005/4) 98.86%

Windows Analysis Report SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe