Edit tour

Windows Analysis Report
SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe
Analysis ID:	1447253
MD5:	166dffbe964c48c778e24617ec1a683d
SHA1:	463813d3e78537dce33dffe1adcfcaaab2b7f3a5
SHA256:	97d5ae489ea5268f5ac420ec13e5e2b15b9ea69d6a61ee5c70b39a23dda9e7d0
Tags:	exe
Infos:

Detection

Score:	9
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Checks for available system drives (often done to infect USB drives)

Contains functionality to call native functions

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to query locales information (e.g. system language)

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found potential string decryption / allocating functions

HTML body with high number of embedded images detected

HTML body with high number of large embedded background images detected

IP address seen in connection with other malware

Is looking for software installed on the system

JA3 SSL client fingerprint seen in connection with other malware

PE / OLE file has an invalid certificate

PE file contains executable resources (Code or Archives)

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Registers a DLL

Sample file is different than original file name gathered from version info

Sigma detected: Use NTFS Short Name in Command Line

Sigma detected: Use Short Name Path in Command Line

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe (PID: 6896 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe" MD5: 166DFFBE964C48C778E24617EC1A683D)

SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp (PID: 6008 cmdline: "C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp" /SL5="$1044A,10568020,53248,C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe" MD5: 52950AC9E2B481453082F096120E355A)

msiexec.exe (PID: 2648 cmdline: "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredist.msi" MD5: 9D09DC1EDA745A5F87553048E57620CF)

regsvr32.exe (PID: 6484 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

Registration.exe (PID: 5812 cmdline: "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en MD5: 23BF66DE2827671BB16D26A077D530B7)

Registration.tmp (PID: 6564 cmdline: "C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp" /SL5="$304A0,5538535,53248,C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en MD5: 52950AC9E2B481453082F096120E355A)

AVS4YOUSoftwareNavigator.exe (PID: 6400 cmdline: "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en MD5: 097CF14425923F9A4A72C775E768F381)

AVS4YOUSoftwareNavigator.tmp (PID: 792 cmdline: "C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp" /SL5="$104D6,1455797,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en MD5: 52950AC9E2B481453082F096120E355A)

AVSUpdateManager.exe (PID: 5260 cmdline: "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en MD5: C8814999AA2AAE4F1FF915C4B0B40912)

AVSUpdateManager.tmp (PID: 4320 cmdline: "C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp" /SL5="$A04F2,1689432,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en MD5: 52950AC9E2B481453082F096120E355A)

regsvr32.exe (PID: 2024 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ATL.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

AVSYouTubeUploader.exe (PID: 3588 cmdline: "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe" MD5: 9EE026F5D3E90F185BF63530B6EE430F)

AVSUpdateManager.exe (PID: 6712 cmdline: C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78 MD5: 944C112343725E72E627CF8DBC5C4AE0)

chrome.exe (PID: 3904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1968,i,9419666226059867181,14086244882520364381,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msiexec.exe (PID: 3052 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 5724 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 82837F4300B66549CD108A749FF00E18 MD5: 9D09DC1EDA745A5F87553048E57620CF)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-U55IL.tmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
C:\Program Files (x86)\AVS4YOU\is-G618K.tmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-1O3D5.tmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
00000016.00000000.2272634371.0000000000401000.00000020.00000001.01000000.00000013.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
00000012.00000000.2223269311.0000000000401000.00000020.00000001.01000000.00000010.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
00000010.00000003.2165588256.0000000005259000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
18.0.AVSYouTubeUploader.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
22.0.AVSUpdateManager.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Sigma Signatures

Sigma detected: Use NTFS Short Name in Command Line

Source: Process started

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78, CommandLine: C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78, CommandLine|base64offset|contains: , Image: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe, NewProcessName: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe, OriginalFileName: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe, ParentCommandLine: "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe", ParentImage: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe, ParentProcessId: 3588, ParentProcessName: AVSYouTubeUploader.exe, ProcessCommandLine: C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78, ProcessId: 6712, ProcessName: AVSUpdateManager.exe

Sigma detected: Use Short Name Path in Command Line

Source: Process started

Author: frack113, Nasreddine Bencherchali: Data: Command: C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78, CommandLine: C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78, CommandLine|base64offset|contains: , Image: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe, NewProcessName: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe, OriginalFileName: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe, ParentCommandLine: "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe", ParentImage: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe, ParentProcessId: 3588, ParentProcessName: AVSYouTubeUploader.exe, ProcessCommandLine: C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78, ProcessId: 6712, ProcessName: AVSUpdateManager.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register

HTTP Parser: Total embedded image size: 34780

Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register

HTTP Parser: Total embedded background img size: 879584

Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register	HTTP Parser: No favicon
Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register	HTTP Parser: No favicon
Source: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register	HTTP Parser: No favicon

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: unknown

HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:60691 version: TLS 1.0

Source: C:\Windows\System32\msiexec.exe

File opened: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.164.15:443 -> 192.168.2.4:60594 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:60595 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:60596 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:60597 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:60598 version: TLS 1.2

Source:	Binary string: vcomp.i386.pdb source: vcomp.dll.6.dr
Source:	Binary string: MFCM80U.i386.pdb source: mfcm80u.dll.6.dr
Source:	Binary string: vcomp.i386.pdbp source: vcomp.dll.6.dr
Source:	Binary string: msvcp70.pdb source: is-QQFVQ.tmp.1.dr

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	1_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004511DC FindFirstFileA,GetLastError,	1_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	1_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	10_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	10_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004511DC FindFirstFileA,GetLastError,	10_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	10_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	10_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	10_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	10_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	10_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	14_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	14_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004511DC FindFirstFileA,GetLastError,	14_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	14_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	14_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	14_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	14_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	14_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	16_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	16_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004511DC FindFirstFileA,GetLastError,	16_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	16_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	16_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	16_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	16_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	16_2_0045DE20

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.4:52685 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:60593 -> 162.159.36.2:53

Source: Joe Sandbox View	IP Address: 13.107.253.67 13.107.253.67
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown

HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:60691 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.164.15
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rU+HBvaC1yu2Tc9&MD=p3aPXsTG HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rU+HBvaC1yu2Tc9&MD=p3aPXsTG HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rU+HBvaC1yu2Tc9&MD=p3aPXsTG HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Register.aspx?Type=Install&ProgID=72&URL=Register HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /content/check_affiliate_v2.js HTTP/1.1Host: secure.avangate.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /checkout/client/twoCoInlineCart.js HTTP/1.1Host: secure.2checkout.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /impact-write-cookie.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webpack-runtime-c3e566b68af78f5a1881.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /framework-4cf5ecd37f9363b1291b.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /app-ec6a9b7fc501dcfa2bce.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /styles-e9d24b1846c7d6eb9685.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /commons-6d24d96f29bfebe3476c.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fc36456533b5c3f455badd7fedf67d455632ae09-d47c18182f1ea88950d1.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /065285d60ba513d3bcbdfb63a33fa8101bb0b358-4821f749d7a07c3e7df2.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /2065217a474d4a3fd54097f75f88115fcb365010-adda0b8e31f45949fb70.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /33e6b7bb568ff42f71b848c5df167b4296d898c4-ac14a9bffec845baa13f.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /component---src-pages-register-aspx-js-6f46d8866c51b1dcd83a.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/register.aspx/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/sq/d/1818369706.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/app-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/korea-flag-79791aa1b82ec319446a28648f789d47.svg HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/portugal-flag-fbf130c4cf651d793ef080714eb235d7.svg HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /j.php?a=279977&u=https%3A%2F%2Fwww.avs4you.com%2FRegister.aspx%3FType%3DInstall%26ProgID%3D72%26URL%3DRegister&f=1&r=0.39962393127720364 HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/korea-flag-79791aa1b82ec319446a28648f789d47.svg HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/portugal-flag-fbf130c4cf651d793ef080714eb235d7.svg HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /impact-affiliates-run.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/246926afbd284fb716642aa731f7a86a/77c99/register-available-carts.png HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/privacy.aspx/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,/;q=0.8Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/index/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: application/signed-exchange;v=b3;q=0.7,/;q=0.8Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7.0/va-02675bafc3b15c3fe9607f49f9c72a3c.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7.0/track-02675bafc3b15c3fe9607f49f9c72a3c.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analysis/4.0/opa-2015714ead7ef389f4c17a73331ce8c0.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.avs4you.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v.gif?cd=0&a=279977&d=avs4you.com&u=D7089C87ED9985DECDFE20D474BE53994&h=76d0d9c659f6f247740bd2ae94d457e2&t=false HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /settings.js?a=279977&settings_type=1&vn=7.0&exc=18\|25 HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analysis/worker-70faafffa0475802f5ee03ca5ff74179.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.avs4you.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/246926afbd284fb716642aa731f7a86a/77c99/register-available-carts.png HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151
Source: global traffic	HTTP traffic detected: GET /v.gif?cd=0&a=279977&d=avs4you.com&u=D7089C87ED9985DECDFE20D474BE53994&h=76d0d9c659f6f247740bd2ae94d457e2&t=false HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analysis/worker-70faafffa0475802f5ee03ca5ff74179.js HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /component---src-pages-privacy-aspx-js-a7a853f585e8da46a6a3.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
Source: global traffic	HTTP traffic detected: GET /component---src-pages-index-js-61c1fcfe70144a5f0bfa.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
Source: global traffic	HTTP traffic detected: GET /tag/uet/4024645 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /page-data/privacy.aspx/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
Source: global traffic	HTTP traffic detected: GET /page-data/index/page-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
Source: global traffic	HTTP traffic detected: GET /td/ga/rul?tid=G-BWSZ9WEBRH&gacid=1987730708.1716565152&gtm=45je45m0v9102177972z876934661za200zb76934661&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=1807214805 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/0.7.32/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CLID=3de2ac6fe27f4600a8f7c15bf03c6d47.20240524.20250524
Source: global traffic	HTTP traffic detected: GET /td/ga/rul?tid=G-FEYVLL88YK&gacid=1987730708.1716565152&gtm=45je45m0v9123194436za200&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=845811239 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&_u=YADAAUAAAAAAACAAI~&z=87124993 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&gjid=1175162250&_gid=46386595.1716565154&_u=YADAAUAAAAAAACAAI~&z=1129856423 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUmqpvDYlxfcWstlwcoqkKeD4dYxWfdNkHnYfEJyDppLZtaUrWLZz_LyGCWF
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&_u=YADAAUAAAAAAACAAI~&z=87124993 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ed7f220203bc9be09c14ffd0c19f9a1d0b534e3f-82d027f8e710db6311dc.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /ead3ba2693165d7b73a42f285fc121a8252cf06a-642d45fdbaba40596fd0.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /1b9a2f2d6d29c30dd1e8760cd3a43981f2804204-435dd3d34a8fa193caf3.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /9dca3c060c98a2ec0e5a6368c886bb5833c66958-6c0ebfb674551fc6862e.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /dbfd5dde42d0c6776b28c56d4c3e613fa59d0324-5229893a2299067c0dab.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /4a429f41750768c4912c7a69233f153b0200c016-b04f582e48009a30a2ad.js HTTP/1.1Host: www.avs4you.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=RegisterAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /page-data/app-data.json HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /Register.aspx?Type=Install&ProgID=72&URL=Register HTTP/1.1Host: www.avs4you.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043C8000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000C9D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <lnu><lau>Cada video no podra superar 10 minutos de duracion y 1GB de tamano. A veces hay que esperar unos 30 minutos o mas hasta que un fichero demasiado grande aparezca en YouTube. Si sus ficheros son demasiado grandes, usted puede usar el <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> para cortar video o crear ficheros de menor tamano. equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223647373.0000000000724000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: <lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes.AlignText equals www.youtube.com (Youtube)
Source: AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043C8000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000BEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes. equals www.youtube.com (Youtube)
Source: AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes.$<lnu><lau> equals www.youtube.com (Youtube)
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000BEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes.ile pi equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: Best regards1.0*.lickeyxshttp://www.avsdop.com/avswebservice/service.asmxAVS4YOU\LicenceAVS4YOU\LicenceAVSMedia\LicenceSOFTWARE\Digital River\SoftwarePassport\\\BuyURLBuyURLSavePassUserNamePassNameFieldTitleTagsCategoryDescriptionSizeLast Folderc:\Category.iniCategoryCountCategoryCategorySavePassNameFieldTitleTitleTagsTagsCategoryCategoryDescriptionDescriptionSizeSizeIDS_7IDS_20All SuccessAVS4You, b IDS_21 IDS_22YouTubeUploaderSourceFileNamePropertiestitledescriptiontagscategoryIDS_23IDS_6IDS_5IDS_0IDS_1IDS_2IDS_3IDS_4-ti:-ta:-vc:-de:auto-hp:IDS_23IDS_8PathToExeLast Folder openCategory.iniCategoryCountCategoryCategory\Software\AVS4YOU\VideoConverter6\\Software\AVS4YOU\VideoConverter\PathToExePathToExePathToExePathToExeopenhttp://www.avs4you.com/AVS-Video-Converter.aspxopenhttp://youtube.com/signupUserNamePassHelpPathPathToLicenceAVS4YOU_EULA.rtfAppPathdata\About.rtfPathToExeRegistration.exe equals www.youtube.com (Youtube)
Source: chromecache_249.21.dr	String found in binary or memory: Sony PSP, Android and BlackBerry and upload it right to the device\" : \"Create a video for mobile phones or gaming consoles such as Apple iPod, Apple iPhone, Apple iPad, Sony PSP, Android and BlackBerry and upload it right to the device.\",\n\"Save video into Flash or WebM format and upload to the popular web services\" : \"Save video into Flash or WebM format and upload to the popular web services\",\n\"YouTube, Facebook, Telly, Dailymotion, Flickr and Dropbox\" : \"YouTube, Facebook, Telly, Dailymotion, Flickr and Dropbox.\",\n\"Become an expert in video editing right now\" : \"Become an expert in video editing right now!\",\n\"Purchasing AVS Video Editor 1 year subscription, you acquire full access to the program during 1 year\" : \"Purchasing AVS Video Editor 1 year subscription, you acquire full access to the program during 1 year.\",\n\"At the end of your 1 year subscription, your subscription auto-renews on an annual basis and you will incur the cost for the subscription until you explicitly cancel your subscription by logging into My account and clicking Cancel Subscription in your account settings\" : \"At the end of your 1 year subscription, your subscription auto-renews on an annual basis and you will incur the cost for the subscription until you explicitly cancel your subscription by logging into My account and clicking Cancel Subscription in your account settings.\",\n\"Purchasing AVS Video Editor unlimited subscription, you acquire full access to the program without any time limitations\" : \"Purchasing AVS Video Editor unlimited subscription, you acquire full access to the program without any time limitations.\",\n\"There is no need to renew the subscription\" : \"There is no need to renew the subscription.\",\n\"Trim\" : \"Trim\",\n\"Crop\" : \"Crop\",\n\"Split\" : \"Split\",\n\"Join\" : \"Join\",\n\n\n\"***************************MONEYBACK****************************\" : \"*************************MONEYBACK******************************\",\n\"30 Days\" : \"30 Days \",\n\"Moneyback\" : \"Moneyback\",\n\"Guarantee\" : \" Guarantee\",\n\"In case you are not satisfied with the software bought from the wwwavs4youcom web site, you can have your money back within 30 days since the purchase\" : \"In case you are not satisfied with the software bought from the www.avs4you.com web site, you can have your money back within 30 days since the purchase.\",\n\"Learn more\" : \"LEARN MORE\",\n\"Moneyback rules\" : \"Moneyback rules\",\n\"The moneyback is applicable for all the subscription types (at the moment this includes the unlimited and the one-year subscription types)\" : \"The moneyback is applicable for all the subscription types (at the moment this includes the unlimited and the one-year subscription types).\",\n\"We reserve the right to suspend moneyback service at any moment Nevertheless all the requests for moneyback before this date will be accepted\" : \"We reserve the right to suspend moneyback service at any moment.
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2229703630.000000000018C000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: TfrmMain.IDS_6=<lnu><lau>Each video can be up to 10 minutes in length and up to 1GB in size. It may take 30 minutes or more for extremely large files to appear on YouTube. If your files are too big, you can use <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> to trim video or make files of smaller sizes.$<lnu><lau> equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2229703630.000000000018C000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: er un fichier de taille plus petite.$<lnu><lau>Cada video no podra superar 10 minutos de duracion y 1GB de tamano. A veces hay que esperar unos 30 minutos o mas hasta que un fichero demasiado grande aparezca en YouTube. Si sus ficheros son demasiado grandes, usted puede usar el <l=http://www.avs4you.com/AVS-Video-Converter.aspx>AVS Video Converter<~l> para cortar video o crear ficheros de menor tamano.$<lnu><lau>Ogni video pu equals www.youtube.com (Youtube)
Source: chromecache_249.21.dr	String found in binary or memory: s why this video editing software is a great choice for beginners. At the same time it is fully packed with advanced editing features such as color correction, video stabilization, overlay, chromakey and many others which will be handy for video experts as well.\",\n\t\"hrefRegister\" : \"https://www.avs4you.com/register.aspx\",\n\t\"japanTextVideoeditor\" : \" \",\n\t\"Reviewed and highly rated by\" : \"Reviewed and highly rated by\",\n\n\n\n\t\"***************************AVS Video Converter****************************\": \"*************************AVS Video Converter******************************\",\n\t\"Free Video Converter for Windows\" : \"Free Video Converter for Windows\",\n\t\"Convert any video with AVS Free Video Converter for Windows\": \"Convert any video with AVS Free Video Converter for Windows\",\n\t\"AVS Free Video Converter converts video files to all popular video formats MP4, DVD, MPEG, MOV, FLV and others absolutely free Download Free AVS Video Converter\": \"AVS Free Video Converter converts video files to all popular video formats MP4, DVD, MPEG, MOV and others absolutely free. Download Free AVS Video Converter\",\n\t\"Convert videos for iPhone, iPad, Android, Samsung, YouTube, Facebook, etc\" : \"Convert videos for iPhone, iPad, Android, Samsung, YouTube, Facebook, etc.\",\n\t\"free video converter, video to mp3, video converter, video download converter, video converter to mp4, avs video converter, avs4you, avs, avs converter, avs4u, video converter tool, video converter software, mp4 to mp3 converter, mp4 to avi converter, mp4 to 3gp converter, mp4 video converter, convert dvd, convert avi, convert mp4, convert wmv, convert mov, video file converter, dvd converter, convert mp4 to dvd, avi converter, video converting, video conversion\": \"free video converter, video to mp3, video converter, video download converter, video converter to mp4, avs video converter, avs4you, avs, avs converter, avs4u, video converter tool, video converter software, mp4 to mp3 converter, mp4 to avi converter, mp4 to 3gp converter, mp4 video converter, convert dvd, convert avi, convert mp4, convert wmv, convert mov, video file converter, dvd converter, convert mp4 to dvd, avi converter, video converting, video conversion\",\n\t\"Convert to from video formats MP4, DVD, AVI, WMV,MOV, MPEG4, VOB, FLV, MKV, MTS, 2K QHD, 4K UHD and DCI 4K etc fast and easily\": \"Convert from/to 150+ formats: MP4, MOV, MKV, WEBM, DVD, AVI, WMV, MPEG, M2TS, TS, 2K QHD, 4K UHD and DCI 4K, etc.\",\n\t\" equals www.facebook.com (Facebook)
Source: chromecache_249.21.dr	String found in binary or memory: s why this video editing software is a great choice for beginners. At the same time it is fully packed with advanced editing features such as color correction, video stabilization, overlay, chromakey and many others which will be handy for video experts as well.\",\n\t\"hrefRegister\" : \"https://www.avs4you.com/register.aspx\",\n\t\"japanTextVideoeditor\" : \" \",\n\t\"Reviewed and highly rated by\" : \"Reviewed and highly rated by\",\n\n\n\n\t\"***************************AVS Video Converter****************************\": \"*************************AVS Video Converter******************************\",\n\t\"Free Video Converter for Windows\" : \"Free Video Converter for Windows\",\n\t\"Convert any video with AVS Free Video Converter for Windows\": \"Convert any video with AVS Free Video Converter for Windows\",\n\t\"AVS Free Video Converter converts video files to all popular video formats MP4, DVD, MPEG, MOV, FLV and others absolutely free Download Free AVS Video Converter\": \"AVS Free Video Converter converts video files to all popular video formats MP4, DVD, MPEG, MOV and others absolutely free. Download Free AVS Video Converter\",\n\t\"Convert videos for iPhone, iPad, Android, Samsung, YouTube, Facebook, etc\" : \"Convert videos for iPhone, iPad, Android, Samsung, YouTube, Facebook, etc.\",\n\t\"free video converter, video to mp3, video converter, video download converter, video converter to mp4, avs video converter, avs4you, avs, avs converter, avs4u, video converter tool, video converter software, mp4 to mp3 converter, mp4 to avi converter, mp4 to 3gp converter, mp4 video converter, convert dvd, convert avi, convert mp4, convert wmv, convert mov, video file converter, dvd converter, convert mp4 to dvd, avi converter, video converting, video conversion\": \"free video converter, video to mp3, video converter, video download converter, video converter to mp4, avs video converter, avs4you, avs, avs converter, avs4u, video converter tool, video converter software, mp4 to mp3 converter, mp4 to avi converter, mp4 to 3gp converter, mp4 video converter, convert dvd, convert avi, convert mp4, convert wmv, convert mov, video file converter, dvd converter, convert mp4 to dvd, avi converter, video converting, video conversion\",\n\t\"Convert to from video formats MP4, DVD, AVI, WMV,MOV, MPEG4, VOB, FLV, MKV, MTS, 2K QHD, 4K UHD and DCI 4K etc fast and easily\": \"Convert from/to 150+ formats: MP4, MOV, MKV, WEBM, DVD, AVI, WMV, MPEG, M2TS, TS, 2K QHD, 4K UHD and DCI 4K, etc.\",\n\t\" equals www.youtube.com (Youtube)
Source: regsvr32.exe, 00000008.00000002.2097720419.000000000334A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/watch?v= equals www.youtube.com (Youtube)
Source: regsvr32.exe, 00000008.00000002.2097720419.000000000334A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/watch?v=Cej equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: www.avs4you.com
Source: global traffic	DNS traffic detected: DNS query: secure.avangate.com
Source: global traffic	DNS traffic detected: DNS query: secure.2checkout.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dev.visualwebsiteoptimizer.com
Source: global traffic	DNS traffic detected: DNS query: www.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: s.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: c.clarity.ms

Source: unknown

HTTP traffic detected: POST /g/collect?v=2&tid=G-BWSZ9WEBRH&cid=1987730708.1716565152&gtm=45je45m0v9102177972z876934661za200zb76934661&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.avs4you.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.avs4you.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://avs4you.comdefresitavs4you.comavs4you.com/My
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/AVSRequest
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/AVSRequestP
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/Z
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/h
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://avsdop.com/AVSWebService/utf-8http://avsdop.com/AVSWebService/AVSRequestSOFTWARE
Source: Registration.exe, 00000009.00000003.2185938608.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185973886.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172021158.00000000021A0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171545162.000000000217C000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171531135.0000000002180000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172412820.00000000021A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171343419.000000000219C000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171511857.0000000002184000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171193252.0000000002198000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/
Source: Registration.tmp, 0000000A.00000003.2171560764.000000000218C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/4%
Source: Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171531135.0000000002180000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140037805.0000000002098000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136995709.0000000002210000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168713723.0000000001F84000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168755599.0000000001F88000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166620254.0000000002150000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/A
Source: Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172021158.00000000021A0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172412820.00000000021A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171343419.000000000219C000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171193252.0000000002198000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138413957.0000000002250000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136877808.0000000002249000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136924245.000000000224C000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/About
Source: Registration.exe, 00000009.00000003.2185938608.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171531135.0000000002180000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140037805.0000000002098000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140150875.000000000209C000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136976122.0000000002214000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168784667.0000000001F8C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168713723.0000000001F84000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/Acerca
Source: AVSUpdateManager.tmp, 00000010.00000003.2166693055.0000000002158000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/H5
Source: Registration.exe, 00000009.00000003.2185938608.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185973886.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171511857.0000000002184000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140037805.0000000002098000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140281048.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140150875.000000000209C000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136976122.0000000002214000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168784667.0000000001F8C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168820099.0000000001F90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/Informazioni
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140534216.00000000020A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/d
Source: Registration.exe, 00000009.00000003.2186006945.00000000020B4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispp.sourceforge.net/x(
Source: AVSYouTubeUploader.exe, 00000012.00000002.2922494111.00000000006E1000.00000004.00000001.01000000.00000010.sdmp	String found in binary or memory: http://reg.avs4you.com/prolongation/prol
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://reg.avs4you.com/prolongation/prolongation.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/prolongation/prolongation.aspx?Type=App&ProgID=72&URL=Prolong
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/prolongation/prolongation.aspxa
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136924245.000000000224C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Suppor
Source: AVS4YOUSoftwareNavigator.tmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Supporp
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Supporpo
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Support
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137136716.0000000000589000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Support~G
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/4)
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223269311.0000000000401000.00000020.00000001.01000000.00000010.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types
Source: Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167346208.0000000000618000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166481192.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166856160.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000002.2168076276.0000000000619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com#http://www.avs4you.com/support.aspx6http://www.avs4you.com/SoftwareNavigator/
Source: Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com)http://www.avs4you.com/support/index.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229337585.00000000021A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654724224.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/#http://www.avs4you.com/support.aspx0http://www.avs4you.com/AVS-YouTube-Uploa
Source: AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/.
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2245216281.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229221226.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/2
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/?Type=App&ProgId=72&URL=Main
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/?utm_medium=Navigator&utm_source=Navigator&utm_content=Main
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/?utm_medium=Navigator&utm_source=Navigator&utm_content=Mainopen
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137454297.0000000000546000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138910442.0000000000549000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/?utm_medium=Navigator&utm_source=Navigator&utm_content=Mains
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000005259000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspx9
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspxA
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspxI
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspxQ
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Converter.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Converter.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Editor.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Editor.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Grabber.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Grabber.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Mix.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Mix.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Recorder.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Audio-Recorder.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Cover-Editor.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Cover-Editor.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Authoring.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Authoring.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Copy.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Copy.aspxP
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000005259000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxY
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxi
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspxq
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Disc-Creator.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Disc-Creator.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Image-Converter.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Image-Converter.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Media-Player.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Media-Player.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Mobile-Uploader.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Mobile-Uploader.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Photo-Editor.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Photo-Editor.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Registry-Cleaner.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Registry-Cleaner.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Ringtone-Maker.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Ringtone-Maker.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Slideshow-Maker.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Slideshow-Maker.aspxa
Source: Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-System-Cleaner.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-System-Info.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-System-Info.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-TV-Box.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-TV-Box.aspxP
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000C9D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Converter.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Converter.aspxopenhttp://youtube.com/signupUserNamePassHelpPathPath
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Converter6.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Converter6.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Editor4.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Editor4.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Recorder.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Recorder.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Remaker.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-Remaker.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-Flash.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-Flash.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx)
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx1
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx9
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-YouTube-Uploader.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2245216281.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229221226.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-YouTube-Uploader.aspx.
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-YouTube-Uploader.aspxa
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-iDevice-Explorer.aspx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/AVS-iDevice-Explorer.aspxa
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSAudioConverter.exe?utm_medium=Navigator&utm_source=Navigator&utm
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSAudioEditor.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSAudioRecorder.exe?utm_medium=Navigator&utm_source=Navigator&utm_
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSDVDAuthoring.exe?utm_medium=Navigator&utm_source=Navigator&utm_c
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSDVDCopy.exe?utm_medium=Navigator&utm_source=Navigator&utm_conten
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSDiscCreator.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSFirewall.exe?utm_medium=Navigator&utm_source=Navigator&utm_conte
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSMediaPlayer.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSMusicMix.exe?utm_medium=Navigator&utm_source=Navigator&utm_conte
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSRegistryCleaner.exe?utm_medium=Navigator&utm_source=Navigator&ut
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSRingtoneMaker.exe?utm_medium=Navigator&utm_source=Navigator&utm_
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSSystemInfo.exe?utm_medium=Navigator&utm_source=Navigator&utm_con
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoConverter.exe?utm_medium=Navigator&utm_source=Navigator&utm
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoEditor.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoReMaker.exe?utm_medium=Navigator&utm_source=Navigator&utm_c
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoRecorder.exe?utm_medium=Navigator&utm_source=Navigator&utm_
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138044565.00000000021F5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideotoFlash.exe?utm_medium=Navigator&utm_source=Navigator&utm_c
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideotoGO.exe?utm_medium=Navigator&utm_source=Navigator&utm_cont
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideotoPSP.exe?utm_medium=Navigator&utm_source=Navigator&utm_con
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Downloads/AVSVideotoiPod.exe?utm_medium=Navigator&utm_source=Navigator&utm_co
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/Encrypted-DVD.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Encrypted-DVD.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Encrypted-DVD.aspxy
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138044565.00000000021F5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Guides/index.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Guide
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/OnlineHelp/index.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=O
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspt
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register%/
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register:
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterJ
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=RegisterX
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerb
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registercoll
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229435648.000000000057C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230192487.000000000057F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerhttp://www.avs4you.com
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registern.
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerse_P
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerste
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000BEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?utm_medium=Register&utm_source=Navigator&utm_content=Register
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/Register.aspx?utm_medium=Register&utm_source=Navigator&utm_content=RegisterPa
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/SoftwareNavigator/Download.aspx
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/SoftwareNavigator/Download.aspx2
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137136716.0000000000589000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/SoftwareNavigator/Download.aspx~
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/audio.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Audio
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/?Type=App&ProgId=72&URL=Main
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2229703630.000000000018C000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043E7000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000043C8000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2928475760.0000000004553000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2926899782.00000000042F2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/AVS-Video-Converter.aspx
Source: Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/de/Register.aspxx
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/disc.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=D
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/disc.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Dis
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/disc.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Disk
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138440588.0000000002264000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/disc.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Diskpk&
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSArchiver.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSArchiver.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioConverter.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioConverter.exe9
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioEditor.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioEditor.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioGrabber.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioGrabber.exeq
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioGrabber.exey
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioMix.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioMix.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioRecorder.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioRecorder.exe)
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSAudioRecorder.exe1
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSCoverEditor.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSCoverEditor.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDAuthoring.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDAuthoring.exeA
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDAuthoring.exeI
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDCopy.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDCopy.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDPlayer.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDVDPlayer.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDiscCreator.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSDiscCreator.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSImageConverter.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSImageConverter.exeq
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMediaPlayer.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMediaPlayer.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exeI
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exeQ
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exeY
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSPhotoEditor.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSPhotoEditor.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSRegistryCleaner.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSRegistryCleaner.exe9
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSRingtoneMaker.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSRingtoneMaker.exei
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSlideshowMaker.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSlideshowMaker.exe)
Source: Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSystemCleaner.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSystemInfo.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSSystemInfo.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSTVBox.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSTVBox.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoConverter6.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoConverter6.exeI
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoEditor4.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoEditor4.exeQ
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoEditor4.exeY
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRecorder.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRecorder.exeQ
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRemaker.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRemaker.exei
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRemaker.exeq
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoFlash.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoFlash.exe)
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoFlash.exey
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoGo.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoGo.exea
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSYouTubeUploader.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSYouTubeUploader.exe1
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSYouTubeUploader.exeA
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSiDeviceExplorer.exe
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/AVSiDeviceExplorer.exea
Source: AVSUpdateManager.tmp, 00000010.00000003.2166716303.000000000215C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/update/UpdateList.x
Source: AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/update/UpdateList.xml
Source: AVSUpdateManager.tmp, 00000010.00000003.2167346208.0000000000618000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166481192.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166856160.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000002.2168076276.0000000000619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/update/UpdateList.xml0t
Source: AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/update/UpdateList.xmlUpdateList.xmlUpdateList.xmlUpdateList.xmlAVS.
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228894355.0000000002164000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/wmfdist.ex
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/downloads/wmfdist.exe
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/?Type=App&ProgId=72&URL=Main
Source: Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/Register.aspx?Type=Install&ProgID=72&URL=Register
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/es/Register.aspxx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/fr/?Type=App&ProgId=72&URL=Main
Source: Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/fr/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/fr/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/fr/Register.aspxx
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000265F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/index.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2922850333.00000000006F1000.00000004.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2922494111.00000000006E1000.00000004.00000001.01000000.00000010.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/index.aspxhttp://www.avs4you.com/support.aspxhttp://www.avs4you.com/Encrypted
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000265F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/index.aspxq
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/it/?Type=App&ProgId=72&URL=Main
Source: Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/it/Register.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/it/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register
Source: Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/it/Register.aspxx
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/mobile.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Mobile
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	String found in binary or memory: http://www.avs4you.com/register.aspx
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/register.aspxP
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000265F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654724224.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspx0
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspx6
Source: AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000265F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspxA
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2245216281.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229221226.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspxB
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support.aspxF
Source: Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167346208.0000000000618000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166481192.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166856160.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000002.2168076276.0000000000619000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support/index.aspx
Source: AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/support/index.aspx&
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/system-utilities.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=S
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com/video.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Video
Source: AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com2
Source: Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com:
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137136716.0000000000589000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avs4you.com_
Source: AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000C8E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmx
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxAVS4YOU
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxAVS4YOUSoftwareNavigatorTSoftwareNavigatorMainFormAV
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxOnline
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxProductIDSOFTWARE
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2233071754.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654724224.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2233312922.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2232960458.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228842588.0000000002158000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avsmedia.com/
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types0t
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesc0da53f
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesc0da53k
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesde1097d
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesgdiplum
Source: AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Typesmmon-cm
Source: AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: AVSUpdateManager.tmp, AVSUpdateManager.tmp, 00000010.00000000.2155537547.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, is-7IQCS.tmp.1.dr	String found in binary or memory: http://www.innosetup.com/
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.regnow.com/softsell/nph-softsell.cgi?item=
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655618164.00000000020C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655422820.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000000.1656101245.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Registration.exe, 00000009.00000003.2099523510.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099803134.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, Registration.tmp, 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125525259.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125355086.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138693801.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2153287660.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2154854250.0000000001F94000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, AVSUpdateManager.tmp, 00000010.00000000.2155537547.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, is-7IQCS.tmp.1.dr	String found in binary or memory: http://www.remobjects.com/?ps
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655618164.00000000020C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655422820.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000000.1656101245.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Registration.exe, 00000009.00000003.2099523510.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099803134.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125525259.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125355086.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138693801.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2153287660.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2154854250.0000000001F94000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000000.2155537547.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, is-7IQCS.tmp.1.dr	String found in binary or memory: http://www.remobjects.com/?psU
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	String found in binary or memory: http://youtube.com/signup
Source: chromecache_249.21.dr	String found in binary or memory: https://developers.google.com/analytics/resources/concepts/gaConceptsTrackingOverview
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1pL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2pL7SUc.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWSw
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWT4
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV0
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV4
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV8
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVA
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVI
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVM
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVQ
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVw
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_274.21.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_249.21.dr	String found in binary or memory: https://onlinehelpstaticcontents.avs4you.com/downloads/documents/refund.pdf
Source: chromecache_249.21.dr	String found in binary or memory: https://store.avs4you.com/order/checkout.php?PRODS=604110&QTY=1&CART=1&CARD=2&SHORT_FORM=1&CURRENCY=
Source: chromecache_249.21.dr	String found in binary or memory: https://store.avs4you.com/order/checkout.php?PRODS=604132&QTY=1&CART=1&CARD=2&SHORT_FORM=1&CURRENCY=
Source: chromecache_249.21.dr	String found in binary or memory: https://store.avs4you.com/order/checkout.php?PRODS=604132&QTY=1&CART=1&CARD=2&SHORT_FORM=1&LANGUAGES
Source: chromecache_249.21.dr	String found in binary or memory: https://www.avs4you.com/register.aspx
Source: chromecache_249.21.dr	String found in binary or memory: https://www.onlyoffice.com/download-desktop.aspx?utm_source=email&utm_medium=email&utm_campaign=avs-

Source: unknown	Network traffic detected: HTTP traffic on port 60598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60655 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60617 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60652
Source: unknown	Network traffic detected: HTTP traffic on port 60706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60659
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60658
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60657
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60656
Source: unknown	Network traffic detected: HTTP traffic on port 60641 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60655
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60658 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60706
Source: unknown	Network traffic detected: HTTP traffic on port 60637 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60612 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60663
Source: unknown	Network traffic detected: HTTP traffic on port 60644 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60662
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60661
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60660
Source: unknown	Network traffic detected: HTTP traffic on port 60696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60669 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60669
Source: unknown	Network traffic detected: HTTP traffic on port 60661 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60668
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60667
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60700
Source: unknown	Network traffic detected: HTTP traffic on port 60623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60657 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60615 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60638 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60674
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60673
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60671
Source: unknown	Network traffic detected: HTTP traffic on port 60691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60643 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60678
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60677
Source: unknown	Network traffic detected: HTTP traffic on port 60610 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60607
Source: unknown	Network traffic detected: HTTP traffic on port 60652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60595 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60618 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60683
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60680
Source: unknown	Network traffic detected: HTTP traffic on port 60694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60629 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60663 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60621 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60687
Source: unknown	Network traffic detected: HTTP traffic on port 60680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60619
Source: unknown	Network traffic detected: HTTP traffic on port 60659 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60618
Source: unknown	Network traffic detected: HTTP traffic on port 60594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60613 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60695
Source: unknown	Network traffic detected: HTTP traffic on port 60645 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60694
Source: unknown	Network traffic detected: HTTP traffic on port 60697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60668 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60617
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60616
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60615
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60613
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60612
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60611
Source: unknown	Network traffic detected: HTTP traffic on port 60607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60610
Source: unknown	Network traffic detected: HTTP traffic on port 60622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60698
Source: unknown	Network traffic detected: HTTP traffic on port 60633 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60597 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60629
Source: unknown	Network traffic detected: HTTP traffic on port 60616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60628
Source: unknown	Network traffic detected: HTTP traffic on port 60640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60627
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60625
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60623
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60622
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60621
Source: unknown	Network traffic detected: HTTP traffic on port 60682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60611 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60598
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60597
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60630
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60596
Source: unknown	Network traffic detected: HTTP traffic on port 60619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60595
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60594
Source: unknown	Network traffic detected: HTTP traffic on port 60695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60639
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60638
Source: unknown	Network traffic detected: HTTP traffic on port 60628 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60637
Source: unknown	Network traffic detected: HTTP traffic on port 60662 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60633
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60632
Source: unknown	Network traffic detected: HTTP traffic on port 60656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60639 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60642
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60641
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60640
Source: unknown	Network traffic detected: HTTP traffic on port 60673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60667 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60649
Source: unknown	Network traffic detected: HTTP traffic on port 60625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60642 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60645
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60644
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60643

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.164.15:443 -> 192.168.2.4:60594 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:60595 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:60596 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:60597 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:60598 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00423B2C NtdllDefWindowProc_A,	1_2_00423B2C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004722D4 NtdllDefWindowProc_A,	1_2_004722D4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00412580 NtdllDefWindowProc_A,	1_2_00412580
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0042ED38 NtdllDefWindowProc_A,	1_2_0042ED38
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	1_2_004551F4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0042ED38 NtdllDefWindowProc_A,	10_2_0042ED38
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00423B2C NtdllDefWindowProc_A,	10_2_00423B2C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004722D4 NtdllDefWindowProc_A,	10_2_004722D4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00412580 NtdllDefWindowProc_A,	10_2_00412580
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	10_2_004551F4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00423B2C NtdllDefWindowProc_A,	14_2_00423B2C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004722D4 NtdllDefWindowProc_A,	14_2_004722D4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00412580 NtdllDefWindowProc_A,	14_2_00412580
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0042ED38 NtdllDefWindowProc_A,	14_2_0042ED38
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	14_2_004551F4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00423B2C NtdllDefWindowProc_A,	16_2_00423B2C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004722D4 NtdllDefWindowProc_A,	16_2_004722D4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00412580 NtdllDefWindowProc_A,	16_2_00412580
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0042ED38 NtdllDefWindowProc_A,	16_2_0042ED38
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	16_2_004551F4

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_0042E6CC: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,

1_2_0042E6CC

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	0_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	1_2_00453AF8
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: 9_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	9_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	10_2_00453AF8
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: 12_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	12_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	14_2_00453AF8
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: 15_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	15_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	16_2_00453AF8

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-59604.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-45HP1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-QQFVQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-AOVL1.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4d11bc.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{7299052b-02a4-4627-81f2-1818da5d550d}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI146C.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A39.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.manifest	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.0\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.0\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.1\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844804.1\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.0\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.0\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.1\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844820.1\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844835.0	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844835.0\8.0.50727.762.policy	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844835.0\8.0.50727.762.cat	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4d11bf.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4d11bf.msi	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI146C.tmp

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004082E8	0_2_004082E8
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00462994	1_2_00462994
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0046AC90	1_2_0046AC90
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004797C1	1_2_004797C1
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00485FE0	1_2_00485FE0
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004800E8	1_2_004800E8
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0044416C	1_2_0044416C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004305D0	1_2_004305D0
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00444864	1_2_00444864
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004588EC	1_2_004588EC
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0046498C	1_2_0046498C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00434A2C	1_2_00434A2C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00444C70	1_2_00444C70
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0047F238	1_2_0047F238
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0043D44C	1_2_0043D44C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045B694	1_2_0045B694
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0042FB74	1_2_0042FB74
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00443BC4	1_2_00443BC4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00433D28	1_2_00433D28
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: 9_2_004082E8	9_2_004082E8
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00462994	10_2_00462994
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0046AC90	10_2_0046AC90
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004797C1	10_2_004797C1
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00485FE0	10_2_00485FE0
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004800E8	10_2_004800E8
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0044416C	10_2_0044416C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004305D0	10_2_004305D0
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00444864	10_2_00444864
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004588EC	10_2_004588EC
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0046498C	10_2_0046498C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00434A2C	10_2_00434A2C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00444C70	10_2_00444C70
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0047F238	10_2_0047F238
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0043D44C	10_2_0043D44C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045B694	10_2_0045B694
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0042FB74	10_2_0042FB74
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00443BC4	10_2_00443BC4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00433D28	10_2_00433D28
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: 12_2_004082E8	12_2_004082E8
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00462994	14_2_00462994
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0046AC90	14_2_0046AC90
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004797C1	14_2_004797C1
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00485FE0	14_2_00485FE0
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004800E8	14_2_004800E8
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0044416C	14_2_0044416C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004305D0	14_2_004305D0
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00444864	14_2_00444864
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004588EC	14_2_004588EC
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0046498C	14_2_0046498C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00434A2C	14_2_00434A2C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00444C70	14_2_00444C70
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0047F238	14_2_0047F238
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0043D44C	14_2_0043D44C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045B694	14_2_0045B694
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0042FB74	14_2_0042FB74
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00443BC4	14_2_00443BC4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00433D28	14_2_00433D28
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: 15_2_004082E8	15_2_004082E8
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00462994	16_2_00462994
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0046AC90	16_2_0046AC90
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004797C1	16_2_004797C1
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004800E8	16_2_004800E8
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0044416C	16_2_0044416C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004305D0	16_2_004305D0
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00444864	16_2_00444864
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004588EC	16_2_004588EC
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0046498C	16_2_0046498C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00434A2C	16_2_00434A2C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00444C70	16_2_00444C70
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0047F238	16_2_0047F238
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0043D44C	16_2_0043D44C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045B694	16_2_0045B694
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0042FB74	16_2_0042FB74
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00443BC4	16_2_00443BC4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00433D28	16_2_00433D28
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00485FE0	16_2_00485FE0

Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00405964 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 004454D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00407894 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00433C40 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00455970 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00451AC0 appears 72 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00455B70 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 004457A0 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00403684 appears 204 times
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: String function: 00408BAC appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00405964 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 004454D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00407894 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00433C40 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00455970 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00451AC0 appears 72 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00455B70 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 004457A0 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00403684 appears 204 times
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: String function: 00408BAC appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00405964 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 004454D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00407894 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00433C40 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00455970 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00451AC0 appears 72 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00455B70 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 004457A0 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00403684 appears 204 times
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: String function: 00408BAC appears 44 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00405964 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00406A2C appears 38 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00403400 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 004454D0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00407894 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00433C40 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00455970 appears 95 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00451AC0 appears 72 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00403494 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00455B70 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 004457A0 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00403684 appears 204 times
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: String function: 00408BAC appears 44 times

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Static PE information: invalid certificate

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp.0.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-7IQCS.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-H552E.tmp.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: Registration.tmp.9.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-62FLE.tmp.10.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-74BKC.tmp.10.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: is-HAFFP.tmp.10.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: AVS4YOUSoftwareNavigator.tmp.12.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped

Source: mfc80CHS.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80DEU.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80ESP.dll.6.dr	Static PE information: No import functions for PE file found
Source: is-AOVL1.tmp.1.dr	Static PE information: No import functions for PE file found
Source: mfc80FRA.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80ITA.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80KOR.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80CHT.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80ENU.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc80JPN.dll.6.dr	Static PE information: No import functions for PE file found

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655618164.00000000020C0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe
Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1655422820.0000000002310000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: _RegDLL.tmp.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: _RegDLL.tmp.10.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: clean9.winEXE@44/266@12/10

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	0_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	1_2_00453AF8
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: 9_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	9_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	10_2_00453AF8
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: 12_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	12_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	14_2_00453AF8
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: 15_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	15_2_004092A0
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	16_2_00453AF8

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_00454320 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,

1_2_00454320

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Code function: 0_2_00409A04 FindResourceA,SizeofResource,LoadResource,LockResource,

0_2_00409A04

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

File created: C:\Program Files (x86)\AVS4YOU

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\AVS YouTube Uploader.lnk

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

File created: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp

Jump to behavior

Source: Yara match	File source: 18.0.AVSYouTubeUploader.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.0.AVSUpdateManager.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000000.2272634371.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.2223269311.0000000000401000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2165588256.0000000005259000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-U55IL.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\AVS4YOU\is-G618K.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-1O3D5.tmp, type: DROPPED

Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Process created: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp "C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp" /SL5="$1044A,10568020,53248,C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredist.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 82837F4300B66549CD108A749FF00E18
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll"
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Process created: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp "C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp" /SL5="$304A0,5538535,53248,C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Process created: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp "C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp" /SL5="$104D6,1455797,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Process created: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp "C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp" /SL5="$A04F2,1689432,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ATL.dll"
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe"
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1968,i,9419666226059867181,14086244882520364381,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Process created: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp "C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp" /SL5="$1044A,10568020,53248,C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredist.msi"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ATL.dll"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 82837F4300B66549CD108A749FF00E18	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Process created: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp "C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp" /SL5="$304A0,5538535,53248,C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe "C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Process created: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp "C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp" /SL5="$104D6,1455797,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Process created: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp "C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp" /SL5="$A04F2,1689432,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1968,i,9419666226059867181,14086244882520364381,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: atl.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: olepro32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: textshaping.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: riched32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: riched20.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: usp10.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: msls31.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: acgenral.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: mpr.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: aclayers.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: sfc.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: sfc_os.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Section loaded: olepro32.dll

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: AVS YouTube Uploader.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe
Source: AVS YouTube Uploader.lnk0.1.dr	LNK file: ..\..\..\..\..\..\..\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe
Source: AVS YouTube Uploader.lnk1.1.dr	LNK file: ..\..\..\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe
Source: Activation.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\AVS4YOU\Registration.exe
Source: Uninstall.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\AVS4YOU\Uninstall.exe
Source: License Agreement.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\AVS4YOU\License Agreement.rtf
Source: Help.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\AVS4YOU\AVS4YOUHelp.chm
Source: Repair.lnk.10.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Common Files\AVSMedia\ActiveX\Repairing.exe

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Automated click: Next >
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Automated click: Continue

Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Static file information: File size 10891576 > 1048576

Source: C:\Windows\System32\msiexec.exe

File opened: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll

Jump to behavior

Source:	Binary string: vcomp.i386.pdb source: vcomp.dll.6.dr
Source:	Binary string: MFCM80U.i386.pdb source: mfcm80u.dll.6.dr
Source:	Binary string: vcomp.i386.pdbp source: vcomp.dll.6.dr
Source:	Binary string: msvcp70.pdb source: is-QQFVQ.tmp.1.dr

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_0044AD34 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_0044AD34

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll"

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00406518 push 00406555h; ret	0_2_0040654D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004040B5 push eax; ret	0_2_004040F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00404185 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00404206 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_0040C218 push eax; ret	0_2_0040C219
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_004042E8 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00404283 push 00404391h; ret	0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00408D90 push 00408DC3h; ret	0_2_00408DBB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: 0_2_00407FE0 push ecx; mov dword ptr [esp], eax	0_2_00407FE5
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004098EC push 00409929h; ret	1_2_00409921
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004062CC push ecx; mov dword ptr [esp], eax	1_2_004062CD
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004305D0 push ecx; mov dword ptr [esp], eax	1_2_004305D5
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00410678 push ecx; mov dword ptr [esp], edx	1_2_0041067D
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004128D0 push 00412933h; ret	1_2_0041292B
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0047C88C push 0047C96Ah; ret	1_2_0047C962
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00450A78 push 00450AABh; ret	1_2_00450AA3
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00442B3C push ecx; mov dword ptr [esp], ecx	1_2_00442B40
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040CFD0 push ecx; mov dword ptr [esp], edx	1_2_0040CFD2
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004573DC push 00457420h; ret	1_2_00457418
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045B38C push ecx; mov dword ptr [esp], eax	1_2_0045B391
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040546D push eax; ret	1_2_004054A9
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040F530 push ecx; mov dword ptr [esp], edx	1_2_0040F532
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040553D push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004715E8 push ecx; mov dword ptr [esp], edx	1_2_004715E9
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004055BE push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0040563B push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004056A0 push 00405749h; ret	1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00419BD0 push ecx; mov dword ptr [esp], ecx	1_2_00419BD5
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00455C0C push 00455C44h; ret	1_2_00455C3C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0047DEE0 push ecx; mov dword ptr [esp], ecx	1_2_0047DEE5
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00409FE7 push ds; ret	1_2_00409FE8

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-45HP1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\Repairing.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\Updater.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msxml3a.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-7IQCS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\AVS4YOU\Registration.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-DS07H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-59604.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-1O3D5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\AVS4YOU\Uninstall.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI146C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-H0AS6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BAU28.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-74BKC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-62FLE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-QQFVQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\AVS4YOU\is-G618K.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateOptions.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcp70.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\AVS4YOU\is-JBP6O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-AOVL1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcr70.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	File created: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	File created: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-HAFFP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-PEHBR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	Jump to dropped file
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	File created: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Jump to dropped file
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	File created: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-VRG54.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-H552E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-U55IL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_setup64.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-QQFVQ.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-45HP1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcp70.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-AOVL1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcr70.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msxml3a.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\Windows\SysWOW64\is-59604.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI146C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Video	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Video\AVS YouTube Uploader.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Activation.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Uninstall.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\License Agreement.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Help.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Repair.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\AVS4YOU Software Navigator.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\AVS Update Manager.lnk

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	1_2_00422804
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	1_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0042413C IsIconic,SetActiveWindow,	1_2_0042413C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00424184 IsIconic,SetActiveWindow,SetFocus,	1_2_00424184
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	1_2_0047C25C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	1_2_0041832C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00417540 IsIconic,GetCapture,	1_2_00417540
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00417C76 IsIconic,SetWindowPos,	1_2_00417C76
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	1_2_00417C78
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	10_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	10_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0042413C IsIconic,SetActiveWindow,	10_2_0042413C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00424184 IsIconic,SetActiveWindow,SetFocus,	10_2_00424184
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	10_2_0047C25C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	10_2_0041832C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	10_2_00422804
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00417540 IsIconic,GetCapture,	10_2_00417540
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00417C76 IsIconic,SetWindowPos,	10_2_00417C76
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	10_2_00417C78
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	14_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	14_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0042413C IsIconic,SetActiveWindow,	14_2_0042413C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00424184 IsIconic,SetActiveWindow,SetFocus,	14_2_00424184
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	14_2_0047C25C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	14_2_0041832C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	14_2_00422804
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00417540 IsIconic,GetCapture,	14_2_00417540
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00417C76 IsIconic,SetWindowPos,	14_2_00417C76
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	14_2_00417C78
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	16_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	16_2_00423BB4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0042413C IsIconic,SetActiveWindow,	16_2_0042413C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00424184 IsIconic,SetActiveWindow,SetFocus,	16_2_00424184
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	16_2_0047C25C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	16_2_0041832C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	16_2_00422804
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00417540 IsIconic,GetCapture,	16_2_00417540
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00417C76 IsIconic,SetWindowPos,	16_2_00417C76
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	16_2_00417C78

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

1_2_0044AD34

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-45HP1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\Repairing.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\Updater.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\msxml3a.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-7IQCS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\Registration.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-DS07H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-59604.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\Registration\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\Uninstall.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI146C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-H0AS6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BAU28.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-62FLE.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-QQFVQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\is-G618K.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateOptions.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\msvcp70.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\is-JBP6O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\msvcr70.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Windows\SysWOW64\is-AOVL1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-PEHBR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-VRG54.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_setup64.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Evasive API call chain: GetSystemTime,DecisionNodes	graph_0-5353
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Evasive API call chain: GetSystemTime,DecisionNodes	graph_9-5348

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Registry key enumerated: More than 105 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	1_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_004511DC FindFirstFileA,GetLastError,	1_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	1_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	1_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	1_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: 1_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	1_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	10_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	10_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_004511DC FindFirstFileA,GetLastError,	10_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	10_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	10_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	10_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	10_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: 10_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	10_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	14_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	14_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_004511DC FindFirstFileA,GetLastError,	14_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	14_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	14_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	14_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	14_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: 14_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	14_2_0045DE20
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	16_2_00478B6C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,	16_2_0046F16C
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_004511DC FindFirstFileA,GetLastError,	16_2_004511DC
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	16_2_00490094
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,	16_2_00476A70
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	16_2_0045F3A4
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	16_2_0045F820
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: 16_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,	16_2_0045DE20

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Code function: 0_2_00409948 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

0_2_00409948

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Enterprise without Hyper-V (full installation)
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Microsoft Hyper-V Server
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Datacenter without Hyper-V (full installation)
Source: AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: pkernel32.dllGetProductInfoBusinessBusiness NHPC EditionServer Datacenter (full installation)Server Datacenter (core installation)Server Datacenter without Hyper-V (core installation)Server Datacenter without Hyper-V (full installation)EnterpriseEnterprise NServer Enterprise (full installation)Server Enterprise (core installation)Server Enterprise without Hyper-V (core installation)Server Enterprise for Itanium-based SystemsServer Enterprise without Hyper-V (full installation)Home BasicHome Basic NHome PremiumHome Premium NMicrosoft Hyper-V ServerWindows Essential Business Server Management ServerWindows Essential Business Server Messaging ServerWindows Essential Business Server Security ServerWindows Server 2008 for Windows Essential Server SolutionsWindows Server 2008 without Hyper-V for Windows Essential Server SolutionsWindows Small Business ServerServer Standard (full installation)Server Standard (core installation)Server Standard without Hyper-V (core installation)Server Standard without Hyper-V (full installation)StarterStorage Server EnterpriseStorage Server ExpressStorage Server StandardStorage Server WorkgroupUltimateUltimate NWeb Server (full installation)Web Server (core installation)Microsoft Windows 7Microsoft Windows VistaWindows Server "Longhorn"kernel32.dllGetNativeSystemInfoMicrosoft Windows Server 2003 "R2"Microsoft Windows XP Professional x64 EditionMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows NTMajorVersion: MinorVersion: Workstation 4.0 Home Edition Professional Datacenter Edition for Itanium-based Systems Enterprise Edition for Itanium-based Systems Datacenter x64 Edition Enterprise x64 EditionStandard x64 Edition Datacenter Edition Enterprise Edition Web Edition Standard Edition Datacenter Server Advanced Server Server Server 4.0, Enterprise Edition Server 4.0SYSTEM\CurrentControlSet\Control\ProductOptionsProductTypeWINNT WorkstationLANMANNT ServerSERVERNT Advanced Server .Service Pack 6SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009Service Pack 6a (Build ) (Build ) (Build ) Microsoft Windows 95 OSR2 Microsoft Windows 98 SE Microsoft Windows Millennium EditionMicrosoft Win32sBytesKBMBGB0.00 _%03dSeShutdownPrivilege deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly D
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Enterprise without Hyper-V (core installation)
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Standard without Hyper-V (core installation)
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: 4lrkernel32.dllGetProductInfoBusinessBusiness NHPC EditionServer Datacenter (full installation)Server Datacenter (core installation)Server Datacenter without Hyper-V (core installation)Server Datacenter without Hyper-V (full installation)EnterpriseEnterprise NServer Enterprise (full installation)Server Enterprise (core installation)Server Enterprise without Hyper-V (core installation)Server Enterprise for Itanium-based SystemsServer Enterprise without Hyper-V (full installation)Home BasicHome Basic NHome PremiumHome Premium NMicrosoft Hyper-V ServerWindows Essential Business Server Management ServerWindows Essential Business Server Messaging ServerWindows Essential Business Server Security ServerWindows Server 2008 for Windows Essential Server SolutionsWindows Server 2008 without Hyper-V for Windows Essential Server SolutionsWindows Small Business ServerServer Standard (full installation)Server Standard (core installation)Server Standard without Hyper-V (core installation)Server Standard without Hyper-V (full installation)StarterStorage Server EnterpriseStorage Server ExpressStorage Server StandardStorage Server WorkgroupUltimateUltimate NWeb Server (full installation)Web Server (core installation)Microsoft Windows 7Microsoft Windows VistaWindows Server "Longhorn"kernel32.dllGetNativeSystemInfoMicrosoft Windows Server 2003 "R2"Microsoft Windows XP Professional x64 EditionMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows NTMajorVersion: MinorVersion: Workstation 4.0 Home Edition Professional Datacenter Edition for Itanium-based Systems Enterprise Edition for Itanium-based Systems Datacenter x64 Edition Enterprise x64 EditionStandard x64 Edition Datacenter Edition Enterprise Edition Web Edition Standard Edition Datacenter Server Advanced Server Server Server 4.0, Enterprise Edition Server 4.0SYSTEM\CurrentControlSet\Control\ProductOptionsProductTypeWINNT WorkstationLANMANNT ServerSERVERNT Advanced Server .Service Pack 6SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009Service Pack 6a (Build ) (Build ) (Build ) Microsoft Windows 95 OSR2 Microsoft Windows 98 SE Microsoft Windows Millennium EditionMicrosoft Win32sBytesKBMBGB0.00 _%03dSeShutdownPrivilege
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Datacenter without Hyper-V (core installation)
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Windows Server 2008 without Hyper-V for Windows Essential Server Solutions
Source: AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	Binary or memory string: Server Standard without Hyper-V (full installation)

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

1_2_0044AD34

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_00471D70 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,

1_2_00471D70

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredist.msi"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register	Jump to behavior
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe	Process created: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_0045A0E8 GetVersion,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,AllocateAndInitializeSid,GetLastError,LocalFree,

1_2_0045A0E8

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: GetLocaleInfoA,	0_2_0040515C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	Code function: GetLocaleInfoA,	0_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: GetLocaleInfoA,	1_2_00408508
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Code function: GetLocaleInfoA,	1_2_00408554
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: GetLocaleInfoA,	9_2_0040515C
Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe	Code function: GetLocaleInfoA,	9_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: GetLocaleInfoA,	10_2_00408508
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Code function: GetLocaleInfoA,	10_2_00408554
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: GetLocaleInfoA,	12_2_0040515C
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe	Code function: GetLocaleInfoA,	12_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: GetLocaleInfoA,	14_2_00408508
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Code function: GetLocaleInfoA,	14_2_00408554
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: GetLocaleInfoA,	15_2_0040515C
Source: C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe	Code function: GetLocaleInfoA,	15_2_004051A8
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: GetLocaleInfoA,	16_2_00408508
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Code function: GetLocaleInfoA,	16_2_00408554

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_004566B8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,

1_2_004566B8

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Code function: 0_2_004026C4 GetSystemTime,

0_2_004026C4

Source: C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Code function: 1_2_00453AB0 GetUserNameA,

1_2_00453AB0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Code function: 0_2_00405C44 GetVersionExA,

0_2_00405C44

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	2 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Deobfuscate/Decode Files or Information	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	2 Obfuscated Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Access Token Manipulation	1 Software Packing	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	12 Process Injection	1 DLL Side-Loading	NTDS	3 File and Directory Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Registry Run Keys / Startup Folder	1 File Deletion	LSA Secrets	36 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	22 Masquerading	Cached Domain Credentials	1 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Access Token Manipulation	DCSync	11 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Process Injection	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Regsvr32	/etc/passwd and /etc/shadow	3 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe	4%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe (copy)	7%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-H0AS6.tmp	5%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-VRG54.tmp	7%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe (copy)	5%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe (copy)	7%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateOptions.exe (copy)	7%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\Updater.exe (copy)	3%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-1O3D5.tmp	7%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp	3%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-DS07H.tmp	7%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-PEHBR.tmp	5%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe (copy)	5%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe (copy)	7%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe (copy)	3%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-7IQCS.tmp	0%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-H552E.tmp	3%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-U55IL.tmp	7%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\unins000.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\Registration.exe (copy)	7%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\Uninstall.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\is-G618K.tmp	7%	ReversingLabs
C:\Program Files (x86)\AVS4YOU\is-JBP6O.tmp	2%	ReversingLabs
C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\Repairing.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BAU28.tmp	0%	ReversingLabs
C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp	2%	ReversingLabs
C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe (copy)	2%	ReversingLabs
C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-62FLE.tmp	4%	ReversingLabs
C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-74BKC.tmp	2%	ReversingLabs
C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-HAFFP.tmp	2%	ReversingLabs
C:\Program Files (x86)\Common Files\AVSMedia\Registration\unins000.exe (copy)	4%	ReversingLabs
C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_RegDLL.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_shfoldr.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_RegDLL.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_shfoldr.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_RegDLL.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_shfoldr.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_RegDLL.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_shfoldr.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp	4%	ReversingLabs
C:\Windows\Installer\MSI146C.tmp	0%	ReversingLabs
C:\Windows\SysWOW64\is-45HP1.tmp	0%	ReversingLabs
C:\Windows\SysWOW64\is-59604.tmp	0%	ReversingLabs
C:\Windows\SysWOW64\is-AOVL1.tmp	0%	ReversingLabs
C:\Windows\SysWOW64\is-QQFVQ.tmp	0%	ReversingLabs
C:\Windows\SysWOW64\msvcp70.dll (copy)	0%	ReversingLabs
C:\Windows\SysWOW64\msvcr70.dll (copy)	0%	ReversingLabs
C:\Windows\SysWOW64\msvcr71.dll (copy)	0%	ReversingLabs
C:\Windows\SysWOW64\msxml3a.dll (copy)	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://www.avs4you.com/downloads/AVSAudioMix.exea	0%	Avira URL Cloud	safe
http://www.avs4you.com	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Audio-Grabber.aspx	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Image-Converter.aspxa	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSDVDAuthoring.exeI	0%	Avira URL Cloud	safe
http://www.innosetup.com/	0%	URL Reputation	safe
http://www.avs4you.com/downloads/AVSAudioGrabber.exeq	0%	Avira URL Cloud	safe
https://www.avs4you.com/4a429f41750768c4912c7a69233f153b0200c016-b04f582e48009a30a2ad.js	0%	Avira URL Cloud	safe
http://ispp.sourceforge.net/4%	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSAudioGrabber.exey	0%	Avira URL Cloud	safe
http://avs4you.comdefresitavs4you.comavs4you.com/My	0%	Avira URL Cloud	safe
http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registern.	0%	Avira URL Cloud	safe
http://www.avs4you.com/Downloads/AVSMediaPlayer.exe?utm_medium=Navigator&utm_source=Navigator&utm_co	0%	Avira URL Cloud	safe
http://www.avs4you.com/Downloads/AVSVideoConverter.exe?utm_medium=Navigator&utm_source=Navigator&utm	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Audio-Editor.aspxa	0%	Avira URL Cloud	safe
http://www.avs4you.com/Register.aspx	0%	Avira URL Cloud	safe
http://www.avs4you.com/Downloads/AVSAudioRecorder.exe?utm_medium=Navigator&utm_source=Navigator&utm_	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Archiver.aspx	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/update/UpdateList.x	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSMediaPlayer.exea	0%	Avira URL Cloud	safe
http://ispp.sourceforge.net/Acerca	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSMediaPlayer.exe	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSVideoConverter6.exe	0%	Avira URL Cloud	safe
https://store.avs4you.com/order/checkout.php?PRODS=604110&QTY=1&CART=1&CARD=2&SHORT_FORM=1&CURRENCY=	0%	Avira URL Cloud	safe
https://developers.google.com/analytics/resources/concepts/gaConceptsTrackingOverview	0%	Avira URL Cloud	safe
http://avsdop.com/AVSWebService/AVSRequest	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSAudioGrabber.exe	0%	Avira URL Cloud	safe
http://www.avs4you.com/Register.aspt	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-TV-Box.aspx	0%	Avira URL Cloud	safe
https://www.onlyoffice.com/download-desktop.aspx?utm_source=email&utm_medium=email&utm_campaign=avs-	0%	Avira URL Cloud	safe
https://www.avs4you.com/component---src-pages-index-js-61c1fcfe70144a5f0bfa.js	0%	Avira URL Cloud	safe
http://www.avs4you.com/support/index.aspx	0%	Avira URL Cloud	safe
https://www.avs4you.com/static/korea-flag-79791aa1b82ec319446a28648f789d47.svg	0%	Avira URL Cloud	safe
http://www.avsdop.com/avswebservice/service.asmxAVS4YOU	0%	Avira URL Cloud	safe
http://www.avsmedia.com/	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Slideshow-Maker.aspxa	0%	Avira URL Cloud	safe
http://www.avs4you.com/Encrypted-DVD.aspxy	0%	Avira URL Cloud	safe
http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Suppor	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/update/UpdateList.xmlUpdateList.xmlUpdateList.xmlUpdateList.xmlAVS.	0%	Avira URL Cloud	safe
https://www.avs4you.com/ed7f220203bc9be09c14ffd0c19f9a1d0b534e3f-82d027f8e710db6311dc.js	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSPhotoEditor.exea	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/update/UpdateList.xml0t	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSDiscCreator.exe	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/update/UpdateList.xml	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Media-Player.aspx	0%	Avira URL Cloud	safe
http://www.avs4you.com/fr/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Video-Editor4.aspx	0%	Avira URL Cloud	safe
https://www.avs4you.com/styles-e9d24b1846c7d6eb9685.js	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSDVDAuthoring.exeA	0%	Avira URL Cloud	safe
http://www.avs4you.com2	0%	Avira URL Cloud	safe
http://www.avs4you.com/	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSVideoRemaker.exe	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Audio-Recorder.aspx	0%	Avira URL Cloud	safe
http://ispp.sourceforge.net/x(	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSSystemCleaner.exe	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Photo-Editor.aspx	0%	Avira URL Cloud	safe
http://www.borland.com/namespaces/Typesgdiplum	0%	Avira URL Cloud	safe
http://www.avsdop.com/avswebservice/service.asmxAVS4YOUSoftwareNavigatorTSoftwareNavigatorMainFormAV	0%	Avira URL Cloud	safe
http://www.avs4you.com#http://www.avs4you.com/support.aspx6http://www.avs4you.com/SoftwareNavigator/	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSVideotoGo.exea	0%	Avira URL Cloud	safe
http://www.avsdop.com/avswebservice/service.asmx	0%	Avira URL Cloud	safe
http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerhttp://www.avs4you.com	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Ringtone-Maker.aspxa	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSMobileUploader.exeY	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Audio-Mix.aspx	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSAudioEditor.exea	0%	Avira URL Cloud	safe
https://www.avs4you.com/framework-4cf5ecd37f9363b1291b.js	0%	Avira URL Cloud	safe
http://www.avs4you.com/fr/Register.aspxx	0%	Avira URL Cloud	safe
http://www.avs4you.com/SoftwareNavigator/Download.aspx~	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSMobileUploader.exeI	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Audio-Converter.aspx	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Audio-Editor.aspx	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-System-Cleaner.aspx	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSMobileUploader.exeQ	0%	Avira URL Cloud	safe
https://www.avs4you.com/register.aspx	0%	Avira URL Cloud	safe
http://youtube.com/signup	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Video-Editor4.aspxa	0%	Avira URL Cloud	safe
https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-2015714ead7ef389f4c17a73331ce8c0.js	0%	Avira URL Cloud	safe
https://www.avs4you.com/component---src-pages-register-aspx-js-6f46d8866c51b1dcd83a.js	0%	Avira URL Cloud	safe
http://www.avs4you.com/Downloads/AVSDiscCreator.exe?utm_medium=Navigator&utm_source=Navigator&utm_co	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Video-to-Flash.aspx	0%	Avira URL Cloud	safe
http://www.avs4you.com/de/Register.aspxx	0%	Avira URL Cloud	safe
http://ispp.sourceforge.net/	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Mobile-Uploader.aspxa	0%	Avira URL Cloud	safe
http://www.avs4you.com:	0%	Avira URL Cloud	safe
https://dev.visualwebsiteoptimizer.com/7.0/track-02675bafc3b15c3fe9607f49f9c72a3c.js	0%	Avira URL Cloud	safe
https://www.avs4you.com/page-data/app-data.json	0%	Avira URL Cloud	safe
http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registercoll	0%	Avira URL Cloud	safe
http://www.borland.com/namespaces/Typesc0da53f	0%	Avira URL Cloud	safe
http://www.avs4you.com/Downloads/AVSAudioEditor.exe?utm_medium=Navigator&utm_source=Navigator&utm_co	0%	Avira URL Cloud	safe
http://www.avs4you.com/AVS-Video-to-Flash.aspxa	0%	Avira URL Cloud	safe
http://ispp.sourceforge.net/Informazioni	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSYouTubeUploader.exe1	0%	Avira URL Cloud	safe
https://www.avs4you.com/app-ec6a9b7fc501dcfa2bce.js	0%	Avira URL Cloud	safe
http://www.avs4you.com/Downloads/AVSSystemInfo.exe?utm_medium=Navigator&utm_source=Navigator&utm_con	0%	Avira URL Cloud	safe
http://www.borland.com/namespaces/Typesc0da53k	0%	Avira URL Cloud	safe
http://www.avs4you.com/Downloads/AVSFirewall.exe?utm_medium=Navigator&utm_source=Navigator&utm_conte	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/soap/encoding/4)	0%	Avira URL Cloud	safe
http://www.avs4you.com/downloads/AVSCoverEditor.exe	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dev.visualwebsiteoptimizer.com	34.96.102.137	true	false	unknown
sab84n7.x.incapdns.net	45.60.14.94	true	false	unknown
www.google.com	216.58.206.68	true	false	unknown
analytics.google.com	172.217.23.110	true	false	unknown
td.doubleclick.net	142.250.186.66	true	false	unknown
s-part-0039.t-0009.fb-t-msedge.net	13.107.253.67	true	false	unknown
mdig4.x.incapdns.net	45.60.14.94	true	false	unknown
www.avs4you.com	18.244.140.117	true	false	unknown
stats.g.doubleclick.net	74.125.206.156	true	false	unknown
secure.avangate.com	unknown	unknown	false	unknown
s.clarity.ms	unknown	unknown	false	unknown
15.164.165.52.in-addr.arpa	unknown	unknown	false	unknown
www.clarity.ms	unknown	unknown	false	unknown
secure.2checkout.com	unknown	unknown	false	unknown
c.clarity.ms	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.avs4you.com/4a429f41750768c4912c7a69233f153b0200c016-b04f582e48009a30a2ad.js	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/component---src-pages-index-js-61c1fcfe70144a5f0bfa.js	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/static/korea-flag-79791aa1b82ec319446a28648f789d47.svg	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/ed7f220203bc9be09c14ffd0c19f9a1d0b534e3f-82d027f8e710db6311dc.js	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/styles-e9d24b1846c7d6eb9685.js	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/framework-4cf5ecd37f9363b1291b.js	false	Avira URL Cloud: safe	unknown
https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-2015714ead7ef389f4c17a73331ce8c0.js	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/component---src-pages-register-aspx-js-6f46d8866c51b1dcd83a.js	false	Avira URL Cloud: safe	unknown
https://dev.visualwebsiteoptimizer.com/7.0/track-02675bafc3b15c3fe9607f49f9c72a3c.js	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/page-data/app-data.json	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/app-ec6a9b7fc501dcfa2bce.js	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.avs4you.com/downloads/AVSAudioGrabber.exeq	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com	Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167346208.0000000000618000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166481192.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166856160.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000002.2168076276.0000000000619000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSAudioMix.exea	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Audio-Grabber.aspx	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://ispp.sourceforge.net/4%	Registration.tmp, 0000000A.00000003.2171560764.000000000218C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223269311.0000000000401000.00000020.00000001.01000000.00000010.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Image-Converter.aspxa	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSDVDAuthoring.exeI	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSAudioGrabber.exey	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Downloads/AVSMediaPlayer.exe?utm_medium=Navigator&utm_source=Navigator&utm_co	AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Downloads/AVSVideoConverter.exe?utm_medium=Navigator&utm_source=Navigator&utm	AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://avs4you.comdefresitavs4you.comavs4you.com/My	AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Audio-Editor.aspxa	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Downloads/AVSAudioRecorder.exe?utm_medium=Navigator&utm_source=Navigator&utm_	AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registern.	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Archiver.aspx	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000005259000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp, AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Register.aspx	Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/update/UpdateList.x	AVSUpdateManager.tmp, 00000010.00000003.2166716303.000000000215C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSMediaPlayer.exea	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ispp.sourceforge.net/Acerca	Registration.exe, 00000009.00000003.2185938608.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171531135.0000000002180000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140037805.0000000002098000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140150875.000000000209C000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136976122.0000000002214000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168784667.0000000001F8C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168713723.0000000001F84000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSMediaPlayer.exe	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSVideoConverter6.exe	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
https://store.avs4you.com/order/checkout.php?PRODS=604110&QTY=1&CART=1&CARD=2&SHORT_FORM=1&CURRENCY=	chromecache_249.21.dr	false	Avira URL Cloud: safe	unknown
http://avsdop.com/AVSWebService/AVSRequest	AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000CB2000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://developers.google.com/analytics/resources/concepts/gaConceptsTrackingOverview	chromecache_249.21.dr	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Register.aspt	Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSAudioGrabber.exe	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-TV-Box.aspx	AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
https://www.onlyoffice.com/download-desktop.aspx?utm_source=email&utm_medium=email&utm_campaign=avs-	chromecache_249.21.dr	false	Avira URL Cloud: safe	unknown
http://www.avsdop.com/avswebservice/service.asmxAVS4YOU	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/support/index.aspx	Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167346208.0000000000618000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166481192.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166856160.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000002.2168076276.0000000000619000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avsmedia.com/	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2233071754.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654816964.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.1654724224.0000000002310000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2233312922.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe, 00000000.00000003.2232960458.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656992885.0000000002138000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228842588.0000000002158000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Slideshow-Maker.aspxa	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Encrypted-DVD.aspxy	AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://reg.avs4you.com/support.aspx?utm_medium=Navigator&utm_source=Navigator&utm_content=Suppor	AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136924245.000000000224C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSDiscCreator.exe	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSPhotoEditor.exea	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/update/UpdateList.xmlUpdateList.xmlUpdateList.xmlUpdateList.xmlAVS.	AVSUpdateManager.tmp, 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/update/UpdateList.xml0t	AVSUpdateManager.tmp, 00000010.00000003.2167346208.0000000000618000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166481192.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2166856160.0000000000610000.00000004.00000020.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000002.2168076276.0000000000619000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/update/UpdateList.xml	AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Media-Player.aspx	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/fr/Register.aspx?utm_medium=Register&utm_source=72&utm_content=Register	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Video-Editor4.aspx	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSDVDAuthoring.exeA	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.1656859821.0000000003150000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229337585.00000000021A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228485279.0000000002195000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152405912.0000000002230000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156539992.0000000003220000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.innosetup.com/	AVSUpdateManager.tmp, AVSUpdateManager.tmp, 00000010.00000000.2155537547.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, is-7IQCS.tmp.1.dr	false	URL Reputation: safe	unknown
http://www.avs4you.com/downloads/AVSVideoRemaker.exe	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com2	AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140434514.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2138104897.0000000002204000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ispp.sourceforge.net/x(	Registration.exe, 00000009.00000003.2186006945.00000000020B4000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Audio-Recorder.aspx	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSSystemCleaner.exe	Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avsdop.com/avswebservice/service.asmxAVS4YOUSoftwareNavigatorTSoftwareNavigatorMainFormAV	AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Photo-Editor.aspx	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSVideotoGo.exea	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.borland.com/namespaces/Typesgdiplum	AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com#http://www.avs4you.com/support.aspx6http://www.avs4you.com/SoftwareNavigator/	AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avsdop.com/avswebservice/service.asmx	AVSYouTubeUploader.exe, 00000012.00000002.2924431713.0000000000C8E000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registerhttp://www.avs4you.com	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2229435648.000000000057C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230192487.000000000057F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSMobileUploader.exeY	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Ringtone-Maker.aspxa	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Audio-Mix.aspx	AVSUpdateManager.exe, 00000016.00000002.2277179168.0000000002650000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSAudioEditor.exea	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/fr/Register.aspxx	Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/SoftwareNavigator/Download.aspx~	AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2137136716.0000000000589000.00000004.00000020.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000002.2138970959.0000000000589000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSMobileUploader.exeI	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Audio-Converter.aspx	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Audio-Editor.aspx	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-System-Cleaner.aspx	Registration.tmp, 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2135768579.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.avs4you.com/register.aspx	chromecache_249.21.dr	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSMobileUploader.exeQ	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://youtube.com/signup	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, AVSYouTubeUploader.exe, 00000012.00000000.2223593964.00000000006E1000.00000008.00000001.01000000.00000010.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Video-Editor4.aspxa	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Downloads/AVSDiscCreator.exe?utm_medium=Navigator&utm_source=Navigator&utm_co	AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Video-to-Flash.aspx	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://ispp.sourceforge.net/	Registration.exe, 00000009.00000003.2185938608.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185973886.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172021158.00000000021A0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171545162.000000000217C000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171531135.0000000002180000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172412820.00000000021A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171343419.000000000219C000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171511857.0000000002184000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171193252.0000000002198000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/de/Register.aspxx	Registration.tmp, 0000000A.00000003.2171492797.0000000002188000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com:	Registration.exe, 00000009.00000003.2186091725.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2172293030.0000000002170000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168894170.0000000001F80000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2152547120.0000000001F81000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2156620209.0000000002147000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.tmp, 00000010.00000003.2167119299.0000000002144000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Mobile-Uploader.aspxa	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Registercoll	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000003.2228684579.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp, 00000001.00000002.2230862400.00000000005FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Downloads/AVSSystemInfo.exe?utm_medium=Navigator&utm_source=Navigator&utm_con	AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Downloads/AVSAudioEditor.exe?utm_medium=Navigator&utm_source=Navigator&utm_co	AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ispp.sourceforge.net/Informazioni	Registration.exe, 00000009.00000003.2185938608.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099063698.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185906416.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185973886.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2099148068.00000000020A1000.00000004.00001000.00020000.00000000.sdmp, Registration.exe, 00000009.00000003.2185861860.00000000020A4000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101862174.0000000002177000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2169885530.0000000002170000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2101782000.00000000030E0000.00000004.00001000.00020000.00000000.sdmp, Registration.tmp, 0000000A.00000003.2171511857.0000000002184000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2139947700.0000000002094000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2125027443.0000000002091000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140037805.0000000002098000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140281048.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2124922126.0000000002300000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.exe, 0000000C.00000003.2140150875.000000000209C000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126664498.0000000003120000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2136976122.0000000002214000.00000004.00001000.00020000.00000000.sdmp, AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168784667.0000000001F8C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 0000000F.00000003.2168820099.0000000001F90000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.borland.com/namespaces/Typesc0da53f	AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/AVS-Video-to-Flash.aspxa	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSYouTubeUploader.exe1	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000269A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.borland.com/namespaces/Typesc0da53k	AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/4)	AVSYouTubeUploader.exe, 00000012.00000002.2923754496.000000000091E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/Downloads/AVSFirewall.exe?utm_medium=Navigator&utm_source=Navigator&utm_conte	AVS4YOUSoftwareNavigator.tmp, 0000000E.00000003.2126747075.0000000002207000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.avs4you.com/downloads/AVSCoverEditor.exe	AVSUpdateManager.exe, 00000016.00000002.2277179168.000000000262C000.00000004.00001000.00020000.00000000.sdmp, AVSUpdateManager.exe, 00000016.00000000.2273900128.00000000006EB000.00000008.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.96.102.137	dev.visualwebsiteoptimizer.com	United States	15169	GOOGLEUS	false
13.107.253.67	s-part-0039.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
74.125.206.156	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
172.217.23.110	analytics.google.com	United States	15169	GOOGLEUS	false
18.244.140.117	www.avs4you.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
45.60.14.94	sab84n7.x.incapdns.net	United States	19551	INCAPSULAUS	false
142.250.186.66	td.doubleclick.net	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1447253
Start date and time:	2024-05-24 17:37:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe
Detection:	CLEAN
Classification:	clean9.winEXE@44/266@12/10
EGA Information:	Successful, ratio: 88.9%
HCA Information:	Successful, ratio: 96% Number of executed functions: 300 Number of non-executed functions: 219
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.16.100.168, 192.229.221.95, 108.177.15.84, 142.250.185.238, 142.250.185.99, 34.104.35.123, 142.250.186.170, 142.250.185.163, 184.28.90.27, 142.250.185.72, 13.107.21.237, 204.79.197.237, 23.96.124.68, 68.219.88.97, 142.250.186.35
Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, bat-bing-com.dual-a-0034.a-msedge.net, slscr.update.microsoft.com, c-msn-com-nsatc.trafficmanager.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, ocsp.digicert.com, www.googletagmanager.com, e16604.g.akamaiedge.net, bat.bing.com, update.googleapis.com, azurefd-t-prod.trafficmanager.net, prod.fs.microsoft.com.akadns.net, clarity-ingest-eus-c-sc.eastus.cloudapp.azure.com, www.google-analytics.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, c-bing-com.dual-a-0034.a-msedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, c.bing.com, dual-a-0034.a-msedge.net, clients.l.google.com
Execution Graph export aborted for target regsvr32.exe, PID 6484 because there are no executed function
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	http://twomancake.com	Get hash	malicious	Unknown	Browse
	https://proviaproducts-my.sharepoint.com/:b:/g/personal/bob_rossi_provia_com/EadoUKaCx_pLpRRZlPhQBbkBX2-aayjJ2XxHM4MjJFfXkA?e=7rg6fP	Get hash	malicious	Unknown	Browse
	http://003999.cc	Get hash	malicious	Unknown	Browse
	Invoice for 23-05-24 halboutevents.com-infected.html	Get hash	malicious	HTMLPhisher	Browse
	Quarantined Messages(1).zip	Get hash	malicious	HTMLPhisher	Browse
	https://moeteduvn-my.sharepoint.com/:w:/g/personal/nguyenhahuy_c1lvt_cs_gli_moet_edu_vn/Eb-PuOtdulxDkYlCZ4Orx5ABV5FknA5lnxLyyA6cwoboLQ?e=4%3aO0T4BT&at=9	Get hash	malicious	HTMLPhisher	Browse
	http://transfers.invoicenotices.com/s7tajdezj0ercqjzx20bd/1c6914/0b4c5963-d447-4bd0-b4e1-aa7a1bc55298	Get hash	malicious	Unknown	Browse
	https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-96811D97D405&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-2264-447f-bc39-96811D97D4c0&cs=825ad42b-2c78-40c6-8587-3b0541fc1564&cm_type=link&cm_link=0da11854-d710-40c4-8250-bcd92bcc7ee9&cm_destination=//neoparts%E3%80%82com.br/dayo/nayn/d3BvcHJhd2FAZXhldGVyZmluYW5jZS5jb20=$	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse
	https://docusign.cloud-drive.services/l/a5a5d8dbdc5a94b7e8b576d2f3acaa79e	Get hash	malicious	Unknown	Browse
	https://odisia-broker06.sunnystamp.com/odisia-broker/web/sign?tenantId=401&stepToken=56ec14b036496480e516fd5d9e5c4d0e	Get hash	malicious	Unknown	Browse
45.60.14.94	https://filezilla-project.org/download.php?type=client	Get hash	malicious	Unknown	Browse
45.60.14.94	https://secure.2checkout.com/affiliate.php?ACCOUNT=LANTECHS&AFFILIATE=120043&PATH=https%3A%2F%2Fiw2zxo.codesandbox.io/?x.o=Y2xpZmYuY2FsaG91bkBzd2dhcy5jb20=	Get hash	malicious	Unknown	Browse
13.107.253.67	https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse
	http://rest.cdntoswitchspirit.com	Get hash	malicious	Unknown	Browse
	https://myworkspacea6b75.myclickfunnels.com/onlinereview--31c6e?preview=true	Get hash	malicious	HTMLPhisher	Browse
	http://protectecloudprivatedocu.co/	Get hash	malicious	HTMLPhisher	Browse
	Invoice.html	Get hash	malicious	HTMLPhisher	Browse
	767968.html	Get hash	malicious	HTMLPhisher	Browse
	#INV0903294.html	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0039.t-0009.fb-t-msedge.net	https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	13.107.253.67
sab84n7.x.incapdns.net	https://secure.2checkout.com/affiliate.php?ACCOUNT=LANTECHS&AFFILIATE=120043&PATH=https%3A%2F%2Fiw2zxo.codesandbox.io/?x.o=Y2xpZmYuY2FsaG91bkBzd2dhcy5jb20=	Get hash	malicious	Unknown	Browse	45.60.14.94
mdig4.x.incapdns.net	http://yg5sjx5kzy.com	Get hash	malicious	Unknown	Browse	45.60.12.94
	http://yg5sjx5kzy.com	Get hash	malicious	Unknown	Browse	45.60.12.94
	http://yg5sjx5kzy.com	Get hash	malicious	Unknown	Browse	45.60.12.94
	http://yd6n63ptky.com	Get hash	malicious	Unknown	Browse	45.60.12.94
	https://secure.2checkout.com/affiliate.php?ACCOUNT=LANTECHS&AFFILIATE=120043&PATH=https%3A%2F%2Fiw2zxo.codesandbox.io/?x.o=Y2xpZmYuY2FsaG91bkBzd2dhcy5jb20=	Get hash	malicious	Unknown	Browse	45.60.14.94

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	Quarantined Messages(1).zip	Get hash	malicious	HTMLPhisher	Browse	18.153.4.44
	http://transfers.invoicenotices.com/s7tajdezj0ercqjzx20bd/1c6914/0b4c5963-d447-4bd0-b4e1-aa7a1bc55298	Get hash	malicious	Unknown	Browse	18.238.243.51
	SecuriteInfo.com.Win64.DropperX-gen.29167.15583.exe	Get hash	malicious	PureLog Stealer	Browse	108.156.60.9
	A13Zu2Plc8.elf	Get hash	malicious	Muhstik, Tsunami	Browse	54.171.230.55
	5BV1oDzv8L.elf	Get hash	malicious	Muhstik, Tsunami	Browse	54.171.230.55
	https://www.brownfieldagnews.com/news/	Get hash	malicious	Unknown	Browse	18.245.187.120
	SecuriteInfo.com.Variant.Fragtor.530694.3243.19280.exe	Get hash	malicious	Unknown	Browse	18.239.18.45
	https://velocity-fun-2217.my.salesforce.com/sfc/p/QH000002usKl/a/QH0000002nEL/LTOT56SDzrUp.yFyeUs.72X20B9VMYmnaeC6PCTUZvs	Get hash	malicious	HTMLPhisher	Browse	3.9.187.230
	SecuriteInfo.com.Variant.Fragtor.530694.3243.19280.exe	Get hash	malicious	Unknown	Browse	18.239.18.125
	LHER0006981753.xls	Get hash	malicious	Remcos	Browse	54.241.153.192
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://proviaproducts-my.sharepoint.com/:b:/g/personal/bob_rossi_provia_com/EadoUKaCx_pLpRRZlPhQBbkBX2-aayjJ2XxHM4MjJFfXkA?e=7rg6fP	Get hash	malicious	Unknown	Browse	13.107.136.10
	Invoice for 23-05-24 halboutevents.com-infected.html	Get hash	malicious	HTMLPhisher	Browse	13.107.226.45
	Quarantined Messages(1).zip	Get hash	malicious	HTMLPhisher	Browse	52.113.194.132
	https://moeteduvn-my.sharepoint.com/:w:/g/personal/nguyenhahuy_c1lvt_cs_gli_moet_edu_vn/Eb-PuOtdulxDkYlCZ4Orx5ABV5FknA5lnxLyyA6cwoboLQ?e=4%3aO0T4BT&at=9	Get hash	malicious	HTMLPhisher	Browse	52.105.223.39
	SecuriteInfo.com.Win64.DropperX-gen.29167.15583.exe	Get hash	malicious	PureLog Stealer	Browse	20.42.65.92
	https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-96811D97D405&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-2264-447f-bc39-96811D97D4c0&cs=825ad42b-2c78-40c6-8587-3b0541fc1564&cm_type=link&cm_link=0da11854-d710-40c4-8250-bcd92bcc7ee9&cm_destination=//neoparts%E3%80%82com.br/dayo/nayn/d3BvcHJhd2FAZXhldGVyZmluYW5jZS5jb20=$	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse	13.107.213.67
	debugbreak.exe	Get hash	malicious	Unknown	Browse	204.79.197.203
	Updated-IT1_Individual_Resident_Return_XLS-18.0.9-2024.xls.xls	Get hash	malicious	Unknown	Browse	13.107.246.45
	IT1_Individual_Resident_Return_XLS.zip	Get hash	malicious	Unknown	Browse	13.107.246.42
	https://rb.gy/jvrhq5	Get hash	malicious	Unknown	Browse	52.105.150.27
INCAPSULAUS	https://link.tmr04.com/c?q=lbDkjvuqh3Lwv34SJZrn7LGF2gBHaHR0cHM6Ly9zdGFnZWRlc2Vjb25kZS4xamV1bmUxc29sdXRpb24uZ291di5mci91dGlsaXNhdGV1cnMvaW5zY3JpcHRpb26sYlV-PpkyI6Ebn0wKrGZMssHksLM9fAVfHK5saW5rLnRtcjA0LmNvbQ	Get hash	malicious	Unknown	Browse	45.60.14.53
	https://catalyze90806.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZyZXByb2R1Y3RpdmVyaWdodHMub3JnJTNGdXRtX3NvdXJjZSUzREFjdGl2ZUNhbXBhaWduJTI2dXRtX21lZGl1bSUzRGVtYWlsJTI2dXRtX2NvbnRlbnQlM0RDUFIlMjUyMFdlZWtseSUyNTIwJTI1N0MlMjUyMEElMjUyME5vdGUlMjUyMG9mJTI1MjBUaGFua3MlMjUyMCUyNTdDJTI1MjBDUFIlMjUyMHMlMjUyMDIwMjQlMjUyMFJlbmV3YWwlMjUyMFF1ZXN0aW9ubmFpcmUlMjUyMCUyNTdDJTI1MjBTVEFUJTI1MjBOZXdzJTI2dXRtX2NhbXBhaWduJTNETWF5JTI1MjAyMSUyNTJDJTI1MjAyMDI0&sig=8QjNpLNyeiWed3i5LHwbU8Sve8zYMiQmJWb4x23ZNHq6&iat=1716307405&a=%7C%7C801158311%7C%7C&account=catalyze90806%2Eactivehosted%2Ecom&email=XifKVOn5CFsxVzpGPuUK46wIBg4%2BAkF6%2B4f9Wt1VR1SqrpANbZEW%3AnKYOkAKtiOWWsk12uF5BaITXZG1WJDVF&s=e1be8953acd7a02efbc563950e5c3f2c&i=241A410A2A2724	Get hash	malicious	Unknown	Browse	45.60.33.183
	http://selliliar.live	Get hash	malicious	Unknown	Browse	45.223.101.177
	http://adlvanced-ip-scanner.com	Get hash	malicious	Unknown	Browse	45.60.13.212
	https://us-west-2.protection.sophos.com/?d=mysonicwall.com&u=aHR0cHM6Ly93d3cubXlzb25pY3dhbGwuY29tL211aXIvc2lnbnVwP1JDPTNDOTgwMEE1OUU2OSZVUz1jamV0ZXJAY3Rtc2l0LmNvbQ==&p=m&i=NjVjNTQ0OGE0ZWZhMmU3ZjY4MzI4ZTU2&t=SFUwR0NlSXRKZVZMUUFEaWp5dTdjdUdwWHYwZm5BZVB2UmNNdmdialNpbz0=&h=fba59a429ecb4f2ea2076b36129a0fb1&s=AVNPUEhUT0NFTkNSWVBUSVZZ0srcypNJqY5kWfSDMzmnOmurwdxKuSrNWgyeZpyPtgRN3S8oIxKTgZECcAxgJ-yIb9jJOu-W-WGkMgVKjvs8	Get hash	malicious	Unknown	Browse	107.154.76.50
	https://www.hr-platform.co.uk/app/confirmation-and-selection	Get hash	malicious	Unknown	Browse	45.60.152.102
	https://www.hr-platform.co.uk/view/default/app/js/pages/confirmation-and-selection.js	Get hash	malicious	Unknown	Browse	45.60.152.102
	Document.exe	Get hash	malicious	MyDoom	Browse	45.60.132.119
	http://www.woodridge68.org/	Get hash	malicious	Unknown	Browse	45.60.12.165
	https://vk.com/away.php?to=https://www.sigtn.com////////utils/emt.cfm?client_id=9195153%26campaign_id=73466%26link=neoparts.com.br%25E3%2580%2582/dayo/oe51/amdvbEBib3JsYW5kZ3Jvb3Zlci5jb20=$	Get hash	malicious	Unknown	Browse	45.60.63.178

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	http://transfers.invoicenotices.com/s7tajdezj0ercqjzx20bd/1c6914/0b4c5963-d447-4bd0-b4e1-aa7a1bc55298	Get hash	malicious	Unknown	Browse	173.222.162.32
	https://odisia-broker06.sunnystamp.com/odisia-broker/web/sign?tenantId=401&stepToken=56ec14b036496480e516fd5d9e5c4d0e	Get hash	malicious	Unknown	Browse	173.222.162.32
	debugbreak.exe	Get hash	malicious	Unknown	Browse	173.222.162.32
	https://url.au.m.mimecastprotect.com/s/uuv2CgZowrsOpyOOc26VTV?domain=in.xero.com	Get hash	malicious	Unknown	Browse	173.222.162.32
	http://17d365.com/	Get hash	malicious	Unknown	Browse	173.222.162.32
	http://little-hat-6768.authe.workers.dev/assets/js/	Get hash	malicious	Unknown	Browse	173.222.162.32
	https://trezorisuite.us/	Get hash	malicious	Unknown	Browse	173.222.162.32
	https://article.badgercrypto.org/	Get hash	malicious	Unknown	Browse	173.222.162.32
	http://amht38eh3e3f98ox0ld1rc4h3fjcowz98ldjp5hek8.pages.dev/	Get hash	malicious	Unknown	Browse	173.222.162.32
	https://new.aj848310310.workers.dev/	Get hash	malicious	Unknown	Browse	173.222.162.32
28a2c9bd18a11de089ef85a160da29e4	http://twomancake.com	Get hash	malicious	Unknown	Browse	40.127.169.103 52.165.164.15 173.222.162.32 20.114.59.183
	http://003999.cc	Get hash	malicious	Unknown	Browse	40.127.169.103 52.165.164.15 173.222.162.32 20.114.59.183
	Invoice for 23-05-24 halboutevents.com-infected.html	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 52.165.164.15 173.222.162.32 20.114.59.183
	https://moeteduvn-my.sharepoint.com/:w:/g/personal/nguyenhahuy_c1lvt_cs_gli_moet_edu_vn/Eb-PuOtdulxDkYlCZ4Orx5ABV5FknA5lnxLyyA6cwoboLQ?e=4%3aO0T4BT&at=9	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 52.165.164.15 173.222.162.32 20.114.59.183
	http://transfers.invoicenotices.com/s7tajdezj0ercqjzx20bd/1c6914/0b4c5963-d447-4bd0-b4e1-aa7a1bc55298	Get hash	malicious	Unknown	Browse	40.127.169.103 52.165.164.15 173.222.162.32 20.114.59.183
	https://docusign.cloud-drive.services/l/a5a5d8dbdc5a94b7e8b576d2f3acaa79e	Get hash	malicious	Unknown	Browse	40.127.169.103 52.165.164.15 173.222.162.32 20.114.59.183
	https://odisia-broker06.sunnystamp.com/odisia-broker/web/sign?tenantId=401&stepToken=56ec14b036496480e516fd5d9e5c4d0e	Get hash	malicious	Unknown	Browse	40.127.169.103 52.165.164.15 173.222.162.32 20.114.59.183
	https://www.brownfieldagnews.com/news/	Get hash	malicious	Unknown	Browse	40.127.169.103 52.165.164.15 173.222.162.32 20.114.59.183
	http://atpscan.global.hornetsecurity.com/index.php?atp_str=W3B_McdNIuzXEbxRt9bT5cyeecvhXI5mg3Zf-KTtWwAKQqeCm-bHdcgOB_1fWG_ZglfQvuKsAuEbzqJD4WkkWiBYfjffd8o12D61lRLAF0WVeVvq9RGk9hTIQOChkPasyVCD1YO2hRBKaqPYQlDVohXMlzSig1XL3U7QoZSFaE4vD4Ei9fFZjYFJiK90_BKRfRxGCBLp3GqxUcbqKxNgNqvBedeVDBzdy2cx9b-WV910HmphFHoxLVCahiSXqaQM0pvJNQ8EtJrtnemGRUIW11OaCZ0H0Mmd-jP7r4hz-lG2IhdhSyyBfCjRQQ_CnJbs-RIzlSzWB2TihK-ttXnEIIcFrRd8q0PPW42pv1jrKjhTeXv5LD7RhNUKUn6vuB107DNBDmS2_onVjlLyNRDqBtCx6luHDMBKhsFIt1QGwtMlU9ZkDIEqiff_agLHr3ukXtR3sJyFCORCx-YrFARAYzr-rknJhyM6OiN8p_QOEoe2rDd5vf0jOjojEV2mTXT6arK9PH9NH0t3sA	Get hash	malicious	Unknown	Browse	40.127.169.103 52.165.164.15 173.222.162.32 20.114.59.183
	https://velocity-fun-2217.my.salesforce.com/sfc/p/QH000002usKl/a/QH0000002nEL/LTOT56SDzrUp.yFyeUs.72X20B9VMYmnaeC6PCTUZvs	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 52.165.164.15 173.222.162.32 20.114.59.183

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	51189
Entropy (8bit):	5.714823154491686
Encrypted:	false
SSDEEP:	384:xujFjy/+BGhwcFSrbez01T6OoNEcaNF0e6epRja92l+2aSMrSeBzTBFgFiX/uR5G:xuRj0uGhhSLcaNF09wRja92l+2a/vuEp
MD5:	A48A026C1B9310ABD472ABD50B8FBAAF
SHA1:	8125A75F33034F5B469D16F4183C484310BA8161
SHA-256:	20F16651F2957CAF0A0AD40EFB8FFF0B33DFF7E87D627976F05623F16CBF7BA6
SHA-512:	E5C13C7462AD5819090279F1EB87E4D0A516E505A11655A25C1AB7BD62D9A4B218DA4812F2F4981958AFF70A129DBB292A2068EA8FD5AA9FB3D01254CB7A373B
Malicious:	false
Preview:	...@IXOS.@.....@.\.X.@.....@.....@.....@.....@.....@......&.{7299052b-02a4-4627-81f2-1818da5d550d}).Microsoft Visual C++ 2005 Redistributable..vcredist.msi.@.....@.....@.....@........&.{675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}.....@.....@.....@.....@.......@.....@.....@.......@....).Microsoft Visual C++ 2005 Redistributable......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{A49F249F-0C91-497F-86DF-B2585E8E76B7}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{EC50BE77-3064-11D5-A54A-0090278A1BB8}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{946F6004-4E08-BCAB-E01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{9B2CAF3C-B0AB-11EC-B01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{9B2CAF3C-B0AB-11EC-C01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.

C:\Program Files (x86)\AVS4YOU\AVS4YOUHelp.chm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	23790
Entropy (8bit):	6.322736448552289
Encrypted:	false
SSDEEP:	384:H93pzoGcXm6g7KYRlz10Mo6O4mOirdABfHNZ8iK6oZFvlSb4lA7tt/:H93pxcXmB7DTSMo6tmtkPMzZFcbeA7/
MD5:	564C13EF5587B8EC4E7FEEE47F7952FC
SHA1:	DF91A8B835BF1449678970AB16E70B3DADF9E907
SHA-256:	074A04F852F639F8A5C260D1337DAC85AE8847A6431A93F15CDE47663272A479
SHA-512:	5D40AF460ED78039743EE579D88383F03D5A22A81F283343FC529277261DEC48E8F3A63E529D4448C04998AF5CFC142EF847433BD2BCA96287D49AD884323865
Malicious:	false
Preview:	ITSF....`..................\|.{.......".....\|.{......."..`...............x.......T........................\..............ITSP....T...........................................j..].!......."..T...............PMGLl................/..../#IDXHDR...4.../#ITBITS..../#STRINGS...Q)./#SYSTEM....:./#TOPICS...40./#URLSTR....I./#URLTBL...d$./$FIftiMain..../$OBJINST...u.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...q../$WWKeywordLinks/..../$WWKeywordLinks/Property...m../AVS4YOU.hhc...j./Contents.css...e.@./Contents.htm..\|.../default.css...%.H./images/..../images/avs4you_logo.gif... .E./images/bg1.jpg....~./images/logo.gif....../Index.htm..j.../Introduction/..../Introduction/Welcome.htm....y.::DataSpace/NameList..<(::DataSpace/Storage/MSCompressed/Content..@.*,::DataSpace/Storage/MSCompressed/ControlData.j.)::DataSpace/Storage/MSCompressed/SpanInfo.b./::DataSpace/Storage/MSCompressed/Transform/List.<&_::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/Instanc

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	8524360
Entropy (8bit):	4.860874126358955
Encrypted:	false
SSDEEP:	49152:mMRwEbM28lJ+0sL6ZukxX5Chw8dqNGoAaBdfbN69kktWHOZ7bktsqWks4P4nMysS:mMyO8X+0/IhwKqNGoTx69yGfdiu
MD5:	FD739D52B1B811824E400B3BB4441A9C
SHA1:	A6460636E58A3107276A58C46D256A7D9FF873E9
SHA-256:	DE9426231DAADF28CB80125E675900BC261CD3239B0C9968283AEE9EC4A3623E
SHA-512:	26509C47C09D4E9E7ACB7E594792D72A0F9031F2035A2852ACC5E52B922664049F5AED821F9F85048E02158B4BA14C84B9D33A194A92B0A8042E2216EEEF8227
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L.....AJ..................0..`................1...@............................................ ....................7.......7..>....@..l?.............H....................................p7......................................................text.....0.......0................. ..`.data....`....1.......0.............@....tls.........`7.......6.............@....rdata.......p7.......6.............@..P.idata...@....7..@....6.............@..@.edata........7.......6.............@..@

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.sil (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
File Type:	data
Category:	dropped
Size (bytes):	30390
Entropy (8bit):	5.717503816666222
Encrypted:	false
SSDEEP:	384:CHArGym2ArMfY1ty0DI5Y+l2N5T+YPE5K+XaBnY+A+fnY+A+45LKG2B7:BRDY7yw
MD5:	F1DC6BD1EEBB9EB6D82B1D3396DE9D53
SHA1:	72F4B53D44454A3597258F30033ACE99B80EECAC
SHA-256:	CCC6AA1B5BB7461EEA95AFC47F4D36E4D0B98D77EB5F7D43BCC43C7BBB9A2E26
SHA-512:	404A0FB7C2907C9491F10A603170A6AC29A4669EC64301E71A4D5CE57C5C21E7A0AB523F8910E9E6D91011258481FE62B8AC01041D9D3FA9926B5DF8BB61AA29
Malicious:	false
Preview:	[Captions]..TFormMessageDlg.chbCheck=Don't show this message again~!@#$...... .. .......... ... .........~!@#$Diese Meldung nicht mehr anzeigen~!@#$Ne pas afficher ce message~!@#$No mostrar este mensaje en adelante~!@#$Non visualizzare pi. questo messaggio~!@#$........b.Z.[.W..\.......~!@#$..TFormMessageDlg.pnlBtns=pnlBtns~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$..TFormProgress.ButtonCancel= Cancel~!@#$ ......~!@#$ Abbrechen~!@#$Annuler~!@#$Cancelar~!@#$Annulla~!@#$.L.....Z..~!@#$..TFormProgress.LabelProgressText=~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$..TFormProgress.LabelTitle=~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$..TFormProgress.TFormProgress=Progress~!@#$.........~!@#$Fortschritt~!@#$Progr.s~!@#$Progreso~!@#$Progresso~!@#$~!@#$..TRequestForm.ButtonDownload= Download now~!@#$ ....... ......~!@#$ Jetzt herunterladen~!@#$ T.l.charger~!@#$ Descargar~!@#$ Scarica ora~!@#$~!@#$..TRequestForm.ButtonLearnMore= Learn more~!@#$ ...... ......~!@#$ Mehr erfahren~!@#$ En savoir p

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-CATR2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
File Type:	data
Category:	dropped
Size (bytes):	30390
Entropy (8bit):	5.717503816666222
Encrypted:	false
SSDEEP:	384:CHArGym2ArMfY1ty0DI5Y+l2N5T+YPE5K+XaBnY+A+fnY+A+45LKG2B7:BRDY7yw
MD5:	F1DC6BD1EEBB9EB6D82B1D3396DE9D53
SHA1:	72F4B53D44454A3597258F30033ACE99B80EECAC
SHA-256:	CCC6AA1B5BB7461EEA95AFC47F4D36E4D0B98D77EB5F7D43BCC43C7BBB9A2E26
SHA-512:	404A0FB7C2907C9491F10A603170A6AC29A4669EC64301E71A4D5CE57C5C21E7A0AB523F8910E9E6D91011258481FE62B8AC01041D9D3FA9926B5DF8BB61AA29
Malicious:	false
Preview:	[Captions]..TFormMessageDlg.chbCheck=Don't show this message again~!@#$...... .. .......... ... .........~!@#$Diese Meldung nicht mehr anzeigen~!@#$Ne pas afficher ce message~!@#$No mostrar este mensaje en adelante~!@#$Non visualizzare pi. questo messaggio~!@#$........b.Z.[.W..\.......~!@#$..TFormMessageDlg.pnlBtns=pnlBtns~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$..TFormProgress.ButtonCancel= Cancel~!@#$ ......~!@#$ Abbrechen~!@#$Annuler~!@#$Cancelar~!@#$Annulla~!@#$.L.....Z..~!@#$..TFormProgress.LabelProgressText=~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$..TFormProgress.LabelTitle=~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$..TFormProgress.TFormProgress=Progress~!@#$.........~!@#$Fortschritt~!@#$Progr.s~!@#$Progreso~!@#$Progresso~!@#$~!@#$..TRequestForm.ButtonDownload= Download now~!@#$ ....... ......~!@#$ Jetzt herunterladen~!@#$ T.l.charger~!@#$ Descargar~!@#$ Scarica ora~!@#$~!@#$..TRequestForm.ButtonLearnMore= Learn more~!@#$ ...... ......~!@#$ Mehr erfahren~!@#$ En savoir p

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-H0AS6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	695649
Entropy (8bit):	6.478366416517402
Encrypted:	false
SSDEEP:	12288:T/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxy8:rvksLWtkrPi37NzHDA6Yg5dsfoTzsxy8
MD5:	EDC9F3D59FF931D13E518A52B791B7EE
SHA1:	902CEB837CF1DD0CB9B0DCA736B07515BA4F03C0
SHA-256:	281659E40B9C8A84FF5864E439CD50F8FB8841E329994394C57C614A77AF4817
SHA-512:	54C104D6E12F4B5CF7C2527E0AD9F3D2DFC10172AABB4B566279C24BC86DAD18ECAEC7CE88A584F19F017F23527CF32CFAF5E7932C29D07FDDC065A6D2172818
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-VRG54.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	8524360
Entropy (8bit):	4.860874126358955
Encrypted:	false
SSDEEP:	49152:mMRwEbM28lJ+0sL6ZukxX5Chw8dqNGoAaBdfbN69kktWHOZ7bktsqWks4P4nMysS:mMyO8X+0/IhwKqNGoTx69yGfdiu
MD5:	FD739D52B1B811824E400B3BB4441A9C
SHA1:	A6460636E58A3107276A58C46D256A7D9FF873E9
SHA-256:	DE9426231DAADF28CB80125E675900BC261CD3239B0C9968283AEE9EC4A3623E
SHA-512:	26509C47C09D4E9E7ACB7E594792D72A0F9031F2035A2852ACC5E52B922664049F5AED821F9F85048E02158B4BA14C84B9D33A194A92B0A8042E2216EEEF8227
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L.....AJ..................0..`................1...@............................................ ....................7.......7..>....@..l?.............H....................................p7......................................................text.....0.......0................. ..`.data....`....1.......0.............@....tls.........`7.......6.............@....rdata.......p7.......6.............@..P.idata...@....7..@....6.............@..@.edata........7.......6.............@..@

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
File Type:	InnoSetup Log AVS4YOU Software Navigator, version 0x30, 5338 bytes, 103386\user, "C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator"
Category:	dropped
Size (bytes):	5338
Entropy (8bit):	4.689117567606256
Encrypted:	false
SSDEEP:	96:kcqrN/S/F5vDw/BfUoSsRdAt77ICSss/LWgUBLSuSe+ObFca:cGBEV8ICSsAVUh
MD5:	8A05D7405D34F96928A2320349C6A53B
SHA1:	65AF225B652105CE4E3A39DFF465E67BBD858C0B
SHA-256:	93A029844BBC5DFDC84FC588083C009A3CC3F3F6A511961E5F163D8B86C12907
SHA-512:	CE90461918B75AE9F3161E75C1FE627E38CA3F03C758B4B1E86D747274D263CA7EFBBF719550E4BC079DAB7B13089B074F2E2685407D0F1CDB207E2E8439A06B
Malicious:	false
Preview:	Inno Setup Uninstall Log (b)....................................AVS4YOU Software Navigator......................................................................................................AVS4YOU Software Navigator......................................................................................................0...........%...............................................................................................................CG...........3q!......S....103386.user3C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator...........&.2.... ..........Q.IFPS.............................................................................................................BOOLEAN............................c...........!MAIN....-1.d...........DECODEVERSION....-1 @8 !18..SETARRAYLENGTH.......LENGTH........POS.........COPY..........STRTOINT.......'...........COMPAREVERSION....10 @8 @8.....J.......NEXTBUTTONCLICK....16 @10..GETVERSIONNUMBERSSTRING.........EXPANDCONSTANT.......;...........ALR

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	695649
Entropy (8bit):	6.478366416517402
Encrypted:	false
SSDEEP:	12288:T/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxy8:rvksLWtkrPi37NzHDA6Yg5dsfoTzsxy8
MD5:	EDC9F3D59FF931D13E518A52B791B7EE
SHA1:	902CEB837CF1DD0CB9B0DCA736B07515BA4F03C0
SHA-256:	281659E40B9C8A84FF5864E439CD50F8FB8841E329994394C57C614A77AF4817
SHA-512:	54C104D6E12F4B5CF7C2527E0AD9F3D2DFC10172AABB4B566279C24BC86DAD18ECAEC7CE88A584F19F017F23527CF32CFAF5E7932C29D07FDDC065A6D2172818
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4413000
Entropy (8bit):	6.659568472858571
Encrypted:	false
SSDEEP:	49152:geHtP5y4Rq/hhpplq+pnAw2PQ2FxuNc/OwiP42F3r47bktDQbq22qSIoOrdC7w:LH5s3/hhTA+PQQ2nuNc//dL
MD5:	944C112343725E72E627CF8DBC5C4AE0
SHA1:	778EFD79C1E498695CEAC373F19ECF8C86AF7CB2
SHA-256:	484DB4D576D6E69139E7F01FC6E2919856E0DF64EBF5C83C463EFE6441792FE5
SHA-512:	AF962957D32F9C9EDF95C447325F22EC49F6B8CC1391123039CC0D037B873E3FDC8BAFD96218402CDA72D1BD33ED43925C948E6B50A3AF8FCBDC3795E1B410C8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L...7.0J.....................@....................@..........................@D......DD.......... ...................P4.W.....4.p;...@;..H...........JC.H.....A...............................4......................................................text............................... ..`.data....@..........................@....tls..........3......*3.............@....rdata........4......,3.............@..P.idata...@....4..<....3.............@..@.edata.......P4......j3.............@..@

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.sil (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	data
Category:	dropped
Size (bytes):	46103
Entropy (8bit):	5.578078911313426
Encrypted:	false
SSDEEP:	384:eYupRVFXqpVApCHcFFJd08i9me1dRihAtgdYT67H6wVVd4HFDSBNKZMB:FoRi4f0J7Rjyj6pF+3
MD5:	0F1DAFC4CC6A05AB25F7B2D6DED1592A
SHA1:	F9D8400123A0C4C98C0E1211639C191DE5002E01
SHA-256:	BB4C72062FB0BE94186F9D3901C0E58382BD40FE3461ABB77A05BC6EE752CD55
SHA-512:	F855F87D67CE922E466268D46D8E811183BAF3E3B95F09C3F6C650B0E4FA25C139223897FF36FC7F8F057A4B176224C7DB128016AB5CBF23EB9876EF06991968
Malicious:	false
Preview:	[Captions]..TFormAVSUpdateMain.ActionCancel=Cancel~!@#$......~!@#$Abbrechen~!@#$Annuler~!@#$Cancelar~!@#$Annulla~!@#$~!@#$..TFormAVSUpdateMain.ActionChangeSkin=ActionChangeSkin~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$..TFormAVSUpdateMain.ActionCheckUpdate=Check for Updates~!@#$..... ..........~!@#$Auf Updates pr.fen~!@#$Recherche de mises . jour~!@#$Verificar actualizaciones~!@#$Ricerca aggiornamenti~!@#$~!@#$..TFormAVSUpdateMain.ActionExit=Exit~!@#$.....~!@#$Schlie.en~!@#$Quitter~!@#$Salir~!@#$Esci~!@#$~!@#$..TFormAVSUpdateMain.ActionInstall=Download && Install~!@#$....... && ..........~!@#$Downloaden+Installieren~!@#$T.l.charger && Installer~!@#$Descargar e instalar~!@#$Scarica e installa~!@#$~!@#$..TFormAVSUpdateMain.ActionSelectAll=Select All~!@#$....... ...~!@#$Alle w.hlen~!@#$S.lectionner tout~!@#$Seleccionar todo~!@#$Seleziona tutto~!@#$~!@#$..TFormAVSUpdateMain.ButtonExit=Exit~!@#$.....~!@#$Schlie.en~!@#$Quitter~!@#$Salir~!@#$Esci~!@#$~!@#$..TFormAVSUpdateMain.ButtonOptions=Options~!

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateOptions.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	3127368
Entropy (8bit):	6.687648539066493
Encrypted:	false
SSDEEP:	49152:x4mt3pi3fhY97E2sIB7NmkNvLNkdvu4lCwdF7bkt/IOrq:dt3F/7B7MkNvLeVIq
MD5:	6BBD4BCF6424844625B42217AEF9BB14
SHA1:	704B5970BB1E6FA10F5E7F3E892A200F9060E9D8
SHA-256:	736DDFEF8D19E7AB434FCCFE96DFAC41031CCBC4C4FD7258EEA4629230A3AA11
SHA-512:	0CDB01CDCE57B6AF0FC9BF17430CD85D556E9B50F2466761695F8862FD66F17E591B1F87F5F378AC8F60AC51110E28F601A16E6BB8C4ED1EA6848E742BFFF541
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L...N>&J..................#.................. #...@...........................0......./.......... ...................`%..T... %..0....*.............../.H.....................................%......................................................text.....#.......#................. ..`.data........ #..T....#.............@....tls..........%......j$.............@....rdata........%......l$.............@..P.idata...@... %..2...n$.............@..@.edata...`...`%..V....$.............@..@

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateOptions.sil (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	Generic INItialization configuration [CharSets]
Category:	dropped
Size (bytes):	16031
Entropy (8bit):	5.342553763888303
Encrypted:	false
SSDEEP:	192:lNp96wQ1rx20ytZqmG83no52naZkI/vck:glZdSMkI/vck
MD5:	842E368D002CC1CCFA13E701EAD1BF7D
SHA1:	DF5339DC97AC7D3EFACF6DE38D4F9FEBF58DCB0E
SHA-256:	0EE53DE445C4EB1FBA8861BB5744B7149460D276CEC4D14E93B5A92C382E9EB0
SHA-512:	EF90A508C7B37D8A3A8953FC7F6053F15EADC9361EA601B639C4822FDFE1DA0ADC2494A5C1CAE25C9B698C12B0F9FCF0BB22300265284CA3555222DDBCC46B8B
Malicious:	false
Preview:	[Captions]..TFormAVSUpdateOptions.ButtonCancel=Cancel~!@#$......~!@#$Abbrechen~!@#$Annuler~!@#$Cancelar~!@#$Annulla~!@#$~!@#$..TFormAVSUpdateOptions.ButtonOK=OK~!@#$..~!@#$OK~!@#$OK~!@#$Aceptar~!@#$OK~!@#$~!@#$..TFormAVSUpdateOptions.CheckBoxProxyEnabled=Proxy Enabled~!@#$......-...... ........~!@#$Proxy-Server aktivieren~!@#$Proxy activ.~!@#$Proxy activado~!@#$Proxy attivato~!@#$~!@#$..TFormAVSUpdateOptions.LabelProxyAddress=Proxy Address:~!@#$..... ......-.......:~!@#$Proxy-Adresse:~!@#$Adresse proxy:~!@#$Direcci.n proxy:~!@#$Indirizzo proxy:~!@#$~!@#$..TFormAVSUpdateOptions.LabelProxyPort=Proxy Port:~!@#$.... ......-.......:~!@#$Proxy-Port:~!@#$Port proxy:~!@#$Puerto proxy:~!@#$Porta proxy:~!@#$~!@#$..TFormAVSUpdateOptions.LabelProxySettings=Proxy settings:~!@#$......... ......-.......:~!@#$Proxy-Einstellungen:~!@#$Param.tres de proxy:~!@#$Par.metros proxy:~!@#$Impostazioni proxy:~!@#$~!@#$..TFormAVSUpdateOptions.LabelProxyUserName=User Name:~!@#$... ............:~!@#$Benutzername:~

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\Updater.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	686152
Entropy (8bit):	6.569360528695665
Encrypted:	false
SSDEEP:	12288:mSHliDXRKvrA7M27sGrZ0NyOMM3xJgA+QM5J4q0lP:mSHluXSwMirV0NQM3b+ZB0d
MD5:	631361CCA46657062D595FCC72FD456B
SHA1:	0DE4541B6EF4F1D07842E810728FD93A9DB93C10
SHA-256:	D308E7609284331EA7F61F277FC3A7717374661AA5A9FBB8D614E30C414057DD
SHA-512:	866BBF1AFF8781B3B6A1888BECAD38B3FA2B50850CAD1DF60735A3B2E3E712331747960929F47F9C99B8AC23AEBF36908FBED21BA131CD96FA58AB9C56410A4C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L.....PI.....................0....................@..........................@....../............ ...............................%... ...............l..H............................................................................................text............r.................. ..`.data....0...........x..............@....tls.................&..............@....rdata...............(..............@..P.idata...0.......&...*..............@..@.edata...............P..............@..@

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-1O3D5.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4413000
Entropy (8bit):	6.659568472858571
Encrypted:	false
SSDEEP:	49152:geHtP5y4Rq/hhpplq+pnAw2PQ2FxuNc/OwiP42F3r47bktDQbq22qSIoOrdC7w:LH5s3/hhTA+PQQ2nuNc//dL
MD5:	944C112343725E72E627CF8DBC5C4AE0
SHA1:	778EFD79C1E498695CEAC373F19ECF8C86AF7CB2
SHA-256:	484DB4D576D6E69139E7F01FC6E2919856E0DF64EBF5C83C463EFE6441792FE5
SHA-512:	AF962957D32F9C9EDF95C447325F22EC49F6B8CC1391123039CC0D037B873E3FDC8BAFD96218402CDA72D1BD33ED43925C948E6B50A3AF8FCBDC3795E1B410C8
Malicious:	false
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-1O3D5.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L...7.0J.....................@....................@..........................@D......DD.......... ...................P4.W.....4.p;...@;..H...........JC.H.....A...............................4......................................................text............................... ..`.data....@..........................@....tls..........3......*3.............@....rdata........4......,3.............@..P.idata...@....4..<....3.............@..@.edata.......P4......j3.............@..@

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	686152
Entropy (8bit):	6.569360528695665
Encrypted:	false
SSDEEP:	12288:mSHliDXRKvrA7M27sGrZ0NyOMM3xJgA+QM5J4q0lP:mSHluXSwMirV0NQM3b+ZB0d
MD5:	631361CCA46657062D595FCC72FD456B
SHA1:	0DE4541B6EF4F1D07842E810728FD93A9DB93C10
SHA-256:	D308E7609284331EA7F61F277FC3A7717374661AA5A9FBB8D614E30C414057DD
SHA-512:	866BBF1AFF8781B3B6A1888BECAD38B3FA2B50850CAD1DF60735A3B2E3E712331747960929F47F9C99B8AC23AEBF36908FBED21BA131CD96FA58AB9C56410A4C
Malicious:	false
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L.....PI.....................0....................@..........................@....../............ ...............................%... ...............l..H............................................................................................text............r.................. ..`.data....0...........x..............@....tls.................&..............@....rdata...............(..............@..P.idata...0.......&...*..............@..@.edata...............P..............@..@

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-CCVFB.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	Generic INItialization configuration [CharSets]
Category:	dropped
Size (bytes):	16031
Entropy (8bit):	5.342553763888303
Encrypted:	false
SSDEEP:	192:lNp96wQ1rx20ytZqmG83no52naZkI/vck:glZdSMkI/vck
MD5:	842E368D002CC1CCFA13E701EAD1BF7D
SHA1:	DF5339DC97AC7D3EFACF6DE38D4F9FEBF58DCB0E
SHA-256:	0EE53DE445C4EB1FBA8861BB5744B7149460D276CEC4D14E93B5A92C382E9EB0
SHA-512:	EF90A508C7B37D8A3A8953FC7F6053F15EADC9361EA601B639C4822FDFE1DA0ADC2494A5C1CAE25C9B698C12B0F9FCF0BB22300265284CA3555222DDBCC46B8B
Malicious:	false
Preview:	[Captions]..TFormAVSUpdateOptions.ButtonCancel=Cancel~!@#$......~!@#$Abbrechen~!@#$Annuler~!@#$Cancelar~!@#$Annulla~!@#$~!@#$..TFormAVSUpdateOptions.ButtonOK=OK~!@#$..~!@#$OK~!@#$OK~!@#$Aceptar~!@#$OK~!@#$~!@#$..TFormAVSUpdateOptions.CheckBoxProxyEnabled=Proxy Enabled~!@#$......-...... ........~!@#$Proxy-Server aktivieren~!@#$Proxy activ.~!@#$Proxy activado~!@#$Proxy attivato~!@#$~!@#$..TFormAVSUpdateOptions.LabelProxyAddress=Proxy Address:~!@#$..... ......-.......:~!@#$Proxy-Adresse:~!@#$Adresse proxy:~!@#$Direcci.n proxy:~!@#$Indirizzo proxy:~!@#$~!@#$..TFormAVSUpdateOptions.LabelProxyPort=Proxy Port:~!@#$.... ......-.......:~!@#$Proxy-Port:~!@#$Port proxy:~!@#$Puerto proxy:~!@#$Porta proxy:~!@#$~!@#$..TFormAVSUpdateOptions.LabelProxySettings=Proxy settings:~!@#$......... ......-.......:~!@#$Proxy-Einstellungen:~!@#$Param.tres de proxy:~!@#$Par.metros proxy:~!@#$Impostazioni proxy:~!@#$~!@#$..TFormAVSUpdateOptions.LabelProxyUserName=User Name:~!@#$... ............:~!@#$Benutzername:~

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-DS07H.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	3127368
Entropy (8bit):	6.687648539066493
Encrypted:	false
SSDEEP:	49152:x4mt3pi3fhY97E2sIB7NmkNvLNkdvu4lCwdF7bkt/IOrq:dt3F/7B7MkNvLeVIq
MD5:	6BBD4BCF6424844625B42217AEF9BB14
SHA1:	704B5970BB1E6FA10F5E7F3E892A200F9060E9D8
SHA-256:	736DDFEF8D19E7AB434FCCFE96DFAC41031CCBC4C4FD7258EEA4629230A3AA11
SHA-512:	0CDB01CDCE57B6AF0FC9BF17430CD85D556E9B50F2466761695F8862FD66F17E591B1F87F5F378AC8F60AC51110E28F601A16E6BB8C4ED1EA6848E742BFFF541
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L...N>&J..................#.................. #...@...........................0......./.......... ...................`%..T... %..0....*.............../.H.....................................%......................................................text.....#.......#................. ..`.data........ #..T....#.............@....tls..........%......j$.............@....rdata........%......l$.............@..P.idata...@... %..2...n$.............@..@.edata...`...`%..V....$.............@..@

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-KNK41.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	data
Category:	dropped
Size (bytes):	46103
Entropy (8bit):	5.578078911313426
Encrypted:	false
SSDEEP:	384:eYupRVFXqpVApCHcFFJd08i9me1dRihAtgdYT67H6wVVd4HFDSBNKZMB:FoRi4f0J7Rjyj6pF+3
MD5:	0F1DAFC4CC6A05AB25F7B2D6DED1592A
SHA1:	F9D8400123A0C4C98C0E1211639C191DE5002E01
SHA-256:	BB4C72062FB0BE94186F9D3901C0E58382BD40FE3461ABB77A05BC6EE752CD55
SHA-512:	F855F87D67CE922E466268D46D8E811183BAF3E3B95F09C3F6C650B0E4FA25C139223897FF36FC7F8F057A4B176224C7DB128016AB5CBF23EB9876EF06991968
Malicious:	false
Preview:	[Captions]..TFormAVSUpdateMain.ActionCancel=Cancel~!@#$......~!@#$Abbrechen~!@#$Annuler~!@#$Cancelar~!@#$Annulla~!@#$~!@#$..TFormAVSUpdateMain.ActionChangeSkin=ActionChangeSkin~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$..TFormAVSUpdateMain.ActionCheckUpdate=Check for Updates~!@#$..... ..........~!@#$Auf Updates pr.fen~!@#$Recherche de mises . jour~!@#$Verificar actualizaciones~!@#$Ricerca aggiornamenti~!@#$~!@#$..TFormAVSUpdateMain.ActionExit=Exit~!@#$.....~!@#$Schlie.en~!@#$Quitter~!@#$Salir~!@#$Esci~!@#$~!@#$..TFormAVSUpdateMain.ActionInstall=Download && Install~!@#$....... && ..........~!@#$Downloaden+Installieren~!@#$T.l.charger && Installer~!@#$Descargar e instalar~!@#$Scarica e installa~!@#$~!@#$..TFormAVSUpdateMain.ActionSelectAll=Select All~!@#$....... ...~!@#$Alle w.hlen~!@#$S.lectionner tout~!@#$Seleccionar todo~!@#$Seleziona tutto~!@#$~!@#$..TFormAVSUpdateMain.ButtonExit=Exit~!@#$.....~!@#$Schlie.en~!@#$Quitter~!@#$Salir~!@#$Esci~!@#$~!@#$..TFormAVSUpdateMain.ButtonOptions=Options~!

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-PEHBR.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	695649
Entropy (8bit):	6.478375154156893
Encrypted:	false
SSDEEP:	12288:T/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxy8:rvksLWtkrPi37NzHDA6Yg5dsfoTzsxy8
MD5:	F8BD36D55CDCB22B1CA245E0541DFB2A
SHA1:	11F8D1E197E50E1446B82878FA713736EEEF6BDC
SHA-256:	F7C9619B734148BAB2E99E19E4B280615859EA354D1BA89C35DFEAD451623FBB
SHA-512:	C8F35F765D70204BF7FA8584AE19B1DF26BCF5C589EFF2A362433EEBE6F76E0FA67EF4121E5F7D6AAFF72B4B02AEEAFA42285E31358E2777E5C9840C9CE624C0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	InnoSetup Log AVS Update Manager, version 0x30, 4411 bytes, 103386\user, "C:\Program Files (x86)\AVS4YOU\AVSUpdateManager"
Category:	dropped
Size (bytes):	4411
Entropy (8bit):	4.708194466206947
Encrypted:	false
SSDEEP:	96:rd0S/N5vqQYUoStMOcGSss/L5oIt3L4FWMqCMq7CJ:7OejSsAVpRbCbY
MD5:	29508F7E534F8A6F13E81E96EE008381
SHA1:	1659C348B7B8AF2D820EC87C9ADB94A73C60AABA
SHA-256:	77ABA015DF8D28421E5974575F7A2CA43AE6FBC8888B32C5D84E70765E7C7821
SHA-512:	F8DE7DA7C509F10B85DEDDC5E28D0B889C605838175AFE2FE73802F2E8CACB21390A1299CE5D54EF4BC2DAD49EC8341949A70F47478F66FA24EA91C0D524EE26
Malicious:	false
Preview:	Inno Setup Uninstall Log (b)....................................AVS Update Manager..............................................................................................................AVS Update Manager..............................................................................................................0.......;...%.................................................................................................................Do.................O....103386.user/C:\Program Files (x86)\AVS4YOU\AVSUpdateManager...........&.5.... ............IFPS.............................................................................................................BOOLEAN........................................!MAIN....-1.............DECODEVERSION....-1 @8 !18..SETARRAYLENGTH.......LENGTH........POS.........COPY..........STRTOINT...................COMPAREVERSION....10 @8 @8.....C.......NEXTBUTTONCLICK....16 @10..GETVERSIONNUMBERSSTRING.........EXPANDCONSTANT...................ALREADY

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	695649
Entropy (8bit):	6.478375154156893
Encrypted:	false
SSDEEP:	12288:T/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxy8:rvksLWtkrPi37NzHDA6Yg5dsfoTzsxy8
MD5:	F8BD36D55CDCB22B1CA245E0541DFB2A
SHA1:	11F8D1E197E50E1446B82878FA713736EEEF6BDC
SHA-256:	F7C9619B734148BAB2E99E19E4B280615859EA354D1BA89C35DFEAD451623FBB
SHA-512:	C8F35F765D70204BF7FA8584AE19B1DF26BCF5C589EFF2A362433EEBE6F76E0FA67EF4121E5F7D6AAFF72B4B02AEEAFA42285E31358E2777E5C9840C9CE624C0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4329032
Entropy (8bit):	6.640576014317949
Encrypted:	false
SSDEEP:	98304:PwGoALcjM7s4HxwpFNTlgLjzFfaw3O1JoXRD:4Go6zJHxwp9gLfFD3OWD
MD5:	9EE026F5D3E90F185BF63530B6EE430F
SHA1:	988EC38D1486CDF0EE88159188E5FF15AB4C5756
SHA-256:	6574B58803DA494A019F8A864A5E388B9A9088732F4ABE57E65C7DC28F639A87
SHA-512:	1C379451C46F53CBC5A81CC638F725D45E0CBE2BFF4D49365CD689F4CD3BC2B1480397671DD1265496572A88A156AD9AD74F5218D4596755FF9C0AC2504C3C83
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....tCJ..........................................@...........................B......sB.......... ....................2......@2.&<...`9...............B.H....P@.............................02......................................................text.............-................. ..`.data............~....-.............@....tls......... 2......z1.............@....rdata.......02......\|1.............@..P.idata...@...@2..>...~1.............@..@.edata........2.......1.............@..@

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.sil (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	data
Category:	dropped
Size (bytes):	19222
Entropy (8bit):	5.707285284873649
Encrypted:	false
SSDEEP:	384:7j6/MFdCe3piFP3yMR14VUANfEXAh0LLHzjNC2hvKAlmwY33iWLxZ4dkvLHidh0L:7j7DpUP3yMRuqrwVw839+dk7lL
MD5:	777605D7E93094DF42E3369B26C4663D
SHA1:	0C0D371862D0D4D70EEBF9A11DC2F4999C700757
SHA-256:	1878F0FE2034260713C6C6CCBE56F3EBD1F343E6B8CD46B727F5D35CF7EC63AF
SHA-512:	FE19E3AB6F031652A5F880EF02888BF53A8A4C2F1E187A43C767721F1D812D8CF4163D3C70B31D70E502FDFF708C6250BEE1557439B9E63DB82C4E951545CC5A
Malicious:	false
Preview:	[Captions]..TFormAbout.btnActivate=Activate$.........$Aktivieren$Activer$Activar$Attiva$.A.N.e.B.u.....$..TFormAbout.btnClose=Close$.......$Schlie.en$Fermer$Cerrar$Chiudi$.....$..TFormAbout.btnCredits=Credits$......$.ber$Cr.dits$Cr.ditos$Credits$.N...W.b.g$..TFormAbout.btnLicense=License$........$Lizenz$Licence$Licencia$Licenza$...C.Z...X$..TFormAbout.btnRegister=Register$...........$Registrieren$Enregistrer$Registrar$Registra$...W.X.^$..TFormAbout.labCopyright=Copyright$......... .....$Urheberrecht$$Copyright$$....$..TFormAbout.labVersion=Version $......$Version$Version$Versi.n$Versione$.o.[.W.... $..TFormAbout.TFormAbout=About$. .........$.ber$A propos$Acerca de$Info su$...$..TFormMessageDlg.chbCheck=Don't show this message again$...... .. .......... ... .........$Diese Meldung nicht mehr anzeigen$Ne pas montrer ce message$No mostrar este mensaje en adelante$Non visualizzare pi. questo messaggio$$..TFormMessageDlg.pnlBtns=pnlBtns$$$$$$$..TFormUnregisteredVersion.btnContinue=Cont

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Category.ini (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	877
Entropy (8bit):	4.90071059952041
Encrypted:	false
SSDEEP:	24:9CBp46Lo8OSKWGFdaFYFsBCFGrmsFrF3FAFsC8/FKFZOMLFUon8F8KR:opW8lYFdaFYFs8FWXFrF3FAFsC8/FKFi
MD5:	A9439E56F43F9ADCA5E756BD47A54A05
SHA1:	B4A434E14C72F2FBF4C11F5F27B88E5156147FC4
SHA-256:	8DB1A559472DC1D1BD20EDE9E2E6E7217047869CF6B00745131C6BEC9F4D7254
SHA-512:	86EE41D9C3E50DB8F540FD6FF81A22D49EB3C12D6A825455E79C3966DB6E3B1AF0B3E4C32BC9606D1C4A3F0FC6138211A45F5635FF74BF77940EACB88324D9AE
Malicious:	false
Preview:	[Category]..Count=32..Category0=Film & Animation..Category1=Autos & Vehicles..Category2=Music..Category3=Pets & Animals..Category4=Sports..Category5=Travel & Events..Category6=Short Movies..Category7=Videoblogging..Category8=Gaming..Category9=Comedy..Category10=People & Blogs..Category11=News & Politics..Category12=Entertainment..Category13=Education..Category14=Howto & Style..Category15=Nonprofits & Activism..Category16=Science & Technology..Category17=Movies - Anime/Animation..Category18=Movies..Category19=Movies - Comedy..Category20=Movies - Documentary..Category21=Movies - Action/Adventure..Category22=Movies - Classics..Category23=Movies - Foreign..Category24=Movies - Horror..Category25=Movies - Drama..Category26=Movies - Family..Category27=Movies - Shorts..Category28=Shows..Category29=Movies - Sci-Fi/Fantasy..Category30=Movies - Thriller..Category31=Trailers..

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Data\About.rtf (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	Rich Text Format data, version 1, ANSI, code page 1252
Category:	dropped
Size (bytes):	1307
Entropy (8bit):	4.961169810589936
Encrypted:	false
SSDEEP:	24:MnuGe4YLPf8BuPmK4WgkAna0nKN11QNVfUJ7VBhVVhO/WQsjsyIWVv2:MnuGe4aPfkUl4WxLLz1QfUBhQWiyIy2
MD5:	C4C9D8FE3E7809C2BFA05102B7E19822
SHA1:	81DC4356BA7E6E3FF0009F318D4D2B2ADFF2F6AB
SHA-256:	864614C41A3AED34B5E2C9BAD3140FFF44063A0B296318A5C136E58F88421B23
SHA-512:	4B700AB2AAFF8C3F444586B1027E012F67D7895681733E5663DFF7041635389EFFE0BD0FE28DBB5D725D43779D44C2A5E2D8FD7BFAF280FA1CEA4A62EC1ECEE1
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0{\fonttbl{\f0\fswiss\fcharset0 Arial;}{\f1\fswiss\fprq2\fcharset0 Arial;}{\f2\fswiss\fcharset204{\\fname Arial;}Arial CYR;}{\f3\fnil\fcharset0 ;}}..{\\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\lang1033\f0\fs20 AVS YouTube Uploader is an application that lets the user pick a video and send it directly to YouTube. You can share your videos with friends over the Internet within minutes! Very easy and fast with AVS YouTube Uploader.\par..\par..\f1 Upload Video to YouTube \par..Upload videos right from your computer. Only 3 clicks needed! \par..\par..Save lots of time \par..No need to use YouTube web interface. Select a file, write a title and description, add tags, YouTube video category and you're on YouTube! \par..\par..Upload Multiple Files \par..If you upload lots of videos, send several videos at once. \par..\par..100% Clean and Secure \par..This software does NOT contain any Spyware, Adware or Malware. \par..\par..\lang1049\f2 AVS \lang1033\f

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Data\is-N6EVC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	Rich Text Format data, version 1, ANSI, code page 1252
Category:	dropped
Size (bytes):	1307
Entropy (8bit):	4.961169810589936
Encrypted:	false
SSDEEP:	24:MnuGe4YLPf8BuPmK4WgkAna0nKN11QNVfUJ7VBhVVhO/WQsjsyIWVv2:MnuGe4aPfkUl4WxLLz1QfUBhQWiyIy2
MD5:	C4C9D8FE3E7809C2BFA05102B7E19822
SHA1:	81DC4356BA7E6E3FF0009F318D4D2B2ADFF2F6AB
SHA-256:	864614C41A3AED34B5E2C9BAD3140FFF44063A0B296318A5C136E58F88421B23
SHA-512:	4B700AB2AAFF8C3F444586B1027E012F67D7895681733E5663DFF7041635389EFFE0BD0FE28DBB5D725D43779D44C2A5E2D8FD7BFAF280FA1CEA4A62EC1ECEE1
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0{\fonttbl{\f0\fswiss\fcharset0 Arial;}{\f1\fswiss\fprq2\fcharset0 Arial;}{\f2\fswiss\fcharset204{\\fname Arial;}Arial CYR;}{\f3\fnil\fcharset0 ;}}..{\\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\lang1033\f0\fs20 AVS YouTube Uploader is an application that lets the user pick a video and send it directly to YouTube. You can share your videos with friends over the Internet within minutes! Very easy and fast with AVS YouTube Uploader.\par..\par..\f1 Upload Video to YouTube \par..Upload videos right from your computer. Only 3 clicks needed! \par..\par..Save lots of time \par..No need to use YouTube web interface. Select a file, write a title and description, add tags, YouTube video category and you're on YouTube! \par..\par..Upload Multiple Files \par..If you upload lots of videos, send several videos at once. \par..\par..100% Clean and Secure \par..This software does NOT contain any Spyware, Adware or Malware. \par..\par..\lang1049\f2 AVS \lang1033\f

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Icons\YouTube.ico (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	17542
Entropy (8bit):	4.712245957016107
Encrypted:	false
SSDEEP:	192:8+7I4DPCmM7ltNyFtpADSqh8VkKkEOFcWmkv35ICAUDgtTX0va:8+7pCmqltNyjpAeE8zpy2kv3e4g1Ey
MD5:	02CD3A68A7FB8ED397E5FD22E85D695B
SHA1:	7F8428FE3923D814610B09EB68AA187BD903C86B
SHA-256:	B601792FF05365D7C4EF24ADFC21133560BE1F05946CBC05C13F7B2F050E0CFF
SHA-512:	EA9E19186BBE7B3DDF3063672D4EC5640D4C9332EBEBBFD15E11CC53798A96620706AF32FF5B1C74A45243987D6493A51DC78ED16957837CA21AC2EBD6E75EC5
Malicious:	false
Preview:	......00.... ..%..F... .... ......%........ ......6........ .h....@..(...0...`..... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Icons\is-GVB88.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	17542
Entropy (8bit):	4.712245957016107
Encrypted:	false
SSDEEP:	192:8+7I4DPCmM7ltNyFtpADSqh8VkKkEOFcWmkv35ICAUDgtTX0va:8+7pCmqltNyjpAeE8zpy2kv3e4g1Ey
MD5:	02CD3A68A7FB8ED397E5FD22E85D695B
SHA1:	7F8428FE3923D814610B09EB68AA187BD903C86B
SHA-256:	B601792FF05365D7C4EF24ADFC21133560BE1F05946CBC05C13F7B2F050E0CFF
SHA-512:	EA9E19186BBE7B3DDF3063672D4EC5640D4C9332EBEBBFD15E11CC53798A96620706AF32FF5B1C74A45243987D6493A51DC78ED16957837CA21AC2EBD6E75EC5
Malicious:	false
Preview:	......00.... ..%..F... .... ......%........ ......6........ .h....@..(...0...`..... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5800072
Entropy (8bit):	7.999151834758425
Encrypted:	true
SSDEEP:	98304:RzrYyZ0DgLnDpW0Ezbh7/u3/lhfOHwmtG9b0lkYASVBQV93PBHgYDqs1m7a:JZ08LDpW0ibh7IPYtzkYPVynZHpqkm2
MD5:	23BF66DE2827671BB16D26A077D530B7
SHA1:	A4B8D868387F9CB2B8F13083CF51B6F81864C1AE
SHA-256:	DB3298DF4F0AC4FDEA4829C1851A02C4280AFC27B9CFE572C9DA7FCB707D8467
SHA-512:	832033DF6FE976FBC6A7A4383443FF3C35BC436239E07CCE8900194156518DE9415B6515A5E766EF5A3BF7C0EC48F14EC4665D13EBE336E4C64E2E85BB47DC9C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.....................D......X.............@..........................@........Y..........@..............................P..................@tX.H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc.............................@..P.............@......................@..P........................................................................................................................................

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-6CUK4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Create Time/Date: Mon Jun 21 09:00:00 1999, Number of Pages: 200, Code page: 1252, Title: Installation Database, Subject: Microsoft Visual C++ 2005 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Visual C++ 2005 Redistributable RTL x86 enu; Copyright (C) Microsoft Corporation, All rights reserved., Template: Intel;0, Revision Number: {675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}, Name of Creating Application: Visual Studio Setup Build Engine (BuildMod.DLL), Security: 2, Last Saved Time/Date: Fri Dec 1 22:24:46 2006, Number of Words: 2
Category:	dropped
Size (bytes):	2818048
Entropy (8bit):	7.6656649403020625
Encrypted:	false
SSDEEP:	49152:88iG59xjcLHWNTpMYeJscoTpqlLrditJ35bForUCfSwcJoJB/I4GzJCKG:N9tSA8418LZ6hyf8qz/IjJO
MD5:	DC1AB7CE3B89FC7CAC369D8B246CDAFE
SHA1:	C9A2D5A312F770189C4B65CB500905E4773C14AD
SHA-256:	DDE77DD3473D3D07C459F17CD267F96F19264F976F2FCC85B4BBBECF26487560
SHA-512:	E554B8B36A7A853D4E6EFB4E6FAF2D784F41E8D26EDAFBB1689A944BF0A7A4B58258D820A3FADA1496B8C8D295D8771FC713B29127D54A3FBC317659B7565CBE
Malicious:	false
Preview:	......................>...................)...............8...................y...z...........J.......q...r...s...t...u...v...w...x...y...z...{...\|...}...~...........................................F...G...H...I...J...K...L...M...u...............................................................................................................................................................................................................................................................................................R................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......6...0...1...2...3...4...5...X...7...?...e...:...;...<...=...>.../...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...S...`...T...U...V...W...Y...]...Z...[...\...^..._...a...f...i...b...c...d...g...&...h...j...l...n...k...m...o...p...r...q...t...s...u.......v.......w...x...........

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-7IQCS.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	695690
Entropy (8bit):	6.478348740690027
Encrypted:	false
SSDEEP:	12288:T/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxyH:rvksLWtkrPi37NzHDA6Yg5dsfoTzsxyH
MD5:	D691E7BF18E4BFBE529F42A5BC31BE20
SHA1:	F4D4ECC3B9DA2941D350F8434EDFA30BBBC8434C
SHA-256:	E107A7EA8AD8491B24FE084829B72C454EF5B2867F6612DD7E60830E5423DFB6
SHA-512:	AFCC185FEBCACF6BF06E5A7A53B16A162E5707FB463E1EDC99165EDA2F1219909B3C5C41B6F535D251D51E4B9518170F1EA55AE3304E04A8C2197802A48986D9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-FTKHQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	877
Entropy (8bit):	4.90071059952041
Encrypted:	false
SSDEEP:	24:9CBp46Lo8OSKWGFdaFYFsBCFGrmsFrF3FAFsC8/FKFZOMLFUon8F8KR:opW8lYFdaFYFs8FWXFrF3FAFsC8/FKFi
MD5:	A9439E56F43F9ADCA5E756BD47A54A05
SHA1:	B4A434E14C72F2FBF4C11F5F27B88E5156147FC4
SHA-256:	8DB1A559472DC1D1BD20EDE9E2E6E7217047869CF6B00745131C6BEC9F4D7254
SHA-512:	86EE41D9C3E50DB8F540FD6FF81A22D49EB3C12D6A825455E79C3966DB6E3B1AF0B3E4C32BC9606D1C4A3F0FC6138211A45F5635FF74BF77940EACB88324D9AE
Malicious:	false
Preview:	[Category]..Count=32..Category0=Film & Animation..Category1=Autos & Vehicles..Category2=Music..Category3=Pets & Animals..Category4=Sports..Category5=Travel & Events..Category6=Short Movies..Category7=Videoblogging..Category8=Gaming..Category9=Comedy..Category10=People & Blogs..Category11=News & Politics..Category12=Entertainment..Category13=Education..Category14=Howto & Style..Category15=Nonprofits & Activism..Category16=Science & Technology..Category17=Movies - Anime/Animation..Category18=Movies..Category19=Movies - Comedy..Category20=Movies - Documentary..Category21=Movies - Action/Adventure..Category22=Movies - Classics..Category23=Movies - Foreign..Category24=Movies - Horror..Category25=Movies - Drama..Category26=Movies - Family..Category27=Movies - Shorts..Category28=Shows..Category29=Movies - Sci-Fi/Fantasy..Category30=Movies - Thriller..Category31=Trailers..

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-H552E.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5800072
Entropy (8bit):	7.999151834758425
Encrypted:	true
SSDEEP:	98304:RzrYyZ0DgLnDpW0Ezbh7/u3/lhfOHwmtG9b0lkYASVBQV93PBHgYDqs1m7a:JZ08LDpW0ibh7IPYtzkYPVynZHpqkm2
MD5:	23BF66DE2827671BB16D26A077D530B7
SHA1:	A4B8D868387F9CB2B8F13083CF51B6F81864C1AE
SHA-256:	DB3298DF4F0AC4FDEA4829C1851A02C4280AFC27B9CFE572C9DA7FCB707D8467
SHA-512:	832033DF6FE976FBC6A7A4383443FF3C35BC436239E07CCE8900194156518DE9415B6515A5E766EF5A3BF7C0EC48F14EC4665D13EBE336E4C64E2E85BB47DC9C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.....................D......X.............@..........................@........Y..........@..............................P..................@tX.H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc.............................@..P.............@......................@..P........................................................................................................................................

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-JPGVB.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 252968 bytes, 1 file, at 0x2c +A "FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8", ID 4303, number 1, 20 datablocks, 0x1503 compression
Category:	dropped
Size (bytes):	252968
Entropy (8bit):	7.99823087561724
Encrypted:	true
SSDEEP:	6144:jZZNW4mlCRYT6pbIuwDU7+Q3JgE/sJYQu0xf0Gg/uvw3Ls:jjNQrThU7le3YafI/uMLs
MD5:	AA85AA3738ACFE30E197D9DFD5C3428D
SHA1:	7F3EE53BD967265AFE32B31D75B4F6C47363654A
SHA-256:	AF3560EF0C55C7E4EFF2170C63E7860498B5830E405A3841F96C91601E62E108
SHA-512:	E1BF248D6425F6BA91BF0A1F3D364321B09477AF9BE2F31F8BF6D92DEFBADDFBAB8F3E6284262742378F1F87D60D06EEE3B98FB081E60F9FB6F19C1797489861
Malicious:	false
Preview:	MSCF....(.......,...................z..................5.. .FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8.y....#..[.... .....P..%1.P...OIW.7F[...KA...<U.I).RmHf..f..`...p.M.n]0a&n... .3.43wg...`...1....^.p.&...y.2.TW.\|ar.?w..vy....x.,...+/.2...K...+[.......B.....B....NX....... ...........A.'.o{...xa........s..3.....?......3....@.....f`X...:..&..\...G...cCOjihbg]i....3..3...P[....V.M...%.D.."..%u.F5.........y..R#...s.O.l.+...3...\|...R.q..(.E.3..................4..c)...{%.K......o.....y..s....FB._3.h..).;_.c.?.K....F..nh..G......4.>.@/.E.......J..2a.E....G..nI.?.A_`Qk]v]j......g..K Q.ji_ih.`_4.R.JIJX+.?:.....3m.I.TI.........&..t.O.....N...BP...1...H..&.IP...........2...0!t.@...Zk....+.mb.*....x..Q....G.L\|.p.../......g..8$.#./..T.A,.sb.(.....DT....%..@....WPi.....g....gt.~ .@............g.N.X...b..t.!-.we(JCx.?.....W&....".4n.. yDn....e...J.#.w.&d ......CL..`.&.b+..... ....;..i...WW.T.....J...T..ve....%.....j.....N.a.......

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-S9D5V.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	data
Category:	dropped
Size (bytes):	19222
Entropy (8bit):	5.707285284873649
Encrypted:	false
SSDEEP:	384:7j6/MFdCe3piFP3yMR14VUANfEXAh0LLHzjNC2hvKAlmwY33iWLxZ4dkvLHidh0L:7j7DpUP3yMRuqrwVw839+dk7lL
MD5:	777605D7E93094DF42E3369B26C4663D
SHA1:	0C0D371862D0D4D70EEBF9A11DC2F4999C700757
SHA-256:	1878F0FE2034260713C6C6CCBE56F3EBD1F343E6B8CD46B727F5D35CF7EC63AF
SHA-512:	FE19E3AB6F031652A5F880EF02888BF53A8A4C2F1E187A43C767721F1D812D8CF4163D3C70B31D70E502FDFF708C6250BEE1557439B9E63DB82C4E951545CC5A
Malicious:	false
Preview:	[Captions]..TFormAbout.btnActivate=Activate$.........$Aktivieren$Activer$Activar$Attiva$.A.N.e.B.u.....$..TFormAbout.btnClose=Close$.......$Schlie.en$Fermer$Cerrar$Chiudi$.....$..TFormAbout.btnCredits=Credits$......$.ber$Cr.dits$Cr.ditos$Credits$.N...W.b.g$..TFormAbout.btnLicense=License$........$Lizenz$Licence$Licencia$Licenza$...C.Z...X$..TFormAbout.btnRegister=Register$...........$Registrieren$Enregistrer$Registrar$Registra$...W.X.^$..TFormAbout.labCopyright=Copyright$......... .....$Urheberrecht$$Copyright$$....$..TFormAbout.labVersion=Version $......$Version$Version$Versi.n$Versione$.o.[.W.... $..TFormAbout.TFormAbout=About$. .........$.ber$A propos$Acerca de$Info su$...$..TFormMessageDlg.chbCheck=Don't show this message again$...... .. .......... ... .........$Diese Meldung nicht mehr anzeigen$Ne pas montrer ce message$No mostrar este mensaje en adelante$Non visualizzare pi. questo messaggio$$..TFormMessageDlg.pnlBtns=pnlBtns$$$$$$$..TFormUnregisteredVersion.btnContinue=Cont

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-U55IL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4329032
Entropy (8bit):	6.640576014317949
Encrypted:	false
SSDEEP:	98304:PwGoALcjM7s4HxwpFNTlgLjzFfaw3O1JoXRD:4Go6zJHxwp9gLfFD3OWD
MD5:	9EE026F5D3E90F185BF63530B6EE430F
SHA1:	988EC38D1486CDF0EE88159188E5FF15AB4C5756
SHA-256:	6574B58803DA494A019F8A864A5E388B9A9088732F4ABE57E65C7DC28F639A87
SHA-512:	1C379451C46F53CBC5A81CC638F725D45E0CBE2BFF4D49365CD689F4CD3BC2B1480397671DD1265496572A88A156AD9AD74F5218D4596755FF9C0AC2504C3C83
Malicious:	false
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\is-U55IL.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....tCJ..........................................@...........................B......sB.......... ....................2......@2.&<...`9...............B.H....P@.............................02......................................................text.............-................. ..`.data............~....-.............@....tls......... 2......z1.............@....rdata.......02......\|1.............@..P.idata...@...@2..>...~1.............@..@.edata........2.......1.............@..@

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	InnoSetup Log AVS YouTube Uploader 2.1, version 0x30, 15122 bytes, 103386\user, "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader"
Category:	dropped
Size (bytes):	15122
Entropy (8bit):	4.489318011218506
Encrypted:	false
SSDEEP:	192:vK4TJ9NiQFdmvKhTcNtOvnQ/REb3eaCvS2mXmmRmIUmUICSBwmJ:SYJ9NxXmyhTcz0nQ/RK3eaC61/U0wmJ
MD5:	C89B3B8F415E1D35494ED183952E51AB
SHA1:	DCD286E4120CB28DF6F29EE8237333111C6DCECA
SHA-256:	664D4E766F4FF999AD4DC6D2821A97861D0DE42F9F48B857E2F2711ADB898D43
SHA-512:	CE0726A7EA182AEEC985B0A73A6D2559B093A3146C786BB56BE933F48A4B8334B049553F99C254C33D4C103C6BA0BF8F750E193F40BB553BA4B58A26A54699CC
Malicious:	false
Preview:	Inno Setup Uninstall Log (b)....................................AVS YouTube Uploader 2.1........................................................................................................AVS YouTube Uploader 2.1........................................................................................................0........;..%................................................................................................................?T..........;.......Q....103386.user1C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader...........&.(.=.. ......1..._.IFPS........1....................................................................................................BOOLEAN...................................................TFILESTREAM....TFILESTREAM.........."...........!MAIN....-1.#...C.......ISVCREDISTINSTALL....16..REGGETSUBKEYNAMES..........GETARRAYLENGTH.......STRGET.........REGQUERYSTRINGVALUE..........f...Q.......INSTALLMSVCR80....-1..EXPANDCONSTANT........SHELLEXEC...........

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	695690
Entropy (8bit):	6.478348740690027
Encrypted:	false
SSDEEP:	12288:T/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxyH:rvksLWtkrPi37NzHDA6Yg5dsfoTzsxyH
MD5:	D691E7BF18E4BFBE529F42A5BC31BE20
SHA1:	F4D4ECC3B9DA2941D350F8434EDFA30BBBC8434C
SHA-256:	E107A7EA8AD8491B24FE084829B72C454EF5B2867F6612DD7E60830E5423DFB6
SHA-512:	AFCC185FEBCACF6BF06E5A7A53B16A162E5707FB463E1EDC99165EDA2F1219909B3C5C41B6F535D251D51E4B9518170F1EA55AE3304E04A8C2197802A48986D9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredis1.cab (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 252968 bytes, 1 file, at 0x2c +A "FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8", ID 4303, number 1, 20 datablocks, 0x1503 compression
Category:	dropped
Size (bytes):	252968
Entropy (8bit):	7.99823087561724
Encrypted:	true
SSDEEP:	6144:jZZNW4mlCRYT6pbIuwDU7+Q3JgE/sJYQu0xf0Gg/uvw3Ls:jjNQrThU7le3YafI/uMLs
MD5:	AA85AA3738ACFE30E197D9DFD5C3428D
SHA1:	7F3EE53BD967265AFE32B31D75B4F6C47363654A
SHA-256:	AF3560EF0C55C7E4EFF2170C63E7860498B5830E405A3841F96C91601E62E108
SHA-512:	E1BF248D6425F6BA91BF0A1F3D364321B09477AF9BE2F31F8BF6D92DEFBADDFBAB8F3E6284262742378F1F87D60D06EEE3B98FB081E60F9FB6F19C1797489861
Malicious:	false
Preview:	MSCF....(.......,...................z..................5.. .FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8.y....#..[.... .....P..%1.P...OIW.7F[...KA...<U.I).RmHf..f..`...p.M.n]0a&n... .3.43wg...`...1....^.p.&...y.2.TW.\|ar.?w..vy....x.,...+/.2...K...+[.......B.....B....NX....... ...........A.'.o{...xa........s..3.....?......3....@.....f`X...:..&..\...G...cCOjihbg]i....3..3...P[....V.M...%.D.."..%u.F5.........y..R#...s.O.l.+...3...\|...R.q..(.E.3..................4..c)...{%.K......o.....y..s....FB._3.h..).;_.c.?.K....F..nh..G......4.>.@/.E.......J..2a.E....G..nI.?.A_`Qk]v]j......g..K Q.ji_ih.`_4.R.JIJX+.?:.....3m.I.TI.........&..t.O.....N...BP...1...H..&.IP...........2...0!t.@...Zk....+.mb.*....x..Q....G.L\|.p.../......g..8$.#./..T.A,.sb.(.....DT....%..@....WPi.....g....gt.~ .@............g.N.X...b..t.!-.we(JCx.?.....W&....".4n.. yDn....e...J.#.w.&d ......CL..`.&.b+..... ....;..i...WW.T.....J...T..ve....%.....j.....N.a.......

C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredist.msi (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Create Time/Date: Mon Jun 21 09:00:00 1999, Number of Pages: 200, Code page: 1252, Title: Installation Database, Subject: Microsoft Visual C++ 2005 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Visual C++ 2005 Redistributable RTL x86 enu; Copyright (C) Microsoft Corporation, All rights reserved., Template: Intel;0, Revision Number: {675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}, Name of Creating Application: Visual Studio Setup Build Engine (BuildMod.DLL), Security: 2, Last Saved Time/Date: Fri Dec 1 22:24:46 2006, Number of Words: 2
Category:	dropped
Size (bytes):	2818048
Entropy (8bit):	7.6656649403020625
Encrypted:	false
SSDEEP:	49152:88iG59xjcLHWNTpMYeJscoTpqlLrditJ35bForUCfSwcJoJB/I4GzJCKG:N9tSA8418LZ6hyf8qz/IjJO
MD5:	DC1AB7CE3B89FC7CAC369D8B246CDAFE
SHA1:	C9A2D5A312F770189C4B65CB500905E4773C14AD
SHA-256:	DDE77DD3473D3D07C459F17CD267F96F19264F976F2FCC85B4BBBECF26487560
SHA-512:	E554B8B36A7A853D4E6EFB4E6FAF2D784F41E8D26EDAFBB1689A944BF0A7A4B58258D820A3FADA1496B8C8D295D8771FC713B29127D54A3FBC317659B7565CBE
Malicious:	false
Preview:	......................>...................)...............8...................y...z...........J.......q...r...s...t...u...v...w...x...y...z...{...\|...}...~...........................................F...G...H...I...J...K...L...M...u...............................................................................................................................................................................................................................................................................................R................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......6...0...1...2...3...4...5...X...7...?...e...:...;...<...=...>.../...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...S...`...T...U...V...W...Y...]...Z...[...\...^..._...a...f...i...b...c...d...g...&...h...j...l...n...k...m...o...p...r...q...t...s...u.......v.......w...x...........

C:\Program Files (x86)\AVS4YOU\License Agreement.rtf (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
Category:	dropped
Size (bytes):	6804
Entropy (8bit):	5.03289213909086
Encrypted:	false
SSDEEP:	96:5B4fNhYifQnHpXeGxYwTxOd4WkkyG8lUPC2CP/CMcNVr/TIjVmDqGsKrZKPdcK3k:8fhQGyGc/ioQ7KFZ3JHJ/uE2
MD5:	739B4875B32564CDD98F55D3B0C1BBBC
SHA1:	C1219DA774186F10C4B5CD7AFCAA613F7C722545
SHA-256:	B0EFDCE0F882B09029BA076D4BF38075DE8967437DC882CB22A998E0F6C79EC6
SHA-512:	D79BE5C34126DF1736EB05330682321EEF3EA6B8C37CB966B42CA9BBFA9A22C0941CCC440C967AD634BEB2A64B3ECA64CCF9DF387A254537EF538021ED414E41
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fswiss\fcharset204{\\fname Arial;}Arial CYR;}{\f1\fswiss\fcharset0 Arial;}}..{\\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 END-USER LICENSE AGREEMENT FOR SOFTWARE PRODUCTS OF ONLINE MEDIA TECHNOLOGIES LTD.\par..\par..IMPORTANT-READ CAREFULLY: This End-User License Agreement is a legal Agreement between you and Online Media Technologies Ltd for the applicable Software Products of Online Media Technologies Ltd. Do not copy, install, or use the Software Products provided under this license agreement ("Agreement"), until you have carefully read the following terms and conditions.\par..\par..Any reproduction or redistribution of Software Products or any of its components not in accordance with the End-User License Agreement is expressly prohibited by law, and may result in severe civil and criminal penalties. \par..\par..Definitions: Software Products shall mean and include AVS4YOU Software and AVSMedia Software. \pa

C:\Program Files (x86)\AVS4YOU\Registration.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4291656
Entropy (8bit):	6.65162816355716
Encrypted:	false
SSDEEP:	49152:4g3mQJEINh0TVKKB21rEO20Nfcu7aIazkfgP1C3iYGwM7bktAWiyGp12P4nMX6k0:4gdJ9LCarEH0Nfc2azkfgh5F
MD5:	3B62C71C2695A75861F684481C387ED4
SHA1:	53C2443A160E2621917143E2F4B56A3606F05238
SHA-256:	5BDC0EDA5EF0DAC4E1185751EADF039F38ADA97506A5A138E4AC3566EDFF1BD2
SHA-512:	523215CA8BA54D39F6601CC63AE8441CAB087271431611EE20414E630B683C4B3B34E02EC8F68E79788A2292B2AA986DDA411E5267025A4C3FBF5A4FB6801DFC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L...N.AJ..........................................@..........................PB.......A.......... ...................03.......2.t=....9..............pA.H.....?...............................2......................................................text............................... ..`.data............L..................@....tls..........2......*2.............@....rdata........2......,2.............@..P.idata...@....2..>....2.............@..@.edata.......03......l2.............@..@

C:\Program Files (x86)\AVS4YOU\Registration.sil (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	data
Category:	dropped
Size (bytes):	13458
Entropy (8bit):	5.769617337955602
Encrypted:	false
SSDEEP:	192:CHn9+3uO0rYzEPNMvh4Pb3s+FMBZcmFMkk:CHn437APNMXBZcmFMkk
MD5:	208811DF1676110E0627767B2F14C7B1
SHA1:	0FB9FF136A653DD25DD9EBD7A7945E9C77439132
SHA-256:	62AF7DCF23BC6ADC01E7756C5711B57EB46855644BD631D03AA9F8E97584BC18
SHA-512:	2B9695B77A59B74F6A2CD66C0B289A923165D3D9F9D1B18023037D2B4326AEA1160B981649DDF43FBA37128674440AE00D44F38B78722F923DDEFFEA15AB4885
Malicious:	false
Preview:	[Captions]..TFormMessageDlg.chbCheck=Don't show this message again~!@#$...... .. .......... ... .........~!@#$Diese Meldung nicht mehr anzeigen~!@#$Ne pas afficher ce message~!@#$No mostrar este mensaje en adelante~!@#$Non visualizzare pi. questo messaggio~!@#$........b.Z.[.W..\.......~!@#$..TFormMessageDlg.pnlBtns=pnlBtns~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$..TFormRegistration.btnCancel=Cancel~!@#$......~!@#$Abbrechen~!@#$Annuler~!@#$Cancelar~!@#$Cancella~!@#$...~!@#$..TFormRegistration.btnOk=Ok~!@#$..~!@#$OK~!@#$OK~!@#$OK~!@#$OK~!@#$...~!@#$..TFormRegistration.lblBuyNow=Buy now...~!@#$.........~!@#$Jetzt kaufen~!@#$Acheter...~!@#$Comprar ahora...~!@#$Acquista...~!@#$.......w...B.B.B~!@#$..TFormRegistration.lblCaption=Please enter license key, after that click OK button.~!@#$....... ............ .... . ....... ...~!@#$Bitte, den Lizenzschl.ssel eingeben und auf OK klicken.~!@#$Entrez, svp, la cl. de licence et cliquez sur OK~!@#$Por favor introduzca la calve de licencia, luego pu

C:\Program Files (x86)\AVS4YOU\Uninstall.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3929672
Entropy (8bit):	6.6165686772016095
Encrypted:	false
SSDEEP:	49152:uJADffL7FAhifrBbduRGmUZONgZJv8sP5+era1Vl4/yVHVlBbZjaIGIHp/M7bkt5:aAD3vNNuGmyONgZJVP57rgVl4/yh9EWf
MD5:	1BEF0EB13AE3DF0FFD5298C3931779B5
SHA1:	D92D25284DE61B86B26D3A9491A1E9E8CCEDCA55
SHA-256:	082171BE2A4E436CAF1240B9A0A8EEA3E83381088D2CD33C0BB36C472DB12CFF
SHA-512:	39E8952342D2BD6B84D382652894C60DA782C8359466BE5DB2BD6D67191B5841C7F712AD4193704AADD22C05D3782EDD198FC935ADFD978E4BD41DE397698088
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L.....AJ....................p......@............@...........................<.......<.......... ..........................P..Y:...@5..@............;.H.....:..1...........................@.......................................................text............................. ..`.data....p........................@....tls.........0........-.............@....rdata.......@........-.............@..P.idata...@...P...<....-.............@..@.edata................-.............@..@

C:\Program Files (x86)\AVS4YOU\Uninstall.sil (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	Non-ISO extended-ASCII text, with very long lines (862), with CRLF line terminators
Category:	dropped
Size (bytes):	11424
Entropy (8bit):	5.689727888407247
Encrypted:	false
SSDEEP:	96:qmPBgss6j4lr6QHN4Lu0zVIzF+2u3aICF6ulOIANpy1TGKE/MNkcrd4fHjlB0Atw:1PBgssU4t1HUSYCzey1SMvh4Pb3S
MD5:	58B9890EA3D2FBB6512C355274EC5A18
SHA1:	A6F5B8C5E5964228AA1FEBFD17D4CEF10A1EF84D
SHA-256:	783E6B692CDCEF35CD0179C526FACAC62E1A8FE35024C38B220EA9AAD0B72711
SHA-512:	B73A298A130467DF3B40A3650BC44B98A7883E20ACCC070FCBEB6A7E465EFC06BC87612BDA0FF834F504E1EDBD09380BDBEE65579C61D7E8DC675536A74995A4
Malicious:	false
Preview:	[Captions]..TFormMain.btnCheck=Check All~!@#$........ ...~!@#$Alles aktivieren~!@#$Cocher Tout~!@#$Marcar todo~!@#$Seleziona tutto~!@#$.......`.F.b.N~!@#$..TFormMain.btnClose=Close~!@#$.......~!@#$Schlie.en~!@#$Fermer~!@#$Cerrar~!@#$Chiudi~!@#$.....~!@#$..TFormMain.btnUncheck=Uncheck All~!@#$..... .......~!@#$Alles deaktivieren~!@#$D.cocher Tout~!@#$Desmarcar todo~!@#$Deseleziona tutto~!@#$.......A...`.F.b.N~!@#$..TFormMain.btnUninstall=Uninstall~!@#$.......~!@#$Deinstallieren~!@#$D.sinstaller~!@#$Desinstalar~!@#$Disinstalla~!@#$.A...C...X.g.[..~!@#$..TFormMain.chFeedback=Open a feedback page~!@#$....... ........ .....~!@#$Webseite .ffnen~!@#$Ouvrir la page du site~!@#$Abrir la p.gina de descargas~!@#$Apri la pagina del sito~!@#$.t.B.[.h.o.b.N.y.[.W...J..~!@#$..TFormMain.TFormMain=Uninstall~!@#$.......~!@#$Deinstallieren~!@#$D.sinstaller~!@#$Desinstalar~!@#$Disinstalla~!@#$.A...C...X.g.[..~!@#$..TFormMessageDlg.chbCheck=Don't show this message again~!@#$...... .. .......... ... ..

C:\Program Files (x86)\AVS4YOU\is-1BGLU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	Non-ISO extended-ASCII text, with very long lines (862), with CRLF line terminators
Category:	dropped
Size (bytes):	11424
Entropy (8bit):	5.689727888407247
Encrypted:	false
SSDEEP:	96:qmPBgss6j4lr6QHN4Lu0zVIzF+2u3aICF6ulOIANpy1TGKE/MNkcrd4fHjlB0Atw:1PBgssU4t1HUSYCzey1SMvh4Pb3S
MD5:	58B9890EA3D2FBB6512C355274EC5A18
SHA1:	A6F5B8C5E5964228AA1FEBFD17D4CEF10A1EF84D
SHA-256:	783E6B692CDCEF35CD0179C526FACAC62E1A8FE35024C38B220EA9AAD0B72711
SHA-512:	B73A298A130467DF3B40A3650BC44B98A7883E20ACCC070FCBEB6A7E465EFC06BC87612BDA0FF834F504E1EDBD09380BDBEE65579C61D7E8DC675536A74995A4
Malicious:	false
Preview:	[Captions]..TFormMain.btnCheck=Check All~!@#$........ ...~!@#$Alles aktivieren~!@#$Cocher Tout~!@#$Marcar todo~!@#$Seleziona tutto~!@#$.......`.F.b.N~!@#$..TFormMain.btnClose=Close~!@#$.......~!@#$Schlie.en~!@#$Fermer~!@#$Cerrar~!@#$Chiudi~!@#$.....~!@#$..TFormMain.btnUncheck=Uncheck All~!@#$..... .......~!@#$Alles deaktivieren~!@#$D.cocher Tout~!@#$Desmarcar todo~!@#$Deseleziona tutto~!@#$.......A...`.F.b.N~!@#$..TFormMain.btnUninstall=Uninstall~!@#$.......~!@#$Deinstallieren~!@#$D.sinstaller~!@#$Desinstalar~!@#$Disinstalla~!@#$.A...C...X.g.[..~!@#$..TFormMain.chFeedback=Open a feedback page~!@#$....... ........ .....~!@#$Webseite .ffnen~!@#$Ouvrir la page du site~!@#$Abrir la p.gina de descargas~!@#$Apri la pagina del sito~!@#$.t.B.[.h.o.b.N.y.[.W...J..~!@#$..TFormMain.TFormMain=Uninstall~!@#$.......~!@#$Deinstallieren~!@#$D.sinstaller~!@#$Desinstalar~!@#$Disinstalla~!@#$.A...C...X.g.[..~!@#$..TFormMessageDlg.chbCheck=Don't show this message again~!@#$...... .. .......... ... ..

C:\Program Files (x86)\AVS4YOU\is-CN3OV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
Category:	dropped
Size (bytes):	6804
Entropy (8bit):	5.03289213909086
Encrypted:	false
SSDEEP:	96:5B4fNhYifQnHpXeGxYwTxOd4WkkyG8lUPC2CP/CMcNVr/TIjVmDqGsKrZKPdcK3k:8fhQGyGc/ioQ7KFZ3JHJ/uE2
MD5:	739B4875B32564CDD98F55D3B0C1BBBC
SHA1:	C1219DA774186F10C4B5CD7AFCAA613F7C722545
SHA-256:	B0EFDCE0F882B09029BA076D4BF38075DE8967437DC882CB22A998E0F6C79EC6
SHA-512:	D79BE5C34126DF1736EB05330682321EEF3EA6B8C37CB966B42CA9BBFA9A22C0941CCC440C967AD634BEB2A64B3ECA64CCF9DF387A254537EF538021ED414E41
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fswiss\fcharset204{\\fname Arial;}Arial CYR;}{\f1\fswiss\fcharset0 Arial;}}..{\\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 END-USER LICENSE AGREEMENT FOR SOFTWARE PRODUCTS OF ONLINE MEDIA TECHNOLOGIES LTD.\par..\par..IMPORTANT-READ CAREFULLY: This End-User License Agreement is a legal Agreement between you and Online Media Technologies Ltd for the applicable Software Products of Online Media Technologies Ltd. Do not copy, install, or use the Software Products provided under this license agreement ("Agreement"), until you have carefully read the following terms and conditions.\par..\par..Any reproduction or redistribution of Software Products or any of its components not in accordance with the End-User License Agreement is expressly prohibited by law, and may result in severe civil and criminal penalties. \par..\par..Definitions: Software Products shall mean and include AVS4YOU Software and AVSMedia Software. \pa

C:\Program Files (x86)\AVS4YOU\is-G618K.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4291656
Entropy (8bit):	6.65162816355716
Encrypted:	false
SSDEEP:	49152:4g3mQJEINh0TVKKB21rEO20Nfcu7aIazkfgP1C3iYGwM7bktAWiyGp12P4nMX6k0:4gdJ9LCarEH0Nfc2azkfgh5F
MD5:	3B62C71C2695A75861F684481C387ED4
SHA1:	53C2443A160E2621917143E2F4B56A3606F05238
SHA-256:	5BDC0EDA5EF0DAC4E1185751EADF039F38ADA97506A5A138E4AC3566EDFF1BD2
SHA-512:	523215CA8BA54D39F6601CC63AE8441CAB087271431611EE20414E630B683C4B3B34E02EC8F68E79788A2292B2AA986DDA411E5267025A4C3FBF5A4FB6801DFC
Malicious:	false
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\AVS4YOU\is-G618K.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L...N.AJ..........................................@..........................PB.......A.......... ...................03.......2.t=....9..............pA.H.....?...............................2......................................................text............................... ..`.data............L..................@....tls..........2......*2.............@....rdata........2......,2.............@..P.idata...@....2..>....2.............@..@.edata.......03......l2.............@..@

C:\Program Files (x86)\AVS4YOU\is-G84EM.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	data
Category:	dropped
Size (bytes):	13458
Entropy (8bit):	5.769617337955602
Encrypted:	false
SSDEEP:	192:CHn9+3uO0rYzEPNMvh4Pb3s+FMBZcmFMkk:CHn437APNMXBZcmFMkk
MD5:	208811DF1676110E0627767B2F14C7B1
SHA1:	0FB9FF136A653DD25DD9EBD7A7945E9C77439132
SHA-256:	62AF7DCF23BC6ADC01E7756C5711B57EB46855644BD631D03AA9F8E97584BC18
SHA-512:	2B9695B77A59B74F6A2CD66C0B289A923165D3D9F9D1B18023037D2B4326AEA1160B981649DDF43FBA37128674440AE00D44F38B78722F923DDEFFEA15AB4885
Malicious:	false
Preview:	[Captions]..TFormMessageDlg.chbCheck=Don't show this message again~!@#$...... .. .......... ... .........~!@#$Diese Meldung nicht mehr anzeigen~!@#$Ne pas afficher ce message~!@#$No mostrar este mensaje en adelante~!@#$Non visualizzare pi. questo messaggio~!@#$........b.Z.[.W..\.......~!@#$..TFormMessageDlg.pnlBtns=pnlBtns~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$~!@#$..TFormRegistration.btnCancel=Cancel~!@#$......~!@#$Abbrechen~!@#$Annuler~!@#$Cancelar~!@#$Cancella~!@#$...~!@#$..TFormRegistration.btnOk=Ok~!@#$..~!@#$OK~!@#$OK~!@#$OK~!@#$OK~!@#$...~!@#$..TFormRegistration.lblBuyNow=Buy now...~!@#$.........~!@#$Jetzt kaufen~!@#$Acheter...~!@#$Comprar ahora...~!@#$Acquista...~!@#$.......w...B.B.B~!@#$..TFormRegistration.lblCaption=Please enter license key, after that click OK button.~!@#$....... ............ .... . ....... ...~!@#$Bitte, den Lizenzschl.ssel eingeben und auf OK klicken.~!@#$Entrez, svp, la cl. de licence et cliquez sur OK~!@#$Por favor introduzca la calve de licencia, luego pu

C:\Program Files (x86)\AVS4YOU\is-JBP6O.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3929672
Entropy (8bit):	6.6165686772016095
Encrypted:	false
SSDEEP:	49152:uJADffL7FAhifrBbduRGmUZONgZJv8sP5+era1Vl4/yVHVlBbZjaIGIHp/M7bkt5:aAD3vNNuGmyONgZJVP57rgVl4/yh9EWf
MD5:	1BEF0EB13AE3DF0FFD5298C3931779B5
SHA1:	D92D25284DE61B86B26D3A9491A1E9E8CCEDCA55
SHA-256:	082171BE2A4E436CAF1240B9A0A8EEA3E83381088D2CD33C0BB36C472DB12CFF
SHA-512:	39E8952342D2BD6B84D382652894C60DA782C8359466BE5DB2BD6D67191B5841C7F712AD4193704AADD22C05D3782EDD198FC935ADFD978E4BD41DE397698088
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L.....AJ....................p......@............@...........................<.......<.......... ..........................P..Y:...@5..@............;.H.....:..1...........................@.......................................................text............................. ..`.data....p........................@....tls.........0........-.............@....rdata.......@........-.............@..P.idata...@...P...<....-.............@..@.edata................-.............@..@

C:\Program Files (x86)\AVS4YOU\is-R5S93.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	23790
Entropy (8bit):	6.322736448552289
Encrypted:	false
SSDEEP:	384:H93pzoGcXm6g7KYRlz10Mo6O4mOirdABfHNZ8iK6oZFvlSb4lA7tt/:H93pxcXmB7DTSMo6tmtkPMzZFcbeA7/
MD5:	564C13EF5587B8EC4E7FEEE47F7952FC
SHA1:	DF91A8B835BF1449678970AB16E70B3DADF9E907
SHA-256:	074A04F852F639F8A5C260D1337DAC85AE8847A6431A93F15CDE47663272A479
SHA-512:	5D40AF460ED78039743EE579D88383F03D5A22A81F283343FC529277261DEC48E8F3A63E529D4448C04998AF5CFC142EF847433BD2BCA96287D49AD884323865
Malicious:	false
Preview:	ITSF....`..................\|.{.......".....\|.{......."..`...............x.......T........................\..............ITSP....T...........................................j..].!......."..T...............PMGLl................/..../#IDXHDR...4.../#ITBITS..../#STRINGS...Q)./#SYSTEM....:./#TOPICS...40./#URLSTR....I./#URLTBL...d$./$FIftiMain..../$OBJINST...u.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...q../$WWKeywordLinks/..../$WWKeywordLinks/Property...m../AVS4YOU.hhc...j./Contents.css...e.@./Contents.htm..\|.../default.css...%.H./images/..../images/avs4you_logo.gif... .E./images/bg1.jpg....~./images/logo.gif....../Index.htm..j.../Introduction/..../Introduction/Welcome.htm....y.::DataSpace/NameList..<(::DataSpace/Storage/MSCompressed/Content..@.*,::DataSpace/Storage/MSCompressed/ControlData.j.)::DataSpace/Storage/MSCompressed/SpanInfo.b./::DataSpace/Storage/MSCompressed/Transform/List.<&_::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/Instanc

C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	130120
Entropy (8bit):	6.103105539066782
Encrypted:	false
SSDEEP:	3072:cEm1GDe4FwrqLhzZ5ILxdPamnu20QRpjOlMnNuoGa:SGaNYAdPamZRpjOlMMM
MD5:	8883C097B5031E44013D56EC8726BC29
SHA1:	70673FD5F2177E292AB1ECD47C5BB109672FE4B9
SHA-256:	AB56BE65CD64FA5E66C44943DECF2E87416A5CA7C09C0F621AECA9EF79A1C714
SHA-512:	89E63E2CD8E726C8AF5B29B32B695792BA9034F29A29892F980B489A92AA009EA20CAB5F68D2620DBBE484851709D6B499B122946A8DE39445E1C592142EDA01
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.)Z).zZ).zZ).z...z[).z}..z_).z}..zJ).z}..zK).zZ).z.).z}..zK).z}..z[).z}..z[).z}..z[).zRichZ).z........................PE..L....7.H...........!..... ...................0......................................t,.......................................w..........................H....... ....3...............................H..@............0..t............................text............ .................. ..`.rdata...T...0...`...0..............@..@.data............ ..................@....rsrc............ ..................@..@.reloc..:........ ..................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\Repairing.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3694664
Entropy (8bit):	6.601630448112952
Encrypted:	false
SSDEEP:	49152:/tA3rixvTNIgfF7hVirkxWaDoNCqsFhV3ahwFoFNPrM3IbItIvYEq5Y7bktrP4nO:/u3k3V3xWeoNCqqUhwFoF5YERO
MD5:	F5CEFE691A777016A3AAC240088FFA43
SHA1:	2F4C093ED7B99C0D0443D52AC404D794936F9C2C
SHA-256:	ED87A0E970DADF2FF767CC2EB199D4651D89A2A8D1D1791C2A8904289CF84B97
SHA-512:	FB4E57DFC636C68F38F8EB6995C440328CCBB68833B2F4F06984347D272F12B64BE3D26D87295C43C154EFACD8254C372C9D6D0413D8470933954AC39B6C2995
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L...f.AJ.................p(.. ................(...@.......................... 9.....xe8.......... ....................,..=....+.S:...@2..............T8.H.....7.\.............................+......................................................text....p(......f(................. ..`.data.... ....(......l(.............@....tls..........+.......*.............@....rdata........+.......+.............@..P.idata...@....+..<....+.............@..@.edata...@....,..>...>+.............@..@

C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BAU28.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	130120
Entropy (8bit):	6.103105539066782
Encrypted:	false
SSDEEP:	3072:cEm1GDe4FwrqLhzZ5ILxdPamnu20QRpjOlMnNuoGa:SGaNYAdPamZRpjOlMMM
MD5:	8883C097B5031E44013D56EC8726BC29
SHA1:	70673FD5F2177E292AB1ECD47C5BB109672FE4B9
SHA-256:	AB56BE65CD64FA5E66C44943DECF2E87416A5CA7C09C0F621AECA9EF79A1C714
SHA-512:	89E63E2CD8E726C8AF5B29B32B695792BA9034F29A29892F980B489A92AA009EA20CAB5F68D2620DBBE484851709D6B499B122946A8DE39445E1C592142EDA01
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.)Z).zZ).zZ).z...z[).z}..z_).z}..zJ).z}..zK).zZ).z.).z}..zK).z}..z[).z}..z[).z}..z[).zRichZ).z........................PE..L....7.H...........!..... ...................0......................................t,.......................................w..........................H....... ....3...............................H..@............0..t............................text............ .................. ..`.rdata...T...0...`...0..............@..@.data............ ..................@....rsrc............ ..................@..@.reloc..:........ ..................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3694664
Entropy (8bit):	6.601630448112952
Encrypted:	false
SSDEEP:	49152:/tA3rixvTNIgfF7hVirkxWaDoNCqsFhV3ahwFoFNPrM3IbItIvYEq5Y7bktrP4nO:/u3k3V3xWeoNCqqUhwFoF5YERO
MD5:	F5CEFE691A777016A3AAC240088FFA43
SHA1:	2F4C093ED7B99C0D0443D52AC404D794936F9C2C
SHA-256:	ED87A0E970DADF2FF767CC2EB199D4651D89A2A8D1D1791C2A8904289CF84B97
SHA-512:	FB4E57DFC636C68F38F8EB6995C440328CCBB68833B2F4F06984347D272F12B64BE3D26D87295C43C154EFACD8254C372C9D6D0413D8470933954AC39B6C2995
Malicious:	false
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OIOKM.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L...f.AJ.................p(.. ................(...@.......................... 9.....xe8.......... ....................,..=....+.S:...@2..............T8.H.....7.\.............................+......................................................text....p(......f(................. ..`.data.... ....(......l(.............@....tls..........+.......*.............@....rdata........+.......+.............@..P.idata...@....+..<....+.............@..@.edata...@....,..>...>+.............@..@

C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1714544
Entropy (8bit):	7.992597571801831
Encrypted:	true
SSDEEP:	24576:y2UkYx+6Sm3iIckT4ZkPMWe+TkuAGLCoWICDzh1PPLknHFqhtblFS+xWS6sjy+Jo:y2xYQ97ATWAJzk0wL7jkHght3jLWy2au
MD5:	097CF14425923F9A4A72C775E768F381
SHA1:	4B41CD3094C4E03B10CB3E7B323CC1C83B19E1CD
SHA-256:	25C8AB8A9B7D58119DD42960B548E7C84ABFF05D1EEE0FAD252B18A5570A4910
SHA-512:	3BAA8CAE5E5F29410AD58E6FE13D8B8A153F24FBC714621B61709E1FE1DFD5CD1FDDAF6A111500CACE450D2ACF41B568294F04188655DD3A4EE32C133E9301DE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.....................D......X.............@..........................@...................@..............................P..................(...H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc.............................@..P.............@......................@..P........................................................................................................................................

C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1947336
Entropy (8bit):	7.994097638145568
Encrypted:	true
SSDEEP:	49152:p2wXvMdZfUlUNT5gb1OX3/NGQmqWmo8tolZCwra9:81dZs42b1E/bmvd8t8Du
MD5:	C8814999AA2AAE4F1FF915C4B0B40912
SHA1:	50F13DABCE256D2AFB97FC421B9C4DE28C5570CB
SHA-256:	D773B00D0322BA3EBE5DA00D9DF538290CE633997A1FE175962497CABB2FB6A8
SHA-512:	D294A2197378886CE170E83DF545BC38C17EA5B5AC3A55E5414796BC54D76DEB33DB1D1B55B0FE2A2CF11CE3ECE98B9BFB6B39FA3D72DF16C92E9B8459B86107
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.....................D......X.............@..........................@......}............@..............................P......................H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc.............................@..P.............@......................@..P........................................................................................................................................

C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-62FLE.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	695642
Entropy (8bit):	6.478360956824147
Encrypted:	false
SSDEEP:	12288:T/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxyP:rvksLWtkrPi37NzHDA6Yg5dsfoTzsxyP
MD5:	23E2A9D3FF40F2F6EF4BFED87B2F8808
SHA1:	60F2471677B2D370E10281BCCE0EC0B292BFFFEC
SHA-256:	32C2AB4A4F2F531DDC23AF72C352631A365996589CE89867924F468F2246AAA1
SHA-512:	2880A6F3F87CCDCF2056F915291AADBF72342227525885CFA2C145A3E4789A39B955B63842B661413993640BF354152E61791719801B6224F695FB7DC375C91F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-74BKC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1714544
Entropy (8bit):	7.992597571801831
Encrypted:	true
SSDEEP:	24576:y2UkYx+6Sm3iIckT4ZkPMWe+TkuAGLCoWICDzh1PPLknHFqhtblFS+xWS6sjy+Jo:y2xYQ97ATWAJzk0wL7jkHght3jLWy2au
MD5:	097CF14425923F9A4A72C775E768F381
SHA1:	4B41CD3094C4E03B10CB3E7B323CC1C83B19E1CD
SHA-256:	25C8AB8A9B7D58119DD42960B548E7C84ABFF05D1EEE0FAD252B18A5570A4910
SHA-512:	3BAA8CAE5E5F29410AD58E6FE13D8B8A153F24FBC714621B61709E1FE1DFD5CD1FDDAF6A111500CACE450D2ACF41B568294F04188655DD3A4EE32C133E9301DE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.....................D......X.............@..........................@...................@..............................P..................(...H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc.............................@..P.............@......................@..P........................................................................................................................................

C:\Program Files (x86)\Common Files\AVSMedia\Registration\is-HAFFP.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1947336
Entropy (8bit):	7.994097638145568
Encrypted:	true
SSDEEP:	49152:p2wXvMdZfUlUNT5gb1OX3/NGQmqWmo8tolZCwra9:81dZs42b1E/bmvd8t8Du
MD5:	C8814999AA2AAE4F1FF915C4B0B40912
SHA1:	50F13DABCE256D2AFB97FC421B9C4DE28C5570CB
SHA-256:	D773B00D0322BA3EBE5DA00D9DF538290CE633997A1FE175962497CABB2FB6A8
SHA-512:	D294A2197378886CE170E83DF545BC38C17EA5B5AC3A55E5414796BC54D76DEB33DB1D1B55B0FE2A2CF11CE3ECE98B9BFB6B39FA3D72DF16C92E9B8459B86107
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.....................D......X.............@..........................@......}............@..............................P......................H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc.............................@..P.............@......................@..P........................................................................................................................................

C:\Program Files (x86)\Common Files\AVSMedia\Registration\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	InnoSetup Log AVS Registration, version 0x30, 4769 bytes, 103386\user, "C:\Program Files (x86)\Common Files\AVSMedia\Registration"
Category:	dropped
Size (bytes):	4769
Entropy (8bit):	5.089551996468859
Encrypted:	false
SSDEEP:	96:QUQyJdvfosR8AKA4L7ICSss/LrXA5r8kUffbDRDpcX/8ztvp:QUxdvfo9nICSsAD7D
MD5:	1D8F6CA4A2788B7C40B1111F3AE9C455
SHA1:	AE8442B9EE67B942964C828A703638D9EF163C68
SHA-256:	6BED6EEDB8D3C4D90D57FAF4D9D6F56E8FD7B9830C0F4C91AA899C91995C1733
SHA-512:	41A7D10310A9541026B49982AD013F3401BD87FDF9DB846BB4D15CF0DF81836E63A40156B851668B21AF0B266A696FFDA3647C09C79CB6A024A7F5321CF62924
Malicious:	false
Preview:	Inno Setup Uninstall Log (b)....................................AVS Registration................................................................................................................AVS Registration................................................................................................................0...!.......%.................................................................................................................V...........h.......Y....103386.user9C:\Program Files (x86)\Common Files\AVSMedia\Registration...........&./.... ..........-.IFPS.............................................................................................................BOOLEAN...........................!MAIN....-1.....V.......INITIALIZESETUP....16..FILEEXISTS........EXPANDCONSTANT........REGDELETEVALUE.........2...........DEINITIALIZESETUP....-1..REGQUERYDWORDVALUE...........GETCMDTAIL.......POS.........REGWRITEDWORDVALUE......................CURSTEPCHANGED....-1 @18. ..........

C:\Program Files (x86)\Common Files\AVSMedia\Registration\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	695642
Entropy (8bit):	6.478360956824147
Encrypted:	false
SSDEEP:	12288:T/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxyP:rvksLWtkrPi37NzHDA6Yg5dsfoTzsxyP
MD5:	23E2A9D3FF40F2F6EF4BFED87B2F8808
SHA1:	60F2471677B2D370E10281BCCE0EC0B292BFFFEC
SHA-256:	32C2AB4A4F2F531DDC23AF72C352631A365996589CE89867924F468F2246AAA1
SHA-512:	2880A6F3F87CCDCF2056F915291AADBF72342227525885CFA2C145A3E4789A39B955B63842B661413993640BF354152E61791719801B6224F695FB7DC375C91F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	625152
Entropy (8bit):	6.572070144111249
Encrypted:	false
SSDEEP:	12288:QscuWja/7ff/RwkK04Vve+u5spKZQdyxMfgj:/Oja/7ff/RVKReO
MD5:	E4BA094FFBCA3F398C5DDC931E9AD620
SHA1:	C9B6BA6E0B5EC8A4245A753BD666F5F106CC3F9E
SHA-256:	643D29919F996EBC74850135A3937583908D49D8AC202BC5267A9C0F9CDF0FEE
SHA-512:	3AB4DBA2A9569C79EE032496582CA3D251F83D997704F339D86258440D6F77ED5E63B035AB5A16101E47526456A54B6CA1FDF3366F21852AC214D29657C770BD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z...z...z....N.~....L.y...z......]Kl.b....Io.{...]Kk.{...]K\|....]K......]Km.{...]Ki.{...Richz...................PE..L....PqE...........!................jA....... ....7.................................................................0...........(....p......................0...e..P...................................@............................................text............................... ..`.data....J... ...&..................@....rsrc.......p.......8..............@..@.reloc......0......................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\AVS Update Manager.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri May 24 14:38:53 2024, mtime=Fri May 24 14:38:53 2024, atime=Mon Jun 15 16:41:30 2009, length=4413000, window=hide
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.650540313530998
Encrypted:	false
SSDEEP:	24:8mQ/KI7EndOE4yj5Kzf5zQAhYB/XWdo1tdoHUUvBHqyFm:8mKK1ndOYj5mBzn2FWdo1tdo0ryF
MD5:	1E5703471C1FCE0CE2B38C81F6B0ECB8
SHA1:	A691E6B0B9C06D0670553E822B14527768B9FE74
SHA-256:	FA5E97AACDE3B1E7C8B4A5972B67398CE1A90906D791BDC400C064FFDAC087A1
SHA-512:	7360BB460FC7713EE1AFF2F06403898E96AC083567C1308E7EC9A6D7413A83338AB75D630D57F782B29BBE18AF13A2102A461197F84D0E167A92CD761F6D4D16
Malicious:	false
Preview:	L..................F.... ....Dl{...eC.{...........HVC..........................P.O. .:i.....+00.../C:\.....................1......X.\|..PROGRA~2.........O.I.X.\|....................V.....c_..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.\|..AVS4YOU.@......X.\|.X.\|.............................A.V.S.4.Y.O.U.....j.1......X.\|..AVSUPD~1..R......X.\|.X.\|.....=....................Z.#.A.V.S.U.p.d.a.t.e.M.a.n.a.g.e.r.....v.2.HVC..:/. .AVSUPD~1.EXE..Z......X.\|.X.\|.....=........................A.V.S.U.p.d.a.t.e.M.a.n.a.g.e.r...e.x.e.......s...............-.......r............o.E.....C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe..S.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.U.p.d.a.t.e.M.a.n.a.g.e.r.\.A.V.S.U.p.d.a.t.e.M.a.n.a.g.e.r...e.x.e./.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.U.p.d.a.t.e.M.a.n.a.g.e.r.........*................@Z\|...K.J

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\AVS4YOU Software Navigator.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri May 24 14:38:50 2024, mtime=Fri May 24 14:38:50 2024, atime=Wed Jun 24 14:45:54 2009, length=8524360, window=hide
Category:	dropped
Size (bytes):	1388
Entropy (8bit):	4.6394534871730535
Encrypted:	false
SSDEEP:	24:8mWUI7EndOE45eA/2QPE3C8KTiPE3ayAtY8IdePE3iWPE3mdePE3uUUvBPqyFm:8m11ndOre7z3Ux3CKVdd3g3mdd33DyF
MD5:	5787ABC1C53A20FDDA61F95131610C66
SHA1:	6B46E305630976F609924C1074B2DB71CA9B8127
SHA-256:	04D08969830A91D5E6242594D0AA12B8546CD9AF8FF926CB21925A6DD9023A5A
SHA-512:	D5BC86E54AD08F9E57D181DD5005C1DFA1A10BD17B1BFB5517D081A6A40E7D125A766E1C3A0CDE7F416818A5B4437C20187277E1B17B1977ED3CAEF370185D13
Malicious:	false
Preview:	L..................F.... ....F.y...9..y..........H............................P.O. .:i.....+00.../C:\.....................1......X.\|..PROGRA~2.........O.I.X.\|....................V.....c_..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.\|..AVS4YOU.@......X.\|.X.\|..........................h9.A.V.S.4.Y.O.U.....r.1......X.\|..AVSSOF~1..Z......X.\|.X.\|....~:........................A.V.S.S.o.f.t.w.a.r.e.N.a.v.i.g.a.t.o.r.......2.H....:.} .AVS4YO~1.EXE..j......X.\|.X.\|.....:........................A.V.S.4.Y.O.U.S.o.f.t.w.a.r.e.N.a.v.i.g.a.t.o.r...e.x.e.......................-.......~............o.E.....C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe.._.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.S.o.f.t.w.a.r.e.N.a.v.i.g.a.t.o.r.\.A.V.S.4.Y.O.U.S.o.f.t.w.a.r.e.N.a.v.i.g.a.t.o.r...e.x.e.3.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Activation.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri May 24 14:38:48 2024, mtime=Fri May 24 14:38:48 2024, atime=Wed Jun 24 12:49:06 2009, length=4291656, window=hide
Category:	dropped
Size (bytes):	1047
Entropy (8bit):	4.721914148493525
Encrypted:	false
SSDEEP:	24:8DI7EndOE45eZ+K+TtLAwY0dxteoUUvBzqyFm:8D1ndOreZ+uz0dy9XyF
MD5:	D62921307322AFC87DB22AEE90D445CE
SHA1:	447AA2506CC34AD7EB73950343311624EB23FF13
SHA-256:	D10A0EB0424FFF1BC08440722626D112E0C9C780A1D874DA20D11FFB78CA0292
SHA-512:	D24F88CB31A3CC5CA60F10C50F69251F800C49E2E552057663683B0D21BA44CF1956DF4249628A4771D4A9B14C1BE11C576D55E19F96E848090D4F0FAFF46C9D
Malicious:	false
Preview:	L..................F.... ...kk'x...j.Hx.....t.....H\|A..........................P.O. .:i.....+00.../C:\.....................1......X.\|..PROGRA~2.........O.I.X.\|....................V.....c_..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.\|..AVS4YOU.@......X.\|.X.\|..........................h9.A.V.S.4.Y.O.U.....n.2.H\|A..:#n .REGIST~1.EXE..R......X.\|.X.\|..... ........................R.e.g.i.s.t.r.a.t.i.o.n...e.x.e.......^...............-.......]............o.E.....C:\Program Files (x86)\AVS4YOU\Registration.exe..>.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.R.e.g.i.s.t.r.a.t.i.o.n...e.x.e.........*................@Z\|...K.J.........`.......X.......103386...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.........9...1SPS..mD..pH.H

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Help.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri May 24 14:38:49 2024, mtime=Fri May 24 14:38:49 2024, atime=Mon Apr 13 13:29:52 2009, length=23790, window=hide
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	4.670136432159923
Encrypted:	false
SSDEEP:	24:89kub/I7EndOE45eBhzUAPYVOduVUUvBjqyFm:8Nb/1ndOreBhzjQVOdTfyF
MD5:	EA6CF3612741494BAEE803B23C8D159C
SHA1:	CB5292E04FFDC10C0B3A09695D730A35991D5B21
SHA-256:	C3E79C850B23550C302CEC1FDF1801B1838A8CA05FBF2A52C0C8CC25ABB2F0F5
SHA-512:	477595B9C57FC0F5ABED88424AC4B9B474D3B9B827B10CAD52915B76C62D1F8FC2A7F092E87AA818EDF12608CE4B615F61E48B21CA6676DE165D35A360AA8004
Malicious:	false
Preview:	L..................F.... ......y...5M.y.....ND....\...........................P.O. .:i.....+00.../C:\.....................1......X.\|..PROGRA~2.........O.I.X.\|....................V.....c_..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.\|..AVS4YOU.@......X.\|.X.\|..........................h9.A.V.S.4.Y.O.U.....l.2..\...:.s .AVS4YO~1.CHM..P......X.\|.X.\|.....4........................A.V.S.4.Y.O.U.H.e.l.p...c.h.m.......]...............-.......\............o.E.....C:\Program Files (x86)\AVS4YOU\AVS4YOUHelp.chm..=.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.4.Y.O.U.H.e.l.p...c.h.m.........*................@Z\|...K.J.........`.......X.......103386...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\License Agreement.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri May 24 14:38:49 2024, mtime=Fri May 24 14:38:49 2024, atime=Mon Apr 13 13:29:52 2009, length=6804, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.6389448016148895
Encrypted:	false
SSDEEP:	24:8m8yXl/I7EndOE45e4tAxYwOdEtEd9KZUUvBpZfqyFm:8m8yd1ndOre4mmwOdEtEd9tyZCyF
MD5:	854792249BA6841A3F1AE30B92B62DAB
SHA1:	F426E126C52E6410DA2B7083C6C8C73B60385B81
SHA-256:	DAFF3592FAA9D90FFA4C758E797EFA78C924F024F8FBB3E8ADF9B6246E012094
SHA-512:	B95B776E8ED812BEBDA2E850AEEDAF665F4BA20E36AA16CE68D998EFC22A5CB843769DD665F43882D5B75330D6581F3D47A8F9C7D9A1BF343DF3BD97A997B9AB
Malicious:	false
Preview:	L..................F.... ...5t.y....8.y.....ND................................P.O. .:i.....+00.../C:\.....................1......X.\|..PROGRA~2.........O.I.X.\|....................V.....c_..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.\|..AVS4YOU.@......X.\|.X.\|..........................h9.A.V.S.4.Y.O.U.....x.2......:.s .LICENS~1.RTF..\......X.\|.X.\|.....7........................L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...r.t.f.......c...............-.......b............o.E.....C:\Program Files (x86)\AVS4YOU\License Agreement.rtf..C.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...r.t.f.9.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.o.m.m.o.n. .F.i.l.e.s.\.A.V.S.M.e.d.i.a.\.R.e.g.i.s.t.r.a.t.i.o.n.........*................@Z\|...K.J.........`.......X.......103386...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,..................1SPS.XF.L8C..

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Repair.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri May 24 14:38:48 2024, mtime=Fri May 24 14:38:48 2024, atime=Wed Jun 24 12:45:42 2009, length=3694664, window=hide
Category:	dropped
Size (bytes):	1286
Entropy (8bit):	4.705580791236841
Encrypted:	false
SSDEEP:	24:85I7EndOEnuPJsb3uxzAkEY6d9FnHLJJBIhIqyFm:851ndOeuPisUM6d9dHL2hRyF
MD5:	2C81AF9FC672A368F8074E0D1C1967E6
SHA1:	30C3268A8135E151B48B5A7E2028FA3F4B0AE565
SHA-256:	92A46AD2DE71616A94EC27D704FF33A59A2DDF2A1E788415A80C54C21CDDF2E9
SHA-512:	9B2AA4F2CFA4295819184CA3A0F4E5A931B98A1FCA1D73BE6FCC0C85A879282F4945BF76488549FA8E43174A52EE00F27FE7435E8F6941C4A99275AC4E58C86D
Malicious:	false
Preview:	L..................F.... ...YTqx.....zx...........H`8.....................A....P.O. .:i.....+00.../C:\.....................1......X.\|..PROGRA~2.........O.I.X.\|....................V.....c_..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....b.1.....DW.W..COMMON~1..J......O.IDW/`...........................=}.C.o.m.m.o.n. .F.i.l.e.s.....Z.1......X.\|..AVSMedia..B......X.\|.X.\|.... .......................Z.A.V.S.M.e.d.i.a.....V.1......X.\|..ActiveX.@......X.\|.X.\|....!.....................F...A.c.t.i.v.e.X.....h.2.H`8..:.m .REPAIR~1.EXE..L......X.\|.X.\|.....#........................R.e.p.a.i.r.i.n.g...e.x.e.......q...............-.......p............o.E.....C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\Repairing.exe..Q.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.o.m.m.o.n. .F.i.l.e.s.\.A.V.S.M.e.d.i.a.\.A.c.t.i.v.e.X.\.R.e.p.a.i.r.i.n.g...e.x.e.........,...'...........$M....>M...EQ ..'...`.......X.......103386..

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Video\AVS YouTube Uploader.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Fri May 24 14:38:46 2024, mtime=Fri May 24 14:38:47 2024, atime=Thu Jun 25 20:01:28 2009, length=4329032, window=hide
Category:	dropped
Size (bytes):	2274
Entropy (8bit):	3.6430572544848587
Encrypted:	false
SSDEEP:	24:8KI7EndOE4livCx5nmiu6yAlYbdOdTdzL8w7VUUvBHqyFm:8K1ndO/ivo5nmb6RSbdOdTdzIkWjyF
MD5:	597CFC07E23AB3D8124400AB39259217
SHA1:	BE338260036B05960AED4E503510C00BDDE5F6D8
SHA-256:	B8931D1B17CC1C29298BA89CAFAE6598BA66DBCD867BB3BAA4A169DBCB8639D1
SHA-512:	A41D112B4DCD70F9CE7899D58A8262C15DAC0E31154C6707430BF947BB088C9060599A00D8ADCC11594D6F06530405BFBF1E59E019BE88536420DA7496BCC42E
Malicious:	false
Preview:	L..................F.@.. .....Pw.....w..........H.B..........................P.O. .:i.....+00.../C:\.....................1......X.\|..PROGRA~2.........O.I.X.\|....................V.....c_..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.\|..AVS4YOU.@......X.\|.X.\|.........................c_..A.V.S.4.Y.O.U.....n.1......X.\|..AVSYOU~1..V......X.\|.X.\|.........................x)\|.A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r.....z.2.H.B..:.. .AVSYOU~1.EXE..^......X.\|.X.\|..............................A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r...e.x.e.......w...............-.......v............o.E.....C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe..Z.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r.\.A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r...e.x.e.1.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r.C.C.

C:\Users\user\AppData\Local\Temp\MSId1d64.LOG

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (369), with CRLF line terminators
Category:	dropped
Size (bytes):	838
Entropy (8bit):	3.7198571552428974
Encrypted:	false
SSDEEP:	12:Qw5Hk3zfU1XQ9ouLGUnFYelmSTMlWlKUnDurH/Qdc1Ll2lLrG5Tvvg8gN65KHAS:QkHk3YKouLG8FjmYkWQUEHg0RKOdnTJS
MD5:	437C08F60F76CBD41B42BA25D5080B0F
SHA1:	3E42776DFF207F2965F70045A5907A2521629970
SHA-256:	6D8C0759D931427336F946C862CB207F8813B7C5EAD0411043680A2309E63EB4
SHA-512:	19ABAEE4D80C0A1FAC72D7154381F994F41488887C95DA066A09C4FF621A34544ACAACBEFE56474B9E2B8161852609D6F5DE6B30D52A94C27B7833DCF05243E8
Malicious:	false
Preview:	..E.r.r.o.r. .1.9.3.5...A.n. .e.r.r.o.r. .o.c.c.u.r.r.e.d. .d.u.r.i.n.g. .t.h.e. .i.n.s.t.a.l.l.a.t.i.o.n. .o.f. .a.s.s.e.m.b.l.y. .'.M.i.c.r.o.s.o.f.t...V.C.8.0...A.T.L.,.t.y.p.e.=.".w.i.n.3.2.".,.v.e.r.s.i.o.n.=.".8...0...5.0.7.2.7...7.6.2.".,.p.u.b.l.i.c.K.e.y.T.o.k.e.n.=.".1.f.c.8.b.3.b.9.a.1.e.1.8.e.3.b.".,.p.r.o.c.e.s.s.o.r.A.r.c.h.i.t.e.c.t.u.r.e.=.".x.8.6.".'... .P.l.e.a.s.e. .r.e.f.e.r. .t.o. .H.e.l.p. .a.n.d. .S.u.p.p.o.r.t. .f.o.r. .m.o.r.e. .i.n.f.o.r.m.a.t.i.o.n... .H.R.E.S.U.L.T.:. .0.x.8.0.0.7.0.4.2.2... .a.s.s.e.m.b.l.y. .i.n.t.e.r.f.a.c.e.:. .I.A.s.s.e.m.b.l.y.C.a.c.h.e.I.t.e.m.,. .f.u.n.c.t.i.o.n.:. .C.o.m.m.i.t.,. .c.o.m.p.o.n.e.n.t.:. .{.9.7.F.8.1.A.F.1.-.0.E.4.7.-.D.C.9.9.-.A.0.1.F.-.C.8.B.3.B.9.A.1.E.1.8.E.}.....=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.5./.2.0.2.4. . .1.1.:.3.8.:.4.5. .=.=.=.....

C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_RegDLL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3584
Entropy (8bit):	4.012434743866195
Encrypted:	false
SSDEEP:	48:iAnz1hEU3FR/pmqBl8/QMCBaquEMx5BCwSS4k+bkguj0K:pz1eEFNcqBC/Qrex5MSKD
MD5:	C594B792B9C556EA62A30DE541D2FB03
SHA1:	69E0207515E913243B94C2D3A116D232FF79AF5F
SHA-256:	5DCC1E0A197922907BCA2C4369F778BD07EE4B1BBBDF633E987A028A314D548E
SHA-512:	387BD07857B0DE67C04E0ABF89B754691683F30515726045FF382DA9B6B7F36570E38FAE9ECA5C4F0110CE9BB421D8045A5EC273C4C47B5831948564763ED144
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................\|.......\|.......\|......Rich............PE..L.....%E..................................... ....@..........................@..............................................l ..P....0..8............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...8....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	4.203889009972449
Encrypted:	false
SSDEEP:	48:SvTmfWvPcXegCWUo1vlZwrAxoONfHFZONfH3d1xCWMBgW2p3SS4k+bkg6j0K:nfkcXegjJ/ZgYNzcld1xamW2pCSKv
MD5:	B4604F8CD050D7933012AE4AA98E1796
SHA1:	36B7D966C7F87860CD6C46096B397AA23933DF8E
SHA-256:	B50B7AC03EC6DA865BF4504C7AC1E52D9F5B67C7BCB3EC0DB59FAB24F1B471C5
SHA-512:	3057AA4810245DA0B340E1C70201E5CE528CFDC5A164915E7B11855E3A5B9BA0ED77FBC542F5E4EB296EA65AF88F263647B577151068636BA188D8C4FD44E431
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d......E..........#............................@.............................`..............................................................<!.......P..8....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...8....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-39TF8.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:	384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp

Download File

Process:	C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685056
Entropy (8bit):	6.469782512324722
Encrypted:	false
SSDEEP:	12288:L/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxy:jvksLWtkrPi37NzHDA6Yg5dsfoTzsxy
MD5:	52950AC9E2B481453082F096120E355A
SHA1:	159C09DB1ABCEE9114B4F792FFBA255C78A6E6C3
SHA-256:	25FBC88C7C967266F041AE4D47C2EAE0B96086F9E440CCA10729103AEE7EF6CD
SHA-512:	5B61C28BBCAEDADB3B6CD3BB8A392D18016C354C4C16E01395930666ADDC95994333DFC45BEA1A1844F6F1585E79C729136D3714AC118B5848BECDE0BDB182BA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp

Download File

Process:	C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685056
Entropy (8bit):	6.469782512324722
Encrypted:	false
SSDEEP:	12288:L/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxy:jvksLWtkrPi37NzHDA6Yg5dsfoTzsxy
MD5:	52950AC9E2B481453082F096120E355A
SHA1:	159C09DB1ABCEE9114B4F792FFBA255C78A6E6C3
SHA-256:	25FBC88C7C967266F041AE4D47C2EAE0B96086F9E440CCA10729103AEE7EF6CD
SHA-512:	5B61C28BBCAEDADB3B6CD3BB8A392D18016C354C4C16E01395930666ADDC95994333DFC45BEA1A1844F6F1585E79C729136D3714AC118B5848BECDE0BDB182BA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685056
Entropy (8bit):	6.469782512324722
Encrypted:	false
SSDEEP:	12288:L/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxy:jvksLWtkrPi37NzHDA6Yg5dsfoTzsxy
MD5:	52950AC9E2B481453082F096120E355A
SHA1:	159C09DB1ABCEE9114B4F792FFBA255C78A6E6C3
SHA-256:	25FBC88C7C967266F041AE4D47C2EAE0B96086F9E440CCA10729103AEE7EF6CD
SHA-512:	5B61C28BBCAEDADB3B6CD3BB8A392D18016C354C4C16E01395930666ADDC95994333DFC45BEA1A1844F6F1585E79C729136D3714AC118B5848BECDE0BDB182BA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_RegDLL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3584
Entropy (8bit):	4.012434743866195
Encrypted:	false
SSDEEP:	48:iAnz1hEU3FR/pmqBl8/QMCBaquEMx5BCwSS4k+bkguj0K:pz1eEFNcqBC/Qrex5MSKD
MD5:	C594B792B9C556EA62A30DE541D2FB03
SHA1:	69E0207515E913243B94C2D3A116D232FF79AF5F
SHA-256:	5DCC1E0A197922907BCA2C4369F778BD07EE4B1BBBDF633E987A028A314D548E
SHA-512:	387BD07857B0DE67C04E0ABF89B754691683F30515726045FF382DA9B6B7F36570E38FAE9ECA5C4F0110CE9BB421D8045A5EC273C4C47B5831948564763ED144
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................\|.......\|.......\|......Rich............PE..L.....%E..................................... ....@..........................@..............................................l ..P....0..8............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...8....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	4.203889009972449
Encrypted:	false
SSDEEP:	48:SvTmfWvPcXegCWUo1vlZwrAxoONfHFZONfH3d1xCWMBgW2p3SS4k+bkg6j0K:nfkcXegjJ/ZgYNzcld1xamW2pCSKv
MD5:	B4604F8CD050D7933012AE4AA98E1796
SHA1:	36B7D966C7F87860CD6C46096B397AA23933DF8E
SHA-256:	B50B7AC03EC6DA865BF4504C7AC1E52D9F5B67C7BCB3EC0DB59FAB24F1B471C5
SHA-512:	3057AA4810245DA0B340E1C70201E5CE528CFDC5A164915E7B11855E3A5B9BA0ED77FBC542F5E4EB296EA65AF88F263647B577151068636BA188D8C4FD44E431
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d......E..........#............................@.............................`..............................................................<!.......P..8....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...8....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-ELOIK.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:	384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_RegDLL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3584
Entropy (8bit):	4.012434743866195
Encrypted:	false
SSDEEP:	48:iAnz1hEU3FR/pmqBl8/QMCBaquEMx5BCwSS4k+bkguj0K:pz1eEFNcqBC/Qrex5MSKD
MD5:	C594B792B9C556EA62A30DE541D2FB03
SHA1:	69E0207515E913243B94C2D3A116D232FF79AF5F
SHA-256:	5DCC1E0A197922907BCA2C4369F778BD07EE4B1BBBDF633E987A028A314D548E
SHA-512:	387BD07857B0DE67C04E0ABF89B754691683F30515726045FF382DA9B6B7F36570E38FAE9ECA5C4F0110CE9BB421D8045A5EC273C4C47B5831948564763ED144
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................\|.......\|.......\|......Rich............PE..L.....%E..................................... ....@..........................@..............................................l ..P....0..8............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...8....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	4.203889009972449
Encrypted:	false
SSDEEP:	48:SvTmfWvPcXegCWUo1vlZwrAxoONfHFZONfH3d1xCWMBgW2p3SS4k+bkg6j0K:nfkcXegjJ/ZgYNzcld1xamW2pCSKv
MD5:	B4604F8CD050D7933012AE4AA98E1796
SHA1:	36B7D966C7F87860CD6C46096B397AA23933DF8E
SHA-256:	B50B7AC03EC6DA865BF4504C7AC1E52D9F5B67C7BCB3EC0DB59FAB24F1B471C5
SHA-512:	3057AA4810245DA0B340E1C70201E5CE528CFDC5A164915E7B11855E3A5B9BA0ED77FBC542F5E4EB296EA65AF88F263647B577151068636BA188D8C4FD44E431
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d......E..........#............................@.............................`..............................................................<!.......P..8....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...8....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-ITLAK.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:	384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_RegDLL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3584
Entropy (8bit):	4.012434743866195
Encrypted:	false
SSDEEP:	48:iAnz1hEU3FR/pmqBl8/QMCBaquEMx5BCwSS4k+bkguj0K:pz1eEFNcqBC/Qrex5MSKD
MD5:	C594B792B9C556EA62A30DE541D2FB03
SHA1:	69E0207515E913243B94C2D3A116D232FF79AF5F
SHA-256:	5DCC1E0A197922907BCA2C4369F778BD07EE4B1BBBDF633E987A028A314D548E
SHA-512:	387BD07857B0DE67C04E0ABF89B754691683F30515726045FF382DA9B6B7F36570E38FAE9ECA5C4F0110CE9BB421D8045A5EC273C4C47B5831948564763ED144
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................\|.......\|.......\|......Rich............PE..L.....%E..................................... ....@..........................@..............................................l ..P....0..8............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...8....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	4.203889009972449
Encrypted:	false
SSDEEP:	48:SvTmfWvPcXegCWUo1vlZwrAxoONfHFZONfH3d1xCWMBgW2p3SS4k+bkg6j0K:nfkcXegjJ/ZgYNzcld1xamW2pCSKv
MD5:	B4604F8CD050D7933012AE4AA98E1796
SHA1:	36B7D966C7F87860CD6C46096B397AA23933DF8E
SHA-256:	B50B7AC03EC6DA865BF4504C7AC1E52D9F5B67C7BCB3EC0DB59FAB24F1B471C5
SHA-512:	3057AA4810245DA0B340E1C70201E5CE528CFDC5A164915E7B11855E3A5B9BA0ED77FBC542F5E4EB296EA65AF88F263647B577151068636BA188D8C4FD44E431
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d......E..........#............................@.............................`..............................................................<!.......P..8....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...8....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-LTD3E.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:	384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp

Download File

Process:	C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685056
Entropy (8bit):	6.469782512324722
Encrypted:	false
SSDEEP:	12288:L/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxy:jvksLWtkrPi37NzHDA6Yg5dsfoTzsxy
MD5:	52950AC9E2B481453082F096120E355A
SHA1:	159C09DB1ABCEE9114B4F792FFBA255C78A6E6C3
SHA-256:	25FBC88C7C967266F041AE4D47C2EAE0B96086F9E440CCA10729103AEE7EF6CD
SHA-512:	5B61C28BBCAEDADB3B6CD3BB8A392D18016C354C4C16E01395930666ADDC95994333DFC45BEA1A1844F6F1585E79C729136D3714AC118B5848BECDE0BDB182BA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\AVS YouTube Uploader.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Fri May 24 14:38:46 2024, mtime=Fri May 24 14:38:47 2024, atime=Thu Jun 25 20:01:28 2009, length=4329032, window=hide
Category:	dropped
Size (bytes):	2274
Entropy (8bit):	3.6442687265614477
Encrypted:	false
SSDEEP:	24:8NI7EndOE4livCx5nmiu6yAlYbdOdTdzL8w7VUUvBHqyFm:8N1ndO/ivo5nmb6RSbdOdTdzIkWjyF
MD5:	241083C58CF4889D5CF36DD86ED6F4AE
SHA1:	6CC3C2922F17FE6DFA0451E6B350DDA75769A138
SHA-256:	3C25BF960D6942AA9B6A462753498C799F8AA28C822DC9DCC902210DAF5445D1
SHA-512:	C92402AC3F20E074D2F48A8968CB062FFE38237593D01048D1E0DD9D4F244D5B6989277B742BEA55F9A86CD940B25BF1ED5C1F7D048D10888AEBCB7BA089F42B
Malicious:	false
Preview:	L..................F.@.. .....Pw.....w..........H.B..........................P.O. .:i.....+00.../C:\.....................1......X.\|..PROGRA~2.........O.I.X.\|....................V.....c_..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.\|..AVS4YOU.@......X.\|.X.\|.........................c_..A.V.S.4.Y.O.U.....n.1......X.\|..AVSYOU~1..V......X.\|.X.\|.........................x)\|.A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r.....z.2.H.B..:.. .AVSYOU~1.EXE..^......X.\|.X.\|..............................A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r...e.x.e.......w...............-.......v............o.E.....C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe..Z.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r.\.A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r...e.x.e.1.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r.C.C.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Uninstall.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri May 24 14:38:48 2024, mtime=Fri May 24 14:38:48 2024, atime=Wed Jun 24 12:48:14 2009, length=3929672, window=hide
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	4.700129124041671
Encrypted:	false
SSDEEP:	24:8ij7I7EndOE45eMYGAJYRdeh8oUUvBjqyFm:8A71ndOreMY9ORdeh89PyF
MD5:	A0C05D9FC00CED3656130A77C3EF6943
SHA1:	F3BA18AFFDC15FA5A1B13AFF756400937AD57DC3
SHA-256:	F5D484DB282720950CC562E7212AB9C089800D1A84E78FA48C9CB5D4C251C9E6
SHA-512:	D7F6A71F6859D97ED56A66AD066AC0789314965040B2F56AE28837AED624C79A430151457113F92F2F17B49F79329C57B2FD9CA6FAF786BEDB0FAEA3186B9155
Malicious:	false
Preview:	L..................F.... ...5.Tx...k.cx....cvk....H.;..........................P.O. .:i.....+00.../C:\.....................1......X.\|..PROGRA~2.........O.I.X.\|....................V.....c_..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.\|..AVS4YOU.@......X.\|.X.\|..........................h9.A.V.S.4.Y.O.U.....h.2.H.;..:.n .UNINST~1.EXE..L......X.\|.X.\|..... ........................U.n.i.n.s.t.a.l.l...e.x.e.......[...............-.......Z............o.E.....C:\Program Files (x86)\AVS4YOU\Uninstall.exe..D.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.U.n.i.n.s.t.a.l.l...e.x.e.........*................@Z\|...K.J.........`.......X.......103386...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.........9...1SPS..mD..p

C:\Users\user\Desktop\AVS YouTube Uploader.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri May 24 14:38:46 2024, mtime=Fri May 24 14:38:47 2024, atime=Thu Jun 25 20:01:28 2009, length=4329032, window=hide
Category:	dropped
Size (bytes):	1326
Entropy (8bit):	4.670790578496069
Encrypted:	false
SSDEEP:	24:8maI7EndOE4livCx5nmiu6yAlYvdOdLUUvBHqyFm:8ma1ndO/ivo5nmb6RSvdOdgjyF
MD5:	7FF39FCB970E38EAAA7C8FF1280CA9A1
SHA1:	14D425421D8E2997ABA5614AA9BD641876BC9A56
SHA-256:	DE7DEA2DFD03DE1B4AC52B52A7C0D9BA5279E63D2A61F7CE8E2AD44663C029EC
SHA-512:	A0452EECA1C81B57FBA25B0ED2DB545B48F3448BA5BF6A294131EFE30276BAA8275A10EA5B7A193AF5AF1EACBAC57FDE418288D0712DE593588B602352E12C07
Malicious:	false
Preview:	L..................F.... .....Pw......w..........H.B..........................P.O. .:i.....+00.../C:\.....................1......X.\|..PROGRA~2.........O.I.X.\|....................V.....c_..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.\|..AVS4YOU.@......X.\|.X.\|.........................c_..A.V.S.4.Y.O.U.....n.1......X.\|..AVSYOU~1..V......X.\|.X.\|.........................x)\|.A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r.....z.2.H.B..:.. .AVSYOU~1.EXE..^......X.\|.X.\|..............................A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r...e.x.e.......w...............-.......v............o.E.....C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe..N.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r.\.A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r...e.x.e.1.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.Y.o.u.T.u.b.e.U.p.l.o.a.d.e.r.........*................@Z\|

C:\Users\user\Desktop\AVS4YOU Software Navigator.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri May 24 14:38:50 2024, mtime=Fri May 24 14:38:51 2024, atime=Wed Jun 24 14:45:54 2009, length=8524360, window=hide
Category:	dropped
Size (bytes):	1370
Entropy (8bit):	4.653021225655023
Encrypted:	false
SSDEEP:	24:8mX3UI7EndOE4yjv/2QPE3C8KTiPE3ayAtY8ddePE3iWPE3mdePE3uUUvBPqyFm:8mU1ndOYj2z3Ux3CKodd3g3mdd33DyF
MD5:	3F01E0C5C239CA43165E5A411CC287DC
SHA1:	2E658EFECB1591557EA64A99C3B058BA5A5DCA14
SHA-256:	B3A548B7C7BACD3870CD0C1718458D265B2519D2911666A8222B59093995EFF2
SHA-512:	EC97DD352394BE9050E246EA6C7636B86AA884F0112B55C5612D086913683F10824492CD52353FCB2BBF8B5BA1C1F6CCC47E282B75B418583D7AF826D2AE20B3
Malicious:	false
Preview:	L..................F.... ....F.y......y..........H............................P.O. .:i.....+00.../C:\.....................1......X.\|..PROGRA~2.........O.I.X.\|....................V.....c_..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.\|..AVS4YOU.@......X.\|.X.\|.............................A.V.S.4.Y.O.U.....r.1......X.\|..AVSSOF~1..Z......X.\|.X.\|....~:........................A.V.S.S.o.f.t.w.a.r.e.N.a.v.i.g.a.t.o.r.......2.H....:.} .AVS4YO~1.EXE..j......X.\|.X.\|.....:........................A.V.S.4.Y.O.U.S.o.f.t.w.a.r.e.N.a.v.i.g.a.t.o.r...e.x.e.......................-.......~............o.E.....C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe..V.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.S.o.f.t.w.a.r.e.N.a.v.i.g.a.t.o.r.\.A.V.S.4.Y.O.U.S.o.f.t.w.a.r.e.N.a.v.i.g.a.t.o.r...e.x.e.3.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.S.o.f.t.w.a.r.e.N.

C:\Windows\Installer\4d11bc.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Create Time/Date: Mon Jun 21 09:00:00 1999, Number of Pages: 200, Code page: 1252, Title: Installation Database, Subject: Microsoft Visual C++ 2005 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Visual C++ 2005 Redistributable RTL x86 enu; Copyright (C) Microsoft Corporation, All rights reserved., Template: Intel;0, Revision Number: {675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}, Name of Creating Application: Visual Studio Setup Build Engine (BuildMod.DLL), Security: 2, Last Saved Time/Date: Fri Dec 1 22:24:46 2006, Number of Words: 2
Category:	dropped
Size (bytes):	2818048
Entropy (8bit):	7.6656649403020625
Encrypted:	false
SSDEEP:	49152:88iG59xjcLHWNTpMYeJscoTpqlLrditJ35bForUCfSwcJoJB/I4GzJCKG:N9tSA8418LZ6hyf8qz/IjJO
MD5:	DC1AB7CE3B89FC7CAC369D8B246CDAFE
SHA1:	C9A2D5A312F770189C4B65CB500905E4773C14AD
SHA-256:	DDE77DD3473D3D07C459F17CD267F96F19264F976F2FCC85B4BBBECF26487560
SHA-512:	E554B8B36A7A853D4E6EFB4E6FAF2D784F41E8D26EDAFBB1689A944BF0A7A4B58258D820A3FADA1496B8C8D295D8771FC713B29127D54A3FBC317659B7565CBE
Malicious:	false
Preview:	......................>...................)...............8...................y...z...........J.......q...r...s...t...u...v...w...x...y...z...{...\|...}...~...........................................F...G...H...I...J...K...L...M...u...............................................................................................................................................................................................................................................................................................R................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......6...0...1...2...3...4...5...X...7...?...e...:...;...<...=...>.../...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...S...`...T...U...V...W...Y...]...Z...[...\...^..._...a...f...i...b...c...d...g...&...h...j...l...n...k...m...o...p...r...q...t...s...u.......v.......w...x...........

C:\Windows\Installer\4d11bf.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Create Time/Date: Mon Jun 21 09:00:00 1999, Number of Pages: 200, Code page: 1252, Title: Installation Database, Subject: Microsoft Visual C++ 2005 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Visual C++ 2005 Redistributable RTL x86 enu; Copyright (C) Microsoft Corporation, All rights reserved., Template: Intel;0, Revision Number: {675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}, Name of Creating Application: Visual Studio Setup Build Engine (BuildMod.DLL), Security: 2, Last Saved Time/Date: Fri Dec 1 22:24:46 2006, Number of Words: 2
Category:	dropped
Size (bytes):	2818048
Entropy (8bit):	7.6656649403020625
Encrypted:	false
SSDEEP:	49152:88iG59xjcLHWNTpMYeJscoTpqlLrditJ35bForUCfSwcJoJB/I4GzJCKG:N9tSA8418LZ6hyf8qz/IjJO
MD5:	DC1AB7CE3B89FC7CAC369D8B246CDAFE
SHA1:	C9A2D5A312F770189C4B65CB500905E4773C14AD
SHA-256:	DDE77DD3473D3D07C459F17CD267F96F19264F976F2FCC85B4BBBECF26487560
SHA-512:	E554B8B36A7A853D4E6EFB4E6FAF2D784F41E8D26EDAFBB1689A944BF0A7A4B58258D820A3FADA1496B8C8D295D8771FC713B29127D54A3FBC317659B7565CBE
Malicious:	false
Preview:	......................>...................)...............8...................y...z...........J.......q...r...s...t...u...v...w...x...y...z...{...\|...}...~...........................................F...G...H...I...J...K...L...M...u...............................................................................................................................................................................................................................................................................................R................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......6...0...1...2...3...4...5...X...7...?...e...:...;...<...=...>.../...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...S...`...T...U...V...W...Y...]...Z...[...\...^..._...a...f...i...b...c...d...g...&...h...j...l...n...k...m...o...p...r...q...t...s...u.......v.......w...x...........

C:\Windows\Installer\MSI146C.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	3.741623752383387
Encrypted:	false
SSDEEP:	192:XOdG/6G4nnykxsdYZ+mrv2ySzLUHypLGgjuXFw5acHKBNtHjhuHWrkA9uBP1WWzT:P6GuZBrvkzAHyxxHKBdaA2dWWzm0ZH
MD5:	85221B3BCBA8DBE4B4A46581AA49F760
SHA1:	746645C92594BFC739F77812D67CFD85F4B92474
SHA-256:	F6E34A4550E499346F5AB1D245508F16BF765FF24C4988984B89E049CA55737F
SHA-512:	060E35C4DE14A03A2CDA313F968E372291866CC4ACD59977D7A48AC3745494ABC54DF83FFF63CF30BE4E10FF69A3B3C8B6C38F43EBD2A8D23D6C86FBEE7BA87D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........CnuS".&S".&S".&t.}&P".&S".&.".&t.{&X".&t.m&^".&t.z&R".&t.n&R".&t.x&R".&RichS".&........................PE..L...\..C...........!.....@... .......6.......P....@..........................p......I................................B.......=..x............................`......0...............................x...@............................................text....2.......@.................. ..`.data...h....P.......P..............@....reloc..<....`.......`..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSI1A39.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	48351
Entropy (8bit):	5.668012662174567
Encrypted:	false
SSDEEP:	768:xzRjRp+0WmhzrPe/j+IDlO8houSFUGpINF09wRXa92B+2/EuHK:Pt7WmJrPe/j+IDc8iHFNqNF09wRVw
MD5:	D72209CEE539E9D4FD9818C51D087A0F
SHA1:	634E15866A8D8E9165AA46888C479A8B5A96C47C
SHA-256:	CB670DD68F102075E539250BD2CB557758F00C9D73142F05BA8A52293B8A3E94
SHA-512:	DDA18F54811442EE7555F7387DE5554FD8DBF4E3377286DE27F135F5461D6F48B8D3F5A020A1E7C8097A916B31A3CAFDAD869DFC43B95B8E087FFA946DC22D66
Malicious:	false
Preview:	...@IXOS.@.....@.\.X.@.....@.....@.....@.....@.....@......&.{7299052b-02a4-4627-81f2-1818da5d550d}).Microsoft Visual C++ 2005 Redistributable..vcredist.msi.@.....@.....@.....@........&.{675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}.....@.....@.....@.....@.......@.....@.....@.......@....).Microsoft Visual C++ 2005 Redistributable......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{A49F249F-0C91-497F-86DF-B2585E8E76B7}?.02:\SOFTWARE\Microsoft\DevDiv\VC\Servicing\8.0\RED\1033\Install.@.......@.....@.....@......&.{EC50BE77-3064-11D5-A54A-0090278A1BB8}1.02:\SOFTWARE\Microsoft\DevDiv\VC\Servicing\8.0\SP.@.......@.....@.....@......&.{946F6004-4E08-BCAB-E01F-C8B3B9A1E18E}...@.......@.....@.....@......&.{97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}..>ATL80.dll\Microsoft.VC80.ATL,type="win32",version="8.0.50727.762",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"

C:\Windows\Installer\SourceHash{7299052b-02a4-4627-81f2-1818da5d550d}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.2012387787196108
Encrypted:	false
SSDEEP:	12:JSbX72FjasXAlfLIlHuRpqBhG7777777777777777777777777ZDHFyxMnK5ElwO:J/UIwZNdF
MD5:	4FFA52D92C2E0FE15FEA8AB01E717741
SHA1:	4283AB7D3661FE5C06EFFAE9F75F7F1263406751
SHA-256:	92E81C29E7D8A0FF3E1C86B029D20F00FA53667D4FE860916BC2C23952E24789
SHA-512:	147F71F165C9D267B213AFB7016A6A5B29DABA1A904592867D59C7716381A9C016FA37E28A09B8752A48699D0700665087C81DF1374AABAA425B5F18725AD1C5
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.607162113968056
Encrypted:	false
SSDEEP:	48:7Y8PhXuRc06WXJGFT5eAd9H+teSM9EdReSBgdjfdc0Z1N:DhX1dFTHyevGeq0Z
MD5:	6542BA5845108AEB0F548405EABA90B0
SHA1:	91D86FF83133110D327CC5D396D2DA16964E0A4E
SHA-256:	D0F91D41A881EBD0F866A05A90143FFE5309477DC96C0FEE757326554969F08C
SHA-512:	22ED6E5C1504495B788914FB672532355E84E3445EFCD27A034098C40BAD22CB9FACBD793BCF5D5A1BB9BABA8D5F0B50FA32E15B9E4B6B877EE5B418E596087F
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	432221
Entropy (8bit):	5.375173533335075
Encrypted:	false
SSDEEP:	1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauI:zTtbmkExhMJCIpEr1
MD5:	CD375125454DA650387BFDE8BDCA41AA
SHA1:	1BCA31924DAF126A39C2B3361C6DE40EA63A6772
SHA-256:	8D8197315A9939A38306C5E33C8A46704B77E809D9FCEDD0684B03E3425C02AE
SHA-512:	69BC0CAE4583AC8E7DC1082E3AAECD2A96BACD317AEC063286F5E9764D2FFE5C0C05D85189129A89AF7FF8670C4B95BEC8234ADB8B3FBF28B7B4F1ED20BCF0B8
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\SysWOW64\is-45HP1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	348160
Entropy (8bit):	6.542655141037356
Encrypted:	false
SSDEEP:	6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
MD5:	86F1895AE8C5E8B17D99ECE768A70732
SHA1:	D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
SHA-256:	8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
SHA-512:	3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4\|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\is-59604.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	344064
Entropy (8bit):	6.52555608733947
Encrypted:	false
SSDEEP:	6144:SJXaB17daPjFKMrwgWs0uh+PGdmkV2EfFMQiFbNrboYgxg0bCAO5Z09:yXaXJaPJKMrwgT0u0PGdmkV8O7rCLZy
MD5:	9972A6ED4F2388DBFA8E0A96F6F3FDF1
SHA1:	61B8F573DB448AE6351AE3475C2E7C482D81533C
SHA-256:	F68E4CDBC879423EA47D763A6768567F5F8063924F13A74239750C13FA8D168A
SHA-512:	D1B7513AE1176C9A933BADDCD1BF93FA089ECA605C8ABCFD628D3BEF2F194347CD96BB39D849EBC6D8DA350B292116CB2EFB8A001ACDB1B1CDE4EBDAD33FA33E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>x..z...z...z....:..y...z........=..o....=..7....=..v....=..{....=..{....=..{...Richz...................PE..L...t.6<...........!................$..............\|.........................@......0...................................0D..d...(...............................x......8...............................................h............................text....{.......................... ..`.rdata..............................@..@.data....f.......p..................@....rsrc...............................@..@.reloc..x.......0..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\is-AOVL1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	4.77119967188416
Encrypted:	false
SSDEEP:	384:7WpIWqSLH27qkIefKE33N4XBnK1QLt7Sq3RspdtierQ7+9xvbUxerpvovZmkun5V:6cSLHSxLyEtCYc3Rspdtz++992edoZH4
MD5:	5FEFD614BBD3FFA3712B172F70B1FDE2
SHA1:	0AAAC51DD0FEE84E4DCE999CDDFB61D8E5CC977D
SHA-256:	CE2F3131DDFA9B0DFCDDD2A4268E818A2631137FAADEEFA1CFADB5AFC7FEC381
SHA-512:	8CED9B86B6A90206433FE521AE92CED231699C9AED66356EF63EF52CAD8A4D149AAC23CF30521CF50CB5E64D800C7FFBF655E07FE6E82AF2E2BA2EC76A3917F1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..9...9...9......9......9.Rich..9.........................PE..L...k.e;...........!.........\.....................x................................Y...................................................HY...................p.......................................................................................rsrc...HY.......Z..................@..@.reloc.......p.......^..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\is-QQFVQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	487424
Entropy (8bit):	6.408566375114996
Encrypted:	false
SSDEEP:	12288:9O8OfiHNj7YwhUgiW6QR7t543Ooc8PHkC2ez6nua:9EfiH+3Ooc8PHkC2ez6nL
MD5:	D04F7AACA2319A3BCDB2C5D5DD6F6026
SHA1:	2F0C431BE7DA7F359BB75B9BA319D6F3DEA08919
SHA-256:	9255C60B194CF849F3DB54587627E1B8FCE10C88875748642B58EE8E27E22536
SHA-512:	876E9BACFF0B37EDAD56D419B1EDCCFEC9B49A71156B9F035611C9D56A13A9AABD03C5620450F18355CAAA006AD491859C726862BCFB44B6CA59FEB32C63E711
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F...'s..'s..'s./.j..'s..'r..'s./.j..'s./.3..'s./.n..'s./.o..'s./.L..'s./.6..'s./.N..'s.Rich.'s.........................PE..L...!.6<...........!................)%.............\|.........................p.......\|.............................. ...'...d...<.... .......................0...0..H...8............................................................................text............................... ..`.rdata..............................@..@.data....!.......0..................@....rsrc........ ....... ..............@..@.reloc...0...0...@...0..............@..B................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\msvcp70.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	487424
Entropy (8bit):	6.408566375114996
Encrypted:	false
SSDEEP:	12288:9O8OfiHNj7YwhUgiW6QR7t543Ooc8PHkC2ez6nua:9EfiH+3Ooc8PHkC2ez6nL
MD5:	D04F7AACA2319A3BCDB2C5D5DD6F6026
SHA1:	2F0C431BE7DA7F359BB75B9BA319D6F3DEA08919
SHA-256:	9255C60B194CF849F3DB54587627E1B8FCE10C88875748642B58EE8E27E22536
SHA-512:	876E9BACFF0B37EDAD56D419B1EDCCFEC9B49A71156B9F035611C9D56A13A9AABD03C5620450F18355CAAA006AD491859C726862BCFB44B6CA59FEB32C63E711
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F...'s..'s..'s./.j..'s..'r..'s./.j..'s./.3..'s./.n..'s./.o..'s./.L..'s./.6..'s./.N..'s.Rich.'s.........................PE..L...!.6<...........!................)%.............\|.........................p.......\|.............................. ...'...d...<.... .......................0...0..H...8............................................................................text............................... ..`.rdata..............................@..@.data....!.......0..................@....rsrc........ ....... ..............@..@.reloc...0...0...@...0..............@..B................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\msvcr70.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	344064
Entropy (8bit):	6.52555608733947
Encrypted:	false
SSDEEP:	6144:SJXaB17daPjFKMrwgWs0uh+PGdmkV2EfFMQiFbNrboYgxg0bCAO5Z09:yXaXJaPJKMrwgT0u0PGdmkV8O7rCLZy
MD5:	9972A6ED4F2388DBFA8E0A96F6F3FDF1
SHA1:	61B8F573DB448AE6351AE3475C2E7C482D81533C
SHA-256:	F68E4CDBC879423EA47D763A6768567F5F8063924F13A74239750C13FA8D168A
SHA-512:	D1B7513AE1176C9A933BADDCD1BF93FA089ECA605C8ABCFD628D3BEF2F194347CD96BB39D849EBC6D8DA350B292116CB2EFB8A001ACDB1B1CDE4EBDAD33FA33E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>x..z...z...z....:..y...z........=..o....=..7....=..v....=..{....=..{....=..{...Richz...................PE..L...t.6<...........!................$..............\|.........................@......0...................................0D..d...(...............................x......8...............................................h............................text....{.......................... ..`.rdata..............................@..@.data....f.......p..................@....rsrc...............................@..@.reloc..x.......0..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\msvcr71.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	348160
Entropy (8bit):	6.542655141037356
Encrypted:	false
SSDEEP:	6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
MD5:	86F1895AE8C5E8B17D99ECE768A70732
SHA1:	D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
SHA-256:	8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
SHA-512:	3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4\|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\msxml3a.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	4.77119967188416
Encrypted:	false
SSDEEP:	384:7WpIWqSLH27qkIefKE33N4XBnK1QLt7Sq3RspdtierQ7+9xvbUxerpvovZmkun5V:6cSLHSxLyEtCYc3Rspdtz++992edoZH4
MD5:	5FEFD614BBD3FFA3712B172F70B1FDE2
SHA1:	0AAAC51DD0FEE84E4DCE999CDDFB61D8E5CC977D
SHA-256:	CE2F3131DDFA9B0DFCDDD2A4268E818A2631137FAADEEFA1CFADB5AFC7FEC381
SHA-512:	8CED9B86B6A90206433FE521AE92CED231699C9AED66356EF63EF52CAD8A4D149AAC23CF30521CF50CB5E64D800C7FFBF655E07FE6E82AF2E2BA2EC76A3917F1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..9...9...9......9......9.Rich..9.........................PE..L...k.e;...........!.........\.....................x................................Y...................................................HY...................p.......................................................................................rsrc...HY.......Z..................@..@.reloc.......p.......^..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF02658AFC7E161858.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.607162113968056
Encrypted:	false
SSDEEP:	48:7Y8PhXuRc06WXJGFT5eAd9H+teSM9EdReSBgdjfdc0Z1N:DhX1dFTHyevGeq0Z
MD5:	6542BA5845108AEB0F548405EABA90B0
SHA1:	91D86FF83133110D327CC5D396D2DA16964E0A4E
SHA-256:	D0F91D41A881EBD0F866A05A90143FFE5309477DC96C0FEE757326554969F08C
SHA-512:	22ED6E5C1504495B788914FB672532355E84E3445EFCD27A034098C40BAD22CB9FACBD793BCF5D5A1BB9BABA8D5F0B50FA32E15B9E4B6B877EE5B418E596087F
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF04CD02BDC5628B37.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.09807082645799595
Encrypted:	false
SSDEEP:	6:xPLG7iVCnLG7iVrKOzPLHKORIxMnKlYVky6lElw:50i8n0itFzDHFyxMnK5Elw
MD5:	CDB2778B94C379A1BF0A6B81443547B3
SHA1:	3AD3ED06A99C16A6FCA72BBC119DCC124B46601D
SHA-256:	57267134770BB01140BC7871BA2B74C98AFD4471E9A94AA4EED9933B48CBD4FC
SHA-512:	D50E4D64A0BF7BA03966EEB65B6160DB874BC40C312943DB66DB4AB5302FD15CF5FAE97F4FFE24BB59C6A32E5E611184A0E5D0A702B9698C482891E9045BC8C5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF0763DF59DDFDA92D.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2829492858733413
Encrypted:	false
SSDEEP:	48:vvoPueO+CFXJHT5RAd9H+teSM9EdReSBgdjfdc0Z1N:vAPwvTQyevGeq0Z
MD5:	1D659B59677C64D7271842F49E14CCE1
SHA1:	E6EE38F4582550F7494AB58B1323BC750A8C4457
SHA-256:	F3707667060109482B0D555006B91DEC583AC65F7847F2D09CAFA80C6CB3116D
SHA-512:	9F79EB7B4508E5E87EEEDBCB5836A071E45B8069240DA02DD41E59BEAADAF27A6D4CFA97D7ACDE8C27516A6B5EB44DDCF184AE0317316354B988581D1FE800D6
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF375BB71BFD39C8D6.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.15106734496197638
Encrypted:	false
SSDEEP:	24:k331YdOZ1ReZFbcipV7gdjZxd1ZFbcipVRYV3+bpGa3S+dsh+PMdP17:i5Z1RUeSBgdjfdLeSM9Edshbd97
MD5:	6698F38F5D1F86863D59A4914BCEE05F
SHA1:	849F806FAEAA4A66B7A8BF10BD00619AD2FDF182
SHA-256:	84D124FE9EFFAF0BDB5F6B8EE9B72BD73944C66D77C936ACFE51E1ED6CB23976
SHA-512:	A70FF97F997FE87DC5FADF193C4454D60CD145A52D4F597C60CAF922087A870090B9C6DA00CC4E44193DEC6850FA7D9AD7C2E29FAA04F56BE082BDFA2CF28768
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF406EC259DFDF3DAA.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF779931752AFCAAEE.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFA3AEE1216246A3B4.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB4E45ACA0D1B9C9A.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2829492858733413
Encrypted:	false
SSDEEP:	48:vvoPueO+CFXJHT5RAd9H+teSM9EdReSBgdjfdc0Z1N:vAPwvTQyevGeq0Z
MD5:	1D659B59677C64D7271842F49E14CCE1
SHA1:	E6EE38F4582550F7494AB58B1323BC750A8C4457
SHA-256:	F3707667060109482B0D555006B91DEC583AC65F7847F2D09CAFA80C6CB3116D
SHA-512:	9F79EB7B4508E5E87EEEDBCB5836A071E45B8069240DA02DD41E59BEAADAF27A6D4CFA97D7ACDE8C27516A6B5EB44DDCF184AE0317316354B988581D1FE800D6
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844476.0\ATL80.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	96256
Entropy (8bit):	6.55872219718069
Encrypted:	false
SSDEEP:	1536:RCYlLTNQQ/Nucs4hRKF+HnLoRsV1TlWh8XhylIjwaCi6imXmwxCU4tkm:R7LTNzNup4hAQHnLP+VXmwxCtk
MD5:	3C7DEF3CBBCA6284867AA4621D5D8A54
SHA1:	4BD9852F1F063B9FD1E1829B756D381E14609FA7
SHA-256:	DB18738202DCDA842DCE505ECD0B858D7B4C55886CAC29827305F0DC3839143A
SHA-512:	1F9E89114A579BBB0C175D5FB587D58A923A0F556361B2F6C5AE3FFEB139539733E46EDB3DF1627FA630D5BC80CDF5FF311CA75754CA306345569CD48F51F2C4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..xft.+ft.+ft.+.{.+dt.+A..+mt.+.{.+et.+ft.+.t.+A..+}t.+A..+mt.+A..+gt.+A..+gt.+A..+gt.+Richft.+................PE..L...V#qE...........!..............................c\|................................Xe....@..........................G......<A..(....`..H#..........................`...............................84..@...............(....5.......................text............................... ..`.rdata...N.......P..................@..@.data........P.......:..............@....rsrc...H#...`...$...>..............@..@.reloc...............b..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844476.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.cat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8335
Entropy (8bit):	7.405163302183138
Encrypted:	false
SSDEEP:	192:920vxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTb29H8U:nJLCcUJvMYb6uT+qugeajCG1
MD5:	D81E69280E14E0A97644AE0044DB662E
SHA1:	C97DBE8DEB8E1762313C3E6613A6640F070DF4B1
SHA-256:	A951D53950C367ACC37622F0DD619A954DF5DE2C4EC40296E6636605AA33714A
SHA-512:	DCD8229EFD496735AAB49F6595AD545F082B0364E984346F76A6503425C84E82AF2D30684DFD302EF0C70FB65BC6B8E3731953728CF38637F7FE76580B82D490
Malicious:	false
Preview:	0. ....H........ \|0. x...1.0...+......0..u..+.....7.....f0..b0...+.....7.....8..z.\A..;.w.]..061202065600Z0...+.....7.....0...0....R0.5.2.F.1.8.9.7.A.2.9.9.F.B.3.C.3.3.C.F.A.8.E.B.3.E.3.7.C.8.D.5.6.5.4.F.3.1.7.9...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........./.....<3..>7..eO1y0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....M.i.c.r.o.s.o.f.t...V.C.8.0...A.T.L...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........./.....<3..>7..eO1y0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0....H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0....H........

C:\Windows\WinSxS\InstallTemp\20240524113844476.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifest

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	465
Entropy (8bit):	5.355751983126569
Encrypted:	false
SSDEEP:	12:TMHdt7IBeBFJ3/3XO53SNK+yGuR/6gVuNnyEGBJfPeG:2dtMEDJ/eiNK+yr56g4NnYBJl
MD5:	42D8BBE898B35473852D83F53EF6759D
SHA1:	052F1897A299FB3C33CFA8EB3E37C8D5654F3179
SHA-256:	5908E59BF26941730A1F3AB117A7D699984D39CD690FCA74DBE20030745E8ACB
SHA-512:	3D871592D0FF3368306DF9372CB46754A818C5B0B3C1493AA9189030245CC44F4CE7F55C626C8B00704C1908FF84AE3EA82FA63B8EBEAEDAC1FAB6D758ED68B4
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable/>.. <assemblyIdentity type="win32" name="Microsoft.VC80.ATL" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <file name="ATL80.dll" hash="6a91b897f1be0d40f032a8773630c4627cd18bf7" hashalg="SHA1"/>..</assembly>..

C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcm80.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	479232
Entropy (8bit):	6.031745108754355
Encrypted:	false
SSDEEP:	6144:9Rj8Tfo4zrcq2FXOth6wsjb2fPzatjLhQeRW86ODl1KWOjPQeH:9So4zATQsjyWRhQ+W83D/6QO
MD5:	CAE6861B19A2A7E5D42FEFC4DFDF5CCF
SHA1:	609B81FBD3ACDA8C56E2663EDA80BFAFC9480991
SHA-256:	C4C8C2D251B90D77D1AC75CBD39C3F0B18FC170D5A95D1C13A0266F7260B479D
SHA-512:	C01D27F5A295B684C44105FCB62FB5F540A69D70A653AC9D14F2E5EF01295EF1DF136AE936273101739EB32EFF35185098A15F11D6C3293BBDCD9FCB98CB00A9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-./.ihA.ihA.ihA..g..mhA.ih@..hA.N.:.lhA...?.hhA.N.<.hhA.N.,.fhA.N./..hA.N.;.hhA.N.=.hhA.N.9.hhA.RichihA.........................PE..L...."qE...........!.........@.......T............L\|................................2.....@.............................c ..D...d.....................................................................@..............................H............text....x.......................... ..`.rdata..S[.......`..................@..@.data............ ..................@....rsrc...............................@..@.reloc..P$.......0... ..............@..B........................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcp80.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	548864
Entropy (8bit):	6.402420828464982
Encrypted:	false
SSDEEP:	12288:Q1HyurvZ0JPjuTtSu86th1n/hUgiW6QR7t5j3Ooc8NHkC2eo:Q1HyurvZ0liTwuhtjnj3Ooc8NHkC2eo
MD5:	4C8A880EABC0B4D462CC4B2472116EA1
SHA1:	D0A27F553C0FE0E507C7DF079485B601D5B592E6
SHA-256:	2026F3C4F830DFF6883B88E2647272A52A132F25EB42C0D423E36B3F65A94D08
SHA-512:	6A6CCE8C232F46DAB9B02D29BE5E0675CC1E968E9C2D64D0ABC008D20C0A7BAEB103A5B1D9B348FA1C4B3AF9797DBCB6E168B14B545FB15C2CCD926C3098C31C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y..fv..y..y..#y.....y..2...y.....y.....y......y.....y.....y.....y..Rich.y..........PE..L...."qE...........!.....@... ...............P....B\|.........................p......u.....@.............................L...T...<............................ ..L2...S..............................Pe..@............P.. ............................text....;.......@.................. ..`.rdata......P.......P..............@..@.data...l&....... ..................@....rsrc...............................@..@.reloc..NA... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844507.0\msvcr80.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	626688
Entropy (8bit):	6.8397070634061174
Encrypted:	false
SSDEEP:	12288:6Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeC:6Ui2C1JdoiEdmGyYu
MD5:	E4FECE18310E23B1D8FEE993E35E7A6F
SHA1:	9FD3A7F0522D36C2BF0E64FC510C6EEA3603B564
SHA-256:	02BDDE38E4C6BD795A092D496B8D6060CDBE71E22EF4D7A204E3050C1BE44FA9
SHA-512:	2FB5F8D63A39BA5E93505DF3A643D14E286FE34B11984CBED4B88E8A07517C03EFB3A7BF9D61CF1EC73B0A20D83F9E6068E61950A61D649B8D36082BB034DDFC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L...8"qE...........!.....0...p......+#.......@.....x......................................@..........................q...~..Pc..<....`.......................p..H3...B...............................F..@............@...............................text...*'.......0.................. ..`.rdata......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844507.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8335
Entropy (8bit):	7.405582810794059
Encrypted:	false
SSDEEP:	192:80XxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTb2LQ82:PBLCcUJvMYb6uT+qugeajCQ2
MD5:	790ADAF5E825415E35AD65990E071AE0
SHA1:	E23D182AB1EDFEF5FD3793313D90935FC034ABC8
SHA-256:	88B03FE13D2710AD787D5D96CD0E5CBEDA3A61C2A0A2BDC0C0984A48365242E2
SHA-512:	050BBAD3122CD0627ECACAF3FB24EBF1E1845F209C33ED6607B282D9DCD4F5D99E345DF3A99E4344AF2ABA6E7923C8483E8D5A8D709BF97F3CB37926D975FDAD
Malicious:	false
Preview:	0. ....H........ \|0. x...1.0...+......0..u..+.....7.....f0..b0...+.....7..........MfN....O.....061202142259Z0...+.....7.....0...0....R2.E.1.2.C.6.D.F.7.3.5.2.C.3.E.D.3.C.6.1.A.4.5.B.A.F.6.8.E.A.C.E.1.C.C.9.5.4.6.E...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............sR..<a.[.h....Tn0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....M.i.c.r.o.s.o.f.t...V.C.8.0...C.R.T...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............sR..<a.[.h....Tn0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0....H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H........

C:\Windows\WinSxS\InstallTemp\20240524113844507.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators
Category:	dropped
Size (bytes):	1869
Entropy (8bit):	5.395078491534145
Encrypted:	false
SSDEEP:	48:3SlK+hk6g4u09kkK23zWO09kkKFzv09kkKldSzY:Clth9uXkd3COXkgTXkX8
MD5:	541423A06EFDCD4E4554C719061F82CF
SHA1:	2E12C6DF7352C3ED3C61A45BAF68EACE1CC9546E
SHA-256:	17AD1A64BA1C382ABF89341B40950F9B31F95015C6B0D3E25925BFEBC1B53EB5
SHA-512:	11CF735DCDDBA72BABB9DE8F59E0C180A9FEC8268CBFCA09D17D8535F1B92C17BF32ACDA86499E420CBE7763A96D6067FEB67FA1ED745067AB326FD5B84188C6
Malicious:	false
Preview:	.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable></noInheritable>.. <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>.. <file name="msvcr80.dll" hash="10f4cb2831f1e9288a73387a8734a8b604e5beaa" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>n9On8FItNsK/DmT8UQxu6jYDtWQ=</dsig:DigestValue></asmv2:hash></file>.. <file name="msvcp80.dll" hash="b2082dfd3009365c5b287448dcb3b4e2158a6d26" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xml

C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1101824
Entropy (8bit):	6.52190273109876
Encrypted:	false
SSDEEP:	24576:Tp2G61fY62if0Vra3QSNhJK6hIAloY3XjrN/:TcGifY6tOaASNhJK6hPaG/R
MD5:	1B7524806D0270B81360C63A2FA047CB
SHA1:	D688D77F0CAA897E6EC2ED2C789E77B48304701F
SHA-256:	CEEF5AA7F9E6504BCE15B72B29DBEE6430370BAA6A52F82CF4F2857568D11709
SHA-512:	B34539FBDA2A2162EFA2F6BB5A513D1BB002073FA63B3FF85AA3ADE84A6B275E396893DF5AB3A0A215CADE1F068E2A0A1BBD8895595E31D5A0708B65ACEC8C73
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'3..'..'n..'..'3..'..'3..'...'..'...'.r.'..'gp.'..'.r.'...'.r.'..'.r.'...'.r.'/..'.r.'..'.r.'..'.r.'..'Rich..'................PE..L....3qE...........!.....p...p......yT.............x................................P@....@..............................e......x...................................0...................................@...............@............................text....o.......p.................. ..`.data...xi.......P..................@....rsrc...............................@..@.reloc..f8.......@..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfc80u.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1093120
Entropy (8bit):	6.517624141841358
Encrypted:	false
SSDEEP:	12288:o5lk6KUYmYRP6vAt9+J51r64f22JhPeEiz8F+p/xoOTa+S9XqNNw2ohW3:UyUaP64t9+JfrRJiz8F+p/N2/cmW
MD5:	CCC2E312486AE6B80970211DA472268B
SHA1:	025B52FF11627760F7006510E9A521B554230FEE
SHA-256:	18BE5D3C656236B7E3CD6D619D62496FE3E7F66BF2859E460F8AC3D1A6BDAA9A
SHA-512:	D6892ABB1A85B9CF0FC6ABE1C3ACA6C46FC47541DFFC2B75F311E8D2C9C1D367F265599456BD77BE0E2B6D20C6C22FF5F0C46E7D9BA22C847AD1CBEDC8CA3EFF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................R..............R.......R...............l......n......l......l......l......l.L....l......l......l.....Rich............PE..L...84qE...........!.....p...\.......U.............x......................................@.........................@....e..4...x.......................................................................@...............4...<........................text...'n.......p.................. ..`.data....k.......J...t..............@....rsrc...............................@..@.reloc..R7.......8...v..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.417242053474202
Encrypted:	false
SSDEEP:	768:j8a7gcNrNDnQrZ6dOyOi9aBlrkY+qkJlyQA10y0ECL8IRO03VmOAPqixji4GY:j8CbQraAk3qkSqhRrODOACixji4T
MD5:	C84E4ECE0D210489738B2F0ADB2723E8
SHA1:	63C1FA652F7F5BD1FCCBE3618163B119A79A391C
SHA-256:	ED1DCDD98DAC80716B2246D7760F0608C59E566424AC1A562090A3342C22B0A7
SHA-512:	3EE1DA854E7D615FA4072140E823A3451DF5D8BEBF8064CC9A399DEC1FB35588F2A17C0620389441CA9EDD1944C9649002FE4E897C743FE8069B79A5AA079FE2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z#Z..M...M...M.......M.......M...L.v.M...6...M.O.3...M... ...M...0...M...#...M...7...M...1...M...5...M.Rich..M.................PE..L....4qE...........!.........@....................U\|......................... ............@.............................................................................................................@...............<...............H............text............................... ..`.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844585.0\mfcm80u.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	57856
Entropy (8bit):	6.049264994442299
Encrypted:	false
SSDEEP:	768:nxSa8B2TJIS8uM07yOi9aBlv0J4Wrk7lyQQz4tzIdcRVS0aWNclFnzmOA7q3PWM:ga88R8n40eWrkMst0qS2KlFaOAm3PW
MD5:	DDAD68E160C58D22B49FF039BB9B6751
SHA1:	C6C3B3AF37F202025EE3B9CC477611C6C5FB47C2
SHA-256:	F3A65BFC7FCE2D93FDF57CF88F083F690BC84B9A7706699D4098D18F79F87AAA
SHA-512:	47665672627E34AD9EA3FD21814697D083EEEAFC873407E07B9697C8AB3C18743D9FCB76E0A08A57652EA5FB4396D891E82C7FDE2146FC8B636D202E68843CF4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_...>._.>._.>._.1._.>._.1._.>._.>._A>._..._.>._E.._.>._..._.>._..._.>._..._.>._..._.>._..._.>._..._.>._Rich.>._........................PE..L....4qE...........!.........,....................e\|......................... ......~.....@.........................`...................................................................................@...............,...............H............text...!........................... ..`.data...h...........................@....rsrc...............................@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844585.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.cat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8335
Entropy (8bit):	7.40317276365929
Encrypted:	false
SSDEEP:	192:O09xL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTb28uOJjC:VPLCcUJvMYb6uT+qugeajCdbJjC
MD5:	7E5E3FE0342A776B1974BA1158B8E458
SHA1:	7E2E14E2A0658441828DE084116AFDEC5CC63697
SHA-256:	2D3CB7907B1336EA5889A2B731D5E97AD40903A4EFD2287C1C117BC30F208F46
SHA-512:	9F0F1F1E6439F101B04888BE54A3711C8439D569B0DC962F29AC26C3637FE9A882C9B0D52D50E83B7562A302673F2D22428A56E6AAF60AD30FC873FFA256EFD2
Malicious:	false
Preview:	0. ....H........ \|0. x...1.0...+......0..u..+.....7.....f0..b0...+.....7........>.B4M.EA..r....061202142259Z0...+.....7.....0...0....R2.5.9.3.A.D.7.2.1.D.7.B.E.3.8.2.1.F.D.0.B.4.0.6.1.1.A.4.6.7.D.B.9.7.B.E.8.5.4.7...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........%..r.{......g...G0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....M.i.c.r.o.s.o.f.t...V.C.8.0...M.F.C...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........%..r.{......g...G0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0....H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H........

C:\Windows\WinSxS\InstallTemp\20240524113844585.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.manifest

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators
Category:	dropped
Size (bytes):	2371
Entropy (8bit):	5.376374702643811
Encrypted:	false
SSDEEP:	48:3SlK+x6g4m09kkKZzY09kkKSzdz09kkKWz+09kkK5e/zY:CltImXkEMXkvdXkHCXk648
MD5:	97B859F11538BBE20F17DFB9C0979A1C
SHA1:	2593AD721D7BE3821FD0B40611A467DB97BE8547
SHA-256:	4ED3BA814DE7FD08B4E4C6143D144E603536C343602E1071803B86E58391BE36
SHA-512:	905C7879DF47559AD271DC052EF8AE38555EAC49E8AC516BC011624BF9A622EB10EE5C6A06FBD3E5C0FA956A0D38F03F6808C1C58EE57813818FE8B8319A3541
Malicious:	false
Preview:	.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable></noInheritable>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>.. <file name="mfc80.dll" hash="8f53f3ce664dfb39cadf8ecb34dd49cbd8348227" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>1ojXfwyqiX5uwu0seJ53tIMEcB8=</dsig:DigestValue></asmv2:hash></file>.. <file name="mfc80u.dll" hash="db3a3bfed210d41af3579d948cace75cb74eee0a" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:

C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHS.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	3.7202246676917885
Encrypted:	false
SSDEEP:	384:PODNemsol/tAGqyVUIrvxW24WRqJwxV0fwItnFiHyt6S26r81Jd5AJd:POZXsKAGDTrvfTx4wItnFfL26r81nE
MD5:	AFA7E91C8C9566E03FB1620F95230B93
SHA1:	75057A0E936032EC9CBC77559241720F58BFAB84
SHA-256:	4EAF1750A573BAB5C853E7714EFCC84FF2FCF992AD935FD01AF9E2A5BD01A93A
SHA-512:	B9C34166555F42D4A4E754131FD2868B4FC2965AC8519A6EEED8A32F6C67E1E6E5B4DAA93175967F5F687D8333CA53C4D183A2177191A81BC01E89B7CBDC9BB3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6].................................@....@..............................................~...........................................................................................................rsrc....~..........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80CHT.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	3.527823884757394
Encrypted:	false
SSDEEP:	384:PvDNumStwO/tAGqyVB+dvEQW23WRcMUn5xm9za2JokMw6TERPB1ECA:PvZHSGMAGDadv6On5x4pqwPPB1EC
MD5:	2DCA32742F80BB37E159B651F8EEF44B
SHA1:	DCD0265FBE8EFD63C235ED4611AECC4B935C057C
SHA-256:	A7EAF2B5DF991654500FFED95D3950A46DD0FE05CDDCCCD77490F125E22B80D6
SHA-512:	40E1533F6989955F537D556AB28FF0BE44658309EEF5D40093BF3FCEC39AD85EA14BB2B880FF5C067CCFC257A35361C25AAC087E0463BAFE39FB265B8A0825EE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6]................................Mp....@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80DEU.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	3.09089382778059
Encrypted:	false
SSDEEP:	1536:v1AGDh+vfxzesi870vYtNerHI4Lhp0vcsjsr:v1AGDhuxzesi870hLhp0vcsjsr
MD5:	1E6719EBEB1D368E09899A9D0DDFAD70
SHA1:	FC510A6DBE0D9180F203AF651E186979B628675F
SHA-256:	734EB909C54A0A1C53AA5177727660B1C64F3D261B222FEAEC76FC5853300661
SHA-512:	C5753B79D97204C130A2C0A46D7717E74C140D207A446918DF113A6C460F538AFE0A48AF52360D8A501104283311667CE8DD23B4D3E65B7EE99939A791C25AD6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...^4qE...........!..............................6]................................?.....@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ENU.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.050363341730474
Encrypted:	false
SSDEEP:	384:PODNXnSkNsq/tAGqyV5KOvxW2+WR1BrxiFc+hV9RLNq/HRK/+nnWT59Dl:POZX3s4AGDCOvJ1B4V9RLNqfRKGnWHB
MD5:	9090454E6772F7CFBCE240BF4DC5F7E8
SHA1:	3AFD27AF1FBB5D2EFDE463869A1E6465AFFBCDD8
SHA-256:	A532044DFD1FA6463516125EA74C250762DE4DACBE613F8AD2FF72D50C0B9585
SHA-512:	4691138B2E32447A6300A17967C1221153B5B514EE0EDCD25A135DCE2A6EEFEA9CC7F3FC516A9B3482FEB62DC190A7F4192BCF15D9793832F828078557E24CDF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6].................................g....@.............................................(............................................................................................................rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ESP.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	61440
Entropy (8bit):	3.0964773972990574
Encrypted:	false
SSDEEP:	768:PsZTQAGDf3vr0or0GBFCDCLhedUPYVbS/:AQAGDPvr0or0GBFMkhedUkS
MD5:	D47599748B3ECF645C47CAA0BC24A7CD
SHA1:	2F47846B9308FE4B444363F0863F394A1B13C938
SHA-256:	10FD5EEBE39ACD996309DA073B247B365CBC0F48F43DA3062463EA9F712319CA
SHA-512:	30B0F056123657EACA8F97138E1CA5C2981575420938EE7ED645E4D62F2A159C011EFF08C2EE20AC68504BD59D890DBC030718A9BA185871B07DEE9851CF2608
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6]......................................@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80FRA.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	61440
Entropy (8bit):	3.1658595093754625
Encrypted:	false
SSDEEP:	768:xZweyAGDSRvjZrkh2A6NTi7e3RAaTaPCeyGdZmBSg3T1SyyyyyyyyyyyyyyyafyL:7yAGD+vjZbA2SCeB0Ug4
MD5:	EEC2F9E4D790BCCDBC542715AB613579
SHA1:	8993E9F0CC4657E40866EFBA0CAB7E077060CEA8
SHA-256:	E283B055A0B9F522FF415B78F100542255AA07CB17C1EEB3885E75326D9DBC66
SHA-512:	89C083C820798872F3FEECFFCCC1A5CCEF9A367C8AF2170EC06B04A64A234DD03CDFE250B31B5969F87CAA8E7EA8393FBCBBCBF16D83C35105814501B6BE08E8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...^4qE...........!..............................6].................................E....@.............................................(............................................................................................................rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80ITA.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	61440
Entropy (8bit):	3.1028777863172503
Encrypted:	false
SSDEEP:	768:OZ0odoAGDI6vuoG57PxtINJ8Il8QcPOCeFO/:5o+AGDHvuoc7PxtINJ8gIPp
MD5:	CB23B162AC655F24C6711A5F5DF348C6
SHA1:	E4E0E803B9297B0937824C53F227598998229463
SHA-256:	6498EE1449B61B40E2DAB46F0B3DFA15F17590D7AA87919580748EC9D4BC2C55
SHA-512:	460D235818CD83D9020A13F47B24AADC777E4BDC81A6387D8BB59DAF37EAF930C70ACE5E238FE2FA34491A03B3972F11A4BDB8D30FF98801ACFF82630B6D24A2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...^4qE...........!..............................6].....................................@.............................................(............................................................................................................rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80JPN.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.7900346517730297
Encrypted:	false
SSDEEP:	384:VDNCysmq/tAGqyVVp7vhedW20WR2JkQbXDr10Jh8I2Bb4:VZXsPAGDN7vQv2Jkkr10IIc4
MD5:	012031B19F0A9F6431997C79E1893822
SHA1:	2265C92B3ED9EC169E2C362E448B0E3F449528A3
SHA-256:	ED296B3DD004C8845A7015A3A5EF3A92331E30535204A02995323681CBD342AB
SHA-512:	B4CCA371481B349546AD09C40461258A99E5AD6CF7B66FE040A37F90071C420CC41E74F495141A490B4848B66DA876AD8B91AC7C14A328CF5C4CCAADFD3E226E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...^4qE...........!..............................6]......................................@.............................................8............................................................................................................rsrc...8...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844710.0\mfc80KOR.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.724944556618916
Encrypted:	false
SSDEEP:	384:PUDNSnxGr/tAGqyV0/NvbW2OWRFKu/KV0YfmtT2XYm66tHggFK417RTNbU/Ltl3h:PUZSE5AGD0NvrDriHqN
MD5:	FEC4610F1174136B1D3DB2AE37924CE8
SHA1:	BA94E77BB29B9B74EA8E2A8FD005DC3083166F3C
SHA-256:	A6D0B3D20E67C26F7C247F2EEB8DBA723B396B118A1B9EAA4568C474826EA740
SHA-512:	9144A0243E41EC17628A740913A745261346EFA2DFF3F61D48CCF186F30A1527F6A4F5CB3F7F7727D7BFD4103E9FC90CAE1E0CEFBC1D8D042218D9D2EA869A36
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6]................................b.....@.........................................................................................................................................................rsrc..............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844710.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.cat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8348
Entropy (8bit):	7.393940545952515
Encrypted:	false
SSDEEP:	192:BBGwxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbmI0TYk:KcLCcUJvMYb6uT+qugeajCfEYk
MD5:	DFE03B4FF0EF67F7A08A7D88B3E4BDE3
SHA1:	BF907A1B27DB3BF3C10DA685D9CB4CBFF9155E6B
SHA-256:	26340819D2EF86080D9001C6F2737D70FD6602DDF4B86B6C26B326EF81CC3342
SHA-512:	3D1F6773A476B2F84F53A288F1A1EF0FC44A58F8A9C25F9773871CB4F4F9CB81CBE6C242665D1CBA8BA327C441FC5B13F254E1657258A841102CC571185D70BD
Malicious:	false
Preview:	0. ....H........ .0. ....1.0...+......0..\|..+.....7.....m0..i0...+.....7......7qN.NqJ...E..8..061202082602Z0...+.....7.....0..&0....R8.3.0.D.6.4.5.9.3.5.0.D.D.1.A.B.3.B.1.F.0.7.0.1.3.5.4.2.5.A.9.3.3.9.5.7.8.2.B.1...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........dY5..;...5BZ.9W..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....4M.i.c.r.o.s.o.f.t...V.C.8.0...M.F.C.L.O.C...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........dY5..;...5BZ.9W..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0....H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H.

C:\Windows\WinSxS\InstallTemp\20240524113844710.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.manifest

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	1239
Entropy (8bit):	5.33259165949927
Encrypted:	false
SSDEEP:	24:2dtMEDJ/eiNK+EI56g4NnZCO/3QQvhONoajUCvBTmAmWG1YoSoFJF:ciEDJdK+v6g4H3strJnmW27
MD5:	56613508687D065362302FF388CD5E82
SHA1:	830D6459350DD1AB3B1F070135425A93395782B1
SHA-256:	2F79707C5EA8937E8887B642CFA4CE682C52816C20207C1588FD5A1E39E88C1C
SHA-512:	66C650CDCF5D15D313B7B0F3AFDAB717F075BC0AC560B75CF2EA5375C62EFEBE01A890204A3E74835B65B60113120815C7DD564F78564029D1F5170D63990814
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable/>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFCLOC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <file name="mfc80CHS.dll" hash="0ed99f840cfe11946fd5aa2002eff17451d441eb" hashalg="SHA1"/>.. <file name="mfc80CHT.dll" hash="3eb85cc7e931f885f2b91aa285432b740edaa6b1" hashalg="SHA1"/>.. <file name="mfc80DEU.dll" hash="5489f4037e83e03786e4c7842cc7599beafac96e" hashalg="SHA1"/>.. <file name="mfc80ENU.dll" hash="ed96ef26e683b48b4f04eefc75d873f863c993cf" hashalg="SHA1"/>.. <file name="mfc80ESP.dll" hash="b3d647f39f26b07f6014b40a9f511cfd4614bdf8" hashalg="SHA1"/>.. <file name="mfc80FRA.dll" hash="89d11dd75a1a74547cf94e0b66d742eb7fe909b2" hashalg="SHA1"/>.. <file name="mfc80ITA.dll" hash="e07b9360a90e74e4ab1bf4f3f9

C:\Windows\WinSxS\InstallTemp\20240524113844773.0\vcomp.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	5.513945595457493
Encrypted:	false
SSDEEP:	768:G1bALwFH76GlCWWwkNTjHnHJOR+SVk/6SHL2jmPGh0y/aR:lLUHzlCzwudORjirHLSnZ/aR
MD5:	72F11C118E514544F1D2981C7396E4F7
SHA1:	3AE68E8D5038620D5A04F5893C8C9FF8EDD2CF42
SHA-256:	2EA4098722586932ACF9B180374B019ED6D6469825392373E45B3DB459B5EAEF
SHA-512:	91CB2EA7DB5958141D4C47F4DDB66D24383FFE6B74A12DE753CA93764AF6C1C41D6A9572777818D6F3CE226AA06E0F168CD28551006B59A89FE1235ABD31F8CD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........=...n...n...n.W.n...n.W.n.n6..n.n...n...n.W.n...n.W.n...n.W.n...n.W.n...nRich...n........................PE..L...p=qE...........!.........P.......g.............r......................................@.........................@..........<...................................0..................................@............................................text............................... ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\WinSxS\InstallTemp\20240524113844773.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.cat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8348
Entropy (8bit):	7.40019876068938
Encrypted:	false
SSDEEP:	192:BF4GKxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbm0SbeA:njOLCcUJvMYb6uT+qugeajCptA
MD5:	259F7EAC836FC1FE0871C47276F4D779
SHA1:	42B1E4138EDCFC60622167EE60A1AF5CA00A813A
SHA-256:	A2492FA83366394B7C17FA6C9650CE5688B887D0AD0AD79743A3422DEBF4D997
SHA-512:	053892D867C3BC4C10E34811DA34337055035F599C09566DBF678DFAD97F4FAC7B8459FDB603C4A69E5848A455F319C3A6212E016638F493EFE1DDC3EBF02E1F
Malicious:	false
Preview:	0. ....H........ .0. ....1.0...+......0..\|..+.....7.....m0..i0...+.....7.....VV...A.G........061202084644Z0...+.....7.....0..&0....R5.9.6.0.1.8.9.8.2.7.6.F.F.7.6.B.4.0.C.9.7.D.4.9.3.D.4.B.9.C.A.2.D.E.6.F.C.C.A.C...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........Y`..'o.k@.}I=K...o.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....4M.i.c.r.o.s.o.f.t...V.C.8.0...O.p.e.n.M.P...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........Y`..'o.k@.}I=K...o.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0....H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H.

C:\Windows\WinSxS\InstallTemp\20240524113844773.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.manifest

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	468
Entropy (8bit):	5.332272981711254
Encrypted:	false
SSDEEP:	12:TMHdt7IBeBFJ3/3XO53SNK+tKR/6gVuNnyEbYjoWuFEG:2dtMEDJ/eiNK+856g4NnhYjZu3
MD5:	D1240D97B0E1F80D82AD12782DFE8EBE
SHA1:	59601898276FF76B40C97D493D4B9CA2DE6FCCAC
SHA-256:	BE8327C8D71B61893D455130C2B5A8635E451A7D95BBFAF29432B3844A7AC109
SHA-512:	6C64A46715949C36E26045FCF12DC468C6D39782EB0165F966D251DFFF40AF2B065283B8F9391DDDC66C98A5C3DB7B92844E784355D73E1ADBAD1F37ABF384DE
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable/>.. <assemblyIdentity type="win32" name="Microsoft.VC80.OpenMP" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <file name="vcomp.dll" hash="641af563f63d31fb5c9828e2316effa02bbaafac" hashalg="SHA1"/>..</assembly>..

C:\Windows\WinSxS\InstallTemp\20240524113844804.0\8.0.50727.762.cat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8355
Entropy (8bit):	7.401719031801445
Encrypted:	false
SSDEEP:	192:/NNxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbWyVAz:xLCcUJvMYb6uT+qugeajCRVI
MD5:	57FD064E95D299507600F6D80AA6B578
SHA1:	9947DD086424ADB4D62FEB33FB9EBB52FA11C281
SHA-256:	F7BF65CA621D8AD32EAD1500A08827BE239D0F49D83DC20DABF57D2EB17ADBD7
SHA-512:	FD9E17009E0E88B725FC6AA014A95E9516543F54CADBB6A71C1C1F39F4DEF4AD0DF2D8F55720E8B1A54EB2EBCE6C42C8C899E33E490DD304EB014CCAB6DB9C44
Malicious:	false
Preview:	0. ....H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7.....MrG.u..A......j..061202065600Z0...+.....7.....0...0...8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............N....f.V....vf.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RE.4.8.A.1.E.B.7.8.4.4.E.C.8.1.D.C.C.0.A.6.6.9.0.5.6.1.9.A.F.E.E.E.6.7.6.6.6.A.5...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............N....f.V....vf.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0....H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0....H............

C:\Windows\WinSxS\InstallTemp\20240524113844804.0\8.0.50727.762.policy

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	800
Entropy (8bit):	5.197462113683958
Encrypted:	false
SSDEEP:	24:2dtMEDJ5iN+nyr56g4NnjiNK+2g4NnM23+LJ23sZQR:ciEDJw0yl6g4EK+2g46HQR
MD5:	856BBF8E45A26C912BD447EC12DC17DB
SHA1:	E48A1EB7844EC81DCC0A66905619AFEEE67666A5
SHA-256:	863E67B018E99E1685F03D4FED538F8269332570887FC17534DD3637B7AA6A41
SHA-512:	BB79BD9A3A06FB6CFD3312EDB766B8EF5C03AA250CCFA17ADD8799EEC06CCE88BE9369DB452D20B09519A910878E1840513404B5DF59289DD84BEDD01771AD01
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.ATL" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.ATL" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

C:\Windows\WinSxS\InstallTemp\20240524113844804.1\8.0.50727.762.cat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8355
Entropy (8bit):	7.399558553058028
Encrypted:	false
SSDEEP:	192:MjDVxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbW/J/:83LCcUJvMYb6uT+qugeajCo
MD5:	29C0897D5D709A2394960B26999126D0
SHA1:	56501EDA82ECF05C4A90B035BE62B422A24C71C3
SHA-256:	DD72F7AB2DEF5F75F58D01B24643B308750C38685DAAED50BCDDF61C18460DEE
SHA-512:	75FB603D58105F0A2AACADE320E2EAB212DD6B3D6FCBDAB09CA137D123CC1DECB88C848B81E017BBDDD41D9591900FF723AED90FB0D6166E8C62E3C14D39166E
Malicious:	false
Preview:	0. ....H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7......uU....L..F&.K....061202065436Z0...+.....7.....0...0...8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........@...@......_...."0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.1.0.4.4.0.9.3.0.C.C.9.9.4.4.0.9.E.9.2.0.D.9.4.C.7.C.4.5.F.0.4.0.5.D.6.0.4.2.2...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........@...@......_...."0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0....H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0....H............

C:\Windows\WinSxS\InstallTemp\20240524113844804.1\8.0.50727.762.policy

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	800
Entropy (8bit):	5.192462113683958
Encrypted:	false
SSDEEP:	24:2dtMEDJ5iN+nhQ56g4NnjiNK+hcg4NnM23+LJ23sZQR:ciEDJw0hk6g4EK+hcg46HQR
MD5:	A785CE93C7468DBCDFA7BC379F8FFDDC
SHA1:	D10440930CC994409E920D94C7C45F0405D60422
SHA-256:	3A131923C7403C1EEF33B59FDCA57D8272549B7912D2B522FC8A4C840CBCA735
SHA-512:	8E514E11887F6A198756F4A4B1A584E0A337ABEF90F1A9330436E21E75CD5FFFE7E90A80424018C03EA55AE43758FCFA16F5A7C266D5476CE8F985F76CE5CADA
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

C:\Windows\WinSxS\InstallTemp\20240524113844820.0\8.0.50727.762.cat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8355
Entropy (8bit):	7.401727457066723
Encrypted:	false
SSDEEP:	192:T9RpxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbWTI:TnLCcUJvMYb6uT+qugeajC2I
MD5:	98DC3A0DE986C24562CA071211F7DFBE
SHA1:	1B016B20820EEF49E7BAECB93D19E0A0177110E8
SHA-256:	91CA50CEC42075FFF02B366323BF3B45D2053B24544BD12B622B65621BD0EDD5
SHA-512:	F76B8972E2175FD84A56B3139C31A87FBFAFD69E131DA46A96225BA9CCE9A4A726FB007B31DE08406C9B3F51D8FD0FD32827A485C668D9C92B54F24F1384BC53
Malicious:	false
Preview:	0. ....H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7.........#.D.(...d.R..061202082602Z0...+.....7.....0...0....R0.9.1.0.5.C.8.8.6.A.8.3.6.7.7.E.4.9.C.E.6.E.F.4.7.F.8.C.F.1.A.0.4.7.2.1.4.A.E.D...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........\.j.g~I.n....G!J.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0...8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........\.j.g~I.n....G!J.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0....H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0....H............

C:\Windows\WinSxS\InstallTemp\20240524113844820.0\8.0.50727.762.policy

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	800
Entropy (8bit):	5.1940185043062534
Encrypted:	false
SSDEEP:	24:2dtMEDJ5iN+nf56g4NnjiNK+Rg4NnM23+LJ23sZQR:ciEDJw0x6g4EK+Rg46HQR
MD5:	E7BF4CF966C7C8D01315DCB7AC64F31D
SHA1:	09105C886A83677E49CE6EF47F8CF1A047214AED
SHA-256:	8064287E17720B822F845352FE724595FDAFAF9DD2DBF21493327D8C50719A9E
SHA-512:	6F6D05EBED3541BE650F0744F8978B88BB7699C60406AEEEBD9D0B3D28D4DC587633AD3A270964E05D96AFCD5EF47C333E7563EF79E44BB72B4670F5ACF84FBB
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.MFC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFC" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

C:\Windows\WinSxS\InstallTemp\20240524113844820.1\8.0.50727.762.cat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8361
Entropy (8bit):	7.402377797496622
Encrypted:	false
SSDEEP:	192:F9JFQmFxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbm1:FnGmHLCcUJvMYb6uT+qugeajCA
MD5:	93615FE0E4458E717BBA670C9B162E84
SHA1:	CE99F878D2528EFC821D05462313C8EF99BE8C2F
SHA-256:	D14225A52543AA5A9605B00DD7574812BF89C605EBC73A9730E1E386BFC965F8
SHA-512:	F87BA88B0B2BF186872BDF226EA137463A773B710CD4505E50FD22E7E3E629BEAB26AF32313FE09BB4D1A0C621D95DF3E1D0A957D6D5A43868A1C4953CA3343F
Malicious:	false
Preview:	0. ....H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7........1..lI.N.i..-...061202082602Z0...+.....7.....0...0...8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........V.XpV...L0.W1$....0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.0.8.1.5.6.1.6.5.8.7.0.5.6.1.0.A.D.A.D.4.C.3.0.E.7.5.7.3.1.2.4.9.1.E.D.F.9.E.0...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........V.XpV...L0.W1$....0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0....H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0....H............

C:\Windows\WinSxS\InstallTemp\20240524113844820.1\8.0.50727.762.policy

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	806
Entropy (8bit):	5.222427128564631
Encrypted:	false
SSDEEP:	24:2dtMEDJ5iN+nEI56g4NnjiNK+3g4NnM23+LJ23sZQR:ciEDJw0v6g4EK+3g46HQR
MD5:	53094430F66951325C1B88A4F0CA374D
SHA1:	F081561658705610ADAD4C30E757312491EDF9E0
SHA-256:	4594558E51587C0EDF1F3F95A0D4B8749B3EA3B6C8B76B31B13F1CA1D3E2F4AF
SHA-512:	75EAD79C7392DE2BE0964D0399DA4B6B883BFC1E53CB099EC6BF2E4DA594B24B52E1C08AB6BA5B0B18DF7E64DAC0979C2A57E0B20EE6FDD5D54340FFF8F6D462
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.MFCLOC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFCLOC" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

C:\Windows\WinSxS\InstallTemp\20240524113844835.0\8.0.50727.762.cat

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	8361
Entropy (8bit):	7.40471492725501
Encrypted:	false
SSDEEP:	192:DCRxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbmWDy:sLCcUJvMYb6uT+qugeajCQ
MD5:	C664656654DAB45BEB0D352077A884FB
SHA1:	5BDB2EE6D91EE321FEF177E534C324DF96BAEF9D
SHA-256:	B3BEB16C28DB357E654A6B132F59CD48CB95CEE949D7B97587F8F02F233F3CE1
SHA-512:	F9CE3655342A07A29B5338AB5B78BA0B6CBC94EEB1D0538967DD2C23CBBDA6797326763E16F609C179B43E67503A87F76D8C306F0AB449F1601F13D7F7173A15
Malicious:	false
Preview:	0. ....H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7......Y.s.oON.h..(H^G..061202084644Z0...+.....7.....0...0...8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+...........\.-..9.l..Pu..r..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R9.D.8.2.F.A.5.C.E.1.2.D.D.F.E.6.3.9.A.F.6.C.8.9.C.7.5.0.7.5.8.D.8.E.7.2.A.2.0.A...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+...........\.-..9.l..Pu..r..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0....H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0....H............

C:\Windows\WinSxS\InstallTemp\20240524113844835.0\8.0.50727.762.policy

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	806
Entropy (8bit):	5.200250853529196
Encrypted:	false
SSDEEP:	24:2dtMEDJ5iN+n856g4NnjiNK+wg4NnM23+LJ23sZQR:ciEDJw0I6g4EK+wg46HQR
MD5:	11D6A2E757DA71254BFC61D26F06884D
SHA1:	9D82FA5CE12DDFE639AF6C89C750758D8E72A20A
SHA-256:	58AE1580121AFE06CE2B858B96B6AB893A8D105B17FE54D85711A969C3303DC4
SHA-512:	0074430D25861B7B18CFA2C3E5BF728B51B676C5A30799986305BE94C40EE1DCA8E3C00A6279C801771F44D4ED551F73A0DC5C5792715C1C10361712D9EF8B29
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.OpenMP" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.OpenMP" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

Chrome Cache Entry: 222

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (24131)
Category:	downloaded
Size (bytes):	24234
Entropy (8bit):	4.840989011972099
Encrypted:	false
SSDEEP:	384:1EpQWe2YZzLXcF8XyGFoyWSdYj62SOkErtV0qD:olepVtFLqO2SWD
MD5:	48DBD5D18FBBC92DDE7E49BBE7EC5281
SHA1:	CD7C22F2F9E446EEE72B80CF58A7EF50C5157F71
SHA-256:	8A12B6E2DC3FB2C58937F45F760000831FC0D554ACB1C96A7241891A5BDF91B6
SHA-512:	B42146C695986A69F01F4AEBA889BDB0FCB555D486C12A72658AC14EAD7C47FA411E7AF090BD2425AB3DF32CBC0EB1F804E7375EFC8EB86E91D3C3E2AC3F838F
Malicious:	false
URL:	https://www.avs4you.com/component---src-pages-privacy-aspx-js-a7a853f585e8da46a6a3.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[67],{GdBk:function(e,t,a){},Zmgj:function(e,t,a){"use strict";a.r(t);var o=a("9Hrx"),s=a("q1tI"),r=a.n(s),i=a("YJrG"),n=a("5Vy0"),c=a("/m4c"),l=a("Bl7J"),p=(a("GdBk"),function(e){function t(){return e.apply(this,arguments)\|\|this}return Object(o.a)(t,e),t.prototype.render=function(){return r.a.createElement(l.a,{className:"privacy",pageContext:this.props.pageContext,t:this.props.t,title:"",metaDescription:"",metaKeywords:""},r.a.createElement("div",{className:"body-privacy"},r.a.createElement(n.a,{as:"h2",className:"common__heading"},this.props.t("Privacy Policy")),r.a.createElement(n.a,{className:"body-privacy__text"},this.props.t("Ascensio System SIA has created this statement to let you know about our firm commitment to your privacy and full compliance of AVS4YOU Website and Software with General Data Protection Regulation (GDPR)")),r.a.createElement(n.a,{className:"body-privacy__text"},this.props.t("The following Privacy Policy di

Chrome Cache Entry: 223

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (16399)
Category:	downloaded
Size (bytes):	16608
Entropy (8bit):	5.450603422131345
Encrypted:	false
SSDEEP:	384:v3lGFQy+VxKQcVv5BuHzx+q+5TlTTrNOaEhy9zkCh9OSbYD:v1CQkq+q+5Th3kaQy9zj9hbYD
MD5:	7D8D30F6659DD3E1DFBE59502C38E59C
SHA1:	6CC46A0B4D211732BEB364927D7CCB1FBE32EB56
SHA-256:	634FE53CAC28E02567E8A0CD6746CF6538D466C84C5301ED3F9AC26B79F6F88A
SHA-512:	BBCBC3566352B426C65BE908483EADBD0C1940F6B53233FAC1242B4EA5B2663C4ADA9D128F35F34ED94AA9CDA4E6AB1EB719B1B8F9B058E84E041E1A185BA3D3
Malicious:	false
URL:	https://www.avs4you.com/ead3ba2693165d7b73a42f285fc121a8252cf06a-642d45fdbaba40596fd0.js
Preview:	/! For license information please see ead3ba2693165d7b73a42f285fc121a8252cf06a-642d45fdbaba40596fd0.js.LICENSE.txt /.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[6],{FT44:function(i,s,e){"use strict";var o=e("q1tI"),r=e.n(o),n=e("vOnD"),a=e("5Vy0"),t={blue:"#1373E2",orange:"#FE9235",white:"#FFFFFF",none:"none"},d=Object(n.b)(["background-color:",";",";border-radius:5px;text-decoration:none;",";&:hover{background-color:","}.buttonText{text-decoration:none;}"],(function(i){return t[i.backgroundColor]\|\|t.blue}),(function(i){return i.padding&&"padding:"+i.padding}),(function(i){return i.border&&"border:"+i.border}),(function(i){return i.backgroundColorHover?i.backgroundColorHover:"blue"===i.backgroundColor?"#428fe8":"#f7a966"})),l=n.c.a.withConfig({displayName:"button__StyledButton",componentId:"sc-1v2sdc2-0"})(["display:inline-block;cursor:pointer;text-decoration:none;&:hover{text-decoration:none;}.buttonText{text-decoration:underline;}",""],(function(i){return i.background&&d})

Chrome Cache Entry: 224

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (26396)
Category:	downloaded
Size (bytes):	26486
Entropy (8bit):	6.049277040745726
Encrypted:	false
SSDEEP:	384:3xf32Q+bQEGlLROt+PC8EOvlilyWYgB30Bmiz24Z4J0JGxCM/KjnOS0:4QNOp8b9iDzB308iz3JGcyqnOS0
MD5:	2E4A4BB7E33843B1B6433A6E63082B02
SHA1:	287807B766A8298BB6991A975F275C828C7CE77C
SHA-256:	5CF22FBE6CF556A297BF0FCF372FA0F6E8B58023FF1F959543394E21E3CA48CD
SHA-512:	CECBFE0AB94F68C44E07EBF4931904B22DC32A128FBF28A90C0C6F6F3ABFEED3A971BFF6F3004E7AE700CE7B9AFFE8E9F5B6675B9B8AB77A6983B35D6DDA142C
Malicious:	false
URL:	https://www.avs4you.com/4a429f41750768c4912c7a69233f153b0200c016-b04f582e48009a30a2ad.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[19],{"/YRE":function(e,a,t){"use strict";var n=t("q1tI"),i=t.n(n),r=t("vOnD"),o=t("5Vy0"),l=r.c.div.withConfig({displayName:"free-flag__StyledFreeFlag",componentId:"sc-1opdiuz-0"})(["display:block;.firstFlagPartWrapper{display:flex;}span{font-size:13px;color:#fff;}.flagContent{background-color:#FDA050;padding:2px 20px;padding-right:17px;display:inline-flex;}.firstFlagPart{content:\"\";display:block;top:0;right:-13px;margin:0;border-color:#fda050 transparent #fda050 #fda050;border-style:solid;border-width:11px 10px 11px 0;}.secondFlagPart{content:'';border:7px solid transparent;border-top:7px solid #FB8A29;border-right:7px solid #FB8A29;width:0px;}"]);a.a=function(e){return i.a.createElement(l,{className:e.className},i.a.createElement("div",{className:"firstFlagPartWrapper"},i.a.createElement("div",{className:"flagContent"},i.a.createElement(o.a,{as:"span"},e.children)),i.a.createElement("div",{className:"firstFlagPart"})),!e.disableS

Chrome Cache Entry: 225

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1359
Entropy (8bit):	6.932307426986453
Encrypted:	false
SSDEEP:	24:Jy1he91Wwjx82lY2T3ouVYiP2i/yJ3VXiGYiIGQLjoq4p5KimRA0btI3Djb:JwqQNn2xHTqJ3ASI9Pod5KimRrJcPb
MD5:	F55EB5FE088895007E3E0AA4B5594DE2
SHA1:	C59A975637F7F4381AE2A59B692226801AE2D200
SHA-256:	2E430CD091B0596BE41D237A933C4BAA9E407C8CBBCA99A9E54DBEDE9912C900
SHA-512:	E34349E0A916938545270A6A27B7E883FAD261B7E2A5D4E6CBFD27BA93CC3C51AC5ABFC3F9BD0ACFF3089958CB84B3922694C71865FE17C493623337BCE775BC
Malicious:	false
Preview:	.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:1667382BDE3A11E2B5CDE9D9B5EA068B" xmpMM:DocumentID="xmp.did:1667382CDE3A11E2B5CDE9D9B5EA068B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:16673829DE3A11E2B5CDE9D9B5EA068B" stRef:documentID="xmp.did:1667382ADE3A11E2B5CDE9D9B5EA068B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.A......IDATx..K(Da.....3Y..c.QH..FJc41^%"JQ..db.l.i.a..$.$J..3.V,.Is..]........w..s..T..A.h'..3qN...R.,..,q.

Chrome Cache Entry: 226

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	117
Entropy (8bit):	5.237802917098837
Encrypted:	false
SSDEEP:	3:lD3ORZy/LBdORZzZqVRNilqu/YpHEXbdQW/:lD3r1daZurilq7CXGO
MD5:	F367D62F97C2D05F875986401342CB1F
SHA1:	733DBAD9409DC9DB00AB9DE3922D2AB1B5BA4FF0
SHA-256:	DBA17F1B29B3B3637D709F951023EA1655B08C6B4F40FD612C5E927BA72829FA
SHA-512:	781D21CE2264129B2AE28A9BC92B510129E0B462463C53543033A681DFC112923D4431B77B11A69534D3AF323D1B3AEFC52CE2A552E200F6DE9C476F9D80C04F
Malicious:	false
URL:	https://www.avs4you.com/styles-e9d24b1846c7d6eb9685.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[1],[]]);.//# sourceMappingURL=styles-e9d24b1846c7d6eb9685.js.map

Chrome Cache Entry: 227

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (58495)
Category:	downloaded
Size (bytes):	58704
Entropy (8bit):	5.23911880172519
Encrypted:	false
SSDEEP:	768:cLbwVwIC9CiRmcXX8XX1F/kfdkNCp0MpAC3VSJtds9Jq:c0wXzZ8XX1F/IC0RpAC3VSJ0Jq
MD5:	38191E85868AA537E274B9F3DA65F548
SHA1:	D69FEA9E109374239E927D5C91F1B7306F9373C3
SHA-256:	1424510FEB0E77283BF7F15C2F3415ED1E3885AA72A15224C0CF45B2A4564CAB
SHA-512:	0A3EE9EDC19CA3DE1A5C5BCD6BD0860B4978D791DE497F394B06BFC6B97616D07EC18D6617A1A86523D0DB5286326C735CBB1808632034C0944436DADB5BEBBD
Malicious:	false
URL:	https://www.avs4you.com/ed7f220203bc9be09c14ffd0c19f9a1d0b534e3f-82d027f8e710db6311dc.js
Preview:	/! For license information please see ed7f220203bc9be09c14ffd0c19f9a1d0b534e3f-82d027f8e710db6311dc.js.LICENSE.txt /.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[4],{"2oQA":function(e,t,n){var r;!function(){"use strict";var n={}.hasOwnProperty;function i(){for(var e=[],t=0;t<arguments.length;t++){var r=arguments[t];if(r){var o=typeof r;if("string"===o\|\|"number"===o)e.push(r);else if(Array.isArray(r)&&r.length){var s=i.apply(null,r);s&&e.push(s)}else if("object"===o)for(var a in r)n.call(r,a)&&r[a]&&e.push(a)}}return e.join(" ")}e.exports?(i.default=i,e.exports=i):void 0===(r=function(){return i}.apply(t,[]))\|\|(e.exports=r)}()},"8//2":function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var r=l(n("q1tI")),i=n("ueNE"),o=l(n("pIsd")),s=l(n("BBPU")),a=n("x9Za");function l(e){return e&&e.__esModule?e:{default:e}}function c(e){return(c="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){retur

Chrome Cache Entry: 228

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65448)
Category:	downloaded
Size (bytes):	128878
Entropy (8bit):	5.262031795357684
Encrypted:	false
SSDEEP:	1536:25vchVbtiet4IB2b9a2qhfHffJGICHSiMZQ6e2pcUDR7:2khVbnRBlC2Zg2pcUDR7
MD5:	0548F82976D9763EEB6D7C61BB9B9918
SHA1:	6C2AAA302663E18AF003D9F7FB528A9DEA12F898
SHA-256:	ED97C3FA97034F71D9A111661C8222E42F9070742E9D364E2D3022FF8A36D1F2
SHA-512:	7B97C6E9BA8B4BA897FD1EDAB15EF2F1E60DF3E939E0F5EA75BE746CEEF5CF0E7C6F820A688AF44A194B9DACFF4BF52695BA9ABBF350376DFC638F0097B18733
Malicious:	false
URL:	https://www.avs4you.com/framework-4cf5ecd37f9363b1291b.js
Preview:	/! For license information please see framework-4cf5ecd37f9363b1291b.js.LICENSE.txt /.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[80],{"+wdc":function(e,t,n){"use strict";var r,l,i,a,o;if("undefined"==typeof window\|\|"function"!=typeof MessageChannel){var u=null,c=null,s=function(){if(null!==u)try{var e=t.unstable_now();u(!0,e),u=null}catch(n){throw setTimeout(s,0),n}},f=Date.now();t.unstable_now=function(){return Date.now()-f},r=function(e){null!==u?setTimeout(r,0,e):(u=e,setTimeout(s,0))},l=function(e,t){c=setTimeout(e,t)},i=function(){clearTimeout(c)},a=function(){return!1},o=t.unstable_forceFrameRate=function(){}}else{var d=window.performance,p=window.Date,m=window.setTimeout,h=window.clearTimeout;if("undefined"!=typeof console){var v=window.cancelAnimationFrame;"function"!=typeof window.requestAnimationFrame&&console.error("This browser doesn't support requestAnimationFrame. Make sure that you load a polyfill in older browsers. https://fb.me/react-polyfills"),"function"!

Chrome Cache Entry: 229

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14921)
Category:	downloaded
Size (bytes):	14986
Entropy (8bit):	5.215638207914789
Encrypted:	false
SSDEEP:	192:dFDjhrGYkNKmmKqH4KJDew1CRjOyAVSQzTjhrGYkNKmmKqH4KJDe/OMqZiDCMjB6:HFPkNJzdICRjOyAVSQXFPkNJzdbGT
MD5:	D9FE819E699B6566581E226EB9CFB2D7
SHA1:	A7CE7B152D3F92DD3CAEFD5F4C86DAD4CBA879D0
SHA-256:	75398D45A299C0471227AD1F4B7FD8F68D4939E3C58C7DCE8B53A6BA8B90DA81
SHA-512:	DB01EE29EC30E996967550C3E81F47808CF57251944E3D05FC101C3A9A7CE7F89AC7D530FD89638FFB290D75355320233DBE4EE3C419E60C759CD868FD57E4E5
Malicious:	false
URL:	https://www.avs4you.com/webpack-runtime-c3e566b68af78f5a1881.js
Preview:	!function(e){function a(a){for(var s,d,p=a[0],r=a[1],f=a[2],t=0,i=[];t<p.length;t++)d=p[t],Object.prototype.hasOwnProperty.call(o,d)&&o[d]&&i.push(o[d][0]),o[d]=0;for(s in r)Object.prototype.hasOwnProperty.call(r,s)&&(e[s]=r[s]);for(b&&b(a);i.length;)i.shift()();return n.push.apply(n,f\|\|[]),c()}function c(){for(var e,a=0;a<n.length;a++){for(var c=n[a],s=!0,d=1;d<c.length;d++){var r=c[d];0!==o[r]&&(s=!1)}s&&(n.splice(a--,1),e=p(p.s=c[0]))}return e}var s={},d={20:0},o={20:0},n=[];function p(a){if(s[a])return s[a].exports;var c=s[a]={i:a,l:!1,exports:{}};return e[a].call(c.exports,c,c.exports,p),c.l=!0,c.exports}p.e=function(e){var a=[];d[e]?a.push(d[e]):0!==d[e]&&{1:1}[e]&&a.push(d[e]=new Promise((function(a,c){for(var s=({0:"commons",1:"styles",2:"fc36456533b5c3f455badd7fedf67d455632ae09",3:"065285d60ba513d3bcbdfb63a33fa8101bb0b358",4:"ed7f220203bc9be09c14ffd0c19f9a1d0b534e3f",5:"2065217a474d4a3fd54097f75f88115fcb365010",6:"ead3ba2693165d7b73a42f285fc121a8252cf06a",7:"1b9a2f2d6d29c30dd1

Chrome Cache Entry: 230

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10852)
Category:	downloaded
Size (bytes):	10942
Entropy (8bit):	5.227685259314344
Encrypted:	false
SSDEEP:	192:CcNB/HzIThoHIyamkmmLVBmrBUEnSSA6N:PRzKZBmrBUMTh
MD5:	84BF2331EA04FD98CA6C5E86E3326A89
SHA1:	D96F83EBB3A49A125E0CA9C4EED9EE90029798E6
SHA-256:	F18F85E54E2080D6C0E68C3125F0694FF26B7FAF79B160F3086E2976E2502164
SHA-512:	5042E1D78AF323580C12E4EA34347878547162D048B2C17FFA253DDA086C06FADA711EC0D6F24D1712109597F4AE74EE54D84E8A05A81A6507CC762D8390627B
Malicious:	false
URL:	https://www.avs4you.com/fc36456533b5c3f455badd7fedf67d455632ae09-d47c18182f1ea88950d1.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[2],{"9eSz":function(e,t,a){"use strict";var r=a("5NKs");t.__esModule=!0,t.default=void 0;var i,n=r(a("v06X")),s=r(a("XEEL")),d=r(a("uDP2")),o=r(a("j8BX")),l=r(a("q1tI")),u=r(a("17x9")),c=function(e){var t=(0,o.default)({},e),a=t.resolutions,r=t.sizes,i=t.critical;return a&&(t.fixed=a,delete t.resolutions),r&&(t.fluid=r,delete t.sizes),i&&(t.loading="eager"),t.fluid&&(t.fluid=E([].concat(t.fluid))),t.fixed&&(t.fixed=E([].concat(t.fixed))),t},f=function(e){var t=e.media;return!!t&&(y&&!!window.matchMedia(t).matches)},g=function(e){var t=e.fluid,a=e.fixed,r=p(t\|\|a\|\|[]);return r&&r.src},p=function(e){if(y&&function(e){return!!e&&Array.isArray(e)&&e.some((function(e){return void 0!==e.media}))}(e)){var t=e.findIndex(f);if(-1!==t)return e[t];var a=e.findIndex((function(e){return void 0===e.media}));if(-1!==a)return e[a]}return e[0]},h=Object.create({}),m=function(e){var t=c(e),a=g(t);return h[a]\|\|!1},b="undefined"!=typeof HTMLImageElement&

Chrome Cache Entry: 231

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, was "opa.js", last modified: Tue May 21 16:30:44 2024, from Unix, original size modulo 2^32 136965
Category:	downloaded
Size (bytes):	39926
Entropy (8bit):	7.99406139346156
Encrypted:	true
SSDEEP:	768:rhjosNbWnnXpzGNVN595j2AfQE4BofVNYMpw/ejuUM9ccW4MealrZVrwJ/TuR2H:ljbbWZzu59xSQXYfXnVPMeqfGawH
MD5:	CF77F3E44744F3E63F3D495BF53181AA
SHA1:	5E575D5361A76B4FAF2AB915288F5FA9421DE9FC
SHA-256:	49E1D3D67E56B2C742DCC64FA4729A8BFAA6467B31387BBC94A354C4E4452645
SHA-512:	8B57C4FC4B790C9261E09BE55F990AA2CE860271D3E428BA880E47A5F68D9BCB36F8EFAD6019A9E4C6C0650CFE6C79EE08051246605E29D5878183DAC352D4FB
Malicious:	false
URL:	https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-2015714ead7ef389f4c17a73331ce8c0.js
Preview:	....4.Lf..opa.js..[mw.6..+6.^...i)/MC.W7u.M.&q6v....-....PI(.c.... A.J...{... 0.........3.....8.cQ...2m"r:1...O....br.\|A...)F..1..2.I..._.z=.'...._......t..b.o....y>.R...JF.`.<..G[\|...ff.Gg...L....T.....&....~u.N........gi...zMj,..G........ZN{\.)..e.....o.Ru.....l"....HA..bd...}.E.%......L.4b...(..v%..$I.Ej\.s..X1_...N7U?S.n..)..hk...+.8..B.k.W.....Gq...PY.0.P.8.#....Qj...p.%......Y.$...HM...J]b....:..QB......c9`....fV....fY.aPM.g.VZ.`.TF....b.H;I. @c./.RK(>.Fq.O%..t.O.z......4c/.X...s...!{..E....>.<.V......$.L]......g7n25...a.-~.^.tg.-..r)..f.O....x`.Ti0.G.J...,.@.O..IEh..........;......>.Q...Y..X.E..?..@.{}....... .r...3..j..2.M...`.....z.h.p..V\|..Q.m.G..Mm......j...............:....v)(.E.....5......m......../2...$q...h@B.E.-uO`..z_...t.0..hw...*.r,7@.lex80..\|.#...\.O....}Ql...][Q..X.1r....T,.}o".!..2...h..)y.R....1m0.M..Gh%..Zu....9....c.ZK.Py. .....P./".O`.... K.....\..{".....ZqM.hQ...j.vo.v..z.v..@.eIM..B.].S......QPw..LEm@3.M.

Chrome Cache Entry: 232

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18444)
Category:	downloaded
Size (bytes):	18534
Entropy (8bit):	5.298427773590148
Encrypted:	false
SSDEEP:	384:1afybMI6HSP0UvR6YLMskc7J/vNM2/+3tQ0Uxak4RO:Hx6A0Uce7JXND/StQ0Uxam
MD5:	697CDF6166E7EF974D33221C0758AB87
SHA1:	9C98F99ABFE2530AEA0B04F360DEF510803A4B97
SHA-256:	4FD359A48F95D3864CAA4CF5F90BD579DBED5AC3FB6B99CF38BBD2A824B97CCF
SHA-512:	D7DB02D3B0FB798F28A87242A56BDA5A6D9ABC6EB50FE850310987754413C6FC6C778242F68FA7504E3F313C3DB686A0488243FD565922275AA85FEB33F2B927
Malicious:	false
URL:	https://www.avs4you.com/1b9a2f2d6d29c30dd1e8760cd3a43981f2804204-435dd3d34a8fa193caf3.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[7],{"/S4K":function(t,e,r){"use strict";function n(t,e,r,n,o,i,a){try{var c=t[i](a),s=c.value}catch(p){return void r(p)}c.done?e(s):Promise.resolve(s).then(n,o)}function o(t){return function(){var e=this,r=arguments;return new Promise((function(o,i){var a=t.apply(e,r);function c(t){n(a,o,i,c,s,"next",t)}function s(t){n(a,o,i,c,s,"throw",t)}c(void 0)}))}}r.d(e,"a",(function(){return o}))},"0iCA":function(t,e,r){"use strict";var n=r("q1tI"),o=r.n(n);function i(){return(i=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var r=arguments[e];for(var n in r)Object.prototype.hasOwnProperty.call(r,n)&&(t[n]=r[n])}return t}).apply(this,arguments)}function a(t){if(void 0===t)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return t}var c=function(t){var e,r;function n(){var e;return(e=t.call(this)\|\|this).handleExpired=e.handleExpired.bind(a(e)),e.handleErrored=e.handleErrored.bind(a(e)),e.handl

Chrome Cache Entry: 233

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (29196)
Category:	downloaded
Size (bytes):	29286
Entropy (8bit):	5.16375986040361
Encrypted:	false
SSDEEP:	384:1bJv+aE0RPWQZ4FshS0l4zFMb85WjbC9X+Hx18IkBF1WInpbgGt5X1C5M3:11mx0yFtvFMYgjGJ+Hx1W8GtZ1C5M3
MD5:	6EE3D27C6E4EFA868BB46AF148270F67
SHA1:	A60243C3C166127CBB74426827A46F8C91289B09
SHA-256:	64CBA608E28130129ABE6EFC92A3E2CC6346F4B2C3589671120BDA4A7F043F1C
SHA-512:	9A3525D4266DBB82F437949B3A512C7704684C3544AC97F9486806B29DAC4DDA6E1E916D914B0F0456D976F25AE15847029A334BE18AB45A225DC8EF8ECF6A19
Malicious:	false
URL:	https://www.avs4you.com/065285d60ba513d3bcbdfb63a33fa8101bb0b358-4821f749d7a07c3e7df2.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[3],{"/PZL":function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0}),e.default={defaultEasing:function(t){return t<.5?Math.pow(2t,2)/2:1-Math.pow(2(1-t),2)/2},linear:function(t){return t},easeInQuad:function(t){return tt},easeOutQuad:function(t){return t(2-t)},easeInOutQuad:function(t){return t<.5?2tt:(4-2t)t-1},easeInCubic:function(t){return ttt},easeOutCubic:function(t){return--ttt+1},easeInOutCubic:function(t){return t<.5?4ttt:(t-1)(2t-2)(2t-2)+1},easeInQuart:function(t){return tttt},easeOutQuart:function(t){return 1- --tttt},easeInOutQuart:function(t){return t<.5?8tttt:1-8--tttt},easeInQuint:function(t){return ttttt},easeOutQuint:function(t){return 1+--ttttt},easeInOutQuint:function(t){return t<.5?16ttttt:1+16--tttt*t}}},"7FV1":function(t,e,n){"use strict";var o=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var o in n)Obj

Chrome Cache Entry: 234

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (45243)
Category:	downloaded
Size (bytes):	45325
Entropy (8bit):	5.82553193871956
Encrypted:	false
SSDEEP:	768:0N2EZjuPbJswGB79cglWBXlf/9T/5eLgeD/r:NEVuEvWBXlf/9D5eLgef
MD5:	012FC0F16637026704AB5F7013098414
SHA1:	AE87BF5156B3A08E91A05DA2DD5DEEAC0D19BF67
SHA-256:	70A3D0CF8922BB1C78E62D80CE1C6257B8ADA0D367F12B7BE6F021AED1DC48C9
SHA-512:	BA1C5D5787067EA84D37E4F489C5949BDE4A0D1EF0435918EC1F93F763289D60147CC7340BAE337563C140916EC664F54D091101582461D02AFE367CB384C1CA
Malicious:	false
URL:	https://www.avs4you.com/component---src-pages-index-js-61c1fcfe70144a5f0bfa.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[52],{"2xxp":function(e,t){e.exports="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyOSIgaGVpZ2h0PSIyOSIgdmlld0JveD0iMCAwIDI5IDI5Ij4KICA8ZyBpZD0ibXVzaWNfaWNvbl9ncmV5IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg3OTA2IDE5Njg2KSI+CiAgICA8cmVjdCBpZD0iUmVjdGFuZ2xlXzI1MDkiIGRhdGEtbmFtZT0iUmVjdGFuZ2xlIDI1MDkiIHdpZHRoPSIyOSIgaGVpZ2h0PSIyOSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTc5MDYgLTE5Njg2KSIgZmlsbD0ibm9uZSIvPgogICAgPHBhdGggaWQ9Im11c2ljYWwtbm90ZSIgZD0iTTgyLjI5MiwxNi41MzVBMTAuMDQyLDEwLjA0MiwwLDAsMCw4My45LDExLjc4MWE2LjA4Niw2LjA4NiwwLDAsMC0uNzc3LTMuMyw5LjkzMSw5LjkzMSwwLDAsMC00LTMuNTQ0LDExLjA4NSwxMS4wODUsMCwwLDEtMi45NTQtMi4yNDZsLS4xMzUtLjE2NEE0LjMyMSw0LjMyMSwwLDAsMSw3NS4wMDcuODYyLDEuMSwxLjEsMCwwLDAsNzMuODI5LDAsMS4wNDgsMS4wNDgsMCwwLDAsNzIuOCwxVjE4LjgxOUE2Ljk3LDYuOTcsMCwwLDAsNjkuNDY1LDE4Yy0zLjA2MSwwLTUuNTUzLDEuNzk0LTUuNTUzLDRzMi40OTIsNCw1LjU1Myw0LDUuNTUzLTEuNzk0LDUuNTUzLTRWMTAuMzQyYTcuNTIyLDcuNTIyLDAsMCwxLDUuMTQ5LDUuNDUsNS42

Chrome Cache Entry: 235

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5945)
Category:	downloaded
Size (bytes):	260505
Entropy (8bit):	5.5740058713906775
Encrypted:	false
SSDEEP:	3072:zfZHjc0Iard8OdwDM9ba8IyCmqjysCBIQi9a+dQWqzGmRFX4xKNR+xH54On5gA:9Db8OdwDMyF31zQi9TdQWqzGa0x+Of
MD5:	85B4A6FF33DC5624802C6B9140681022
SHA1:	6C380295CCD69BFC638210587973231100AB2A73
SHA-256:	0FFEE97D687AB8A366012A3894B52E2D7D2F055C384F9CC3FBCAFDFDC25F9F02
SHA-512:	D339B66E7C9CB7916B9B8B70A592B097685A9062420AA91896E12422331986EB8A333EFC405E017DC80A36EBF6F02416B0A702BB2E35D52EEE3C722E690A4E16
Malicious:	false
URL:	https://www.googletagmanager.com/gtag/js?id=G-FEYVLL88YK&l=dataLayer&cx=c
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":7,"vtp_value":true,"tag_id":17},{"function":"__ogt_referral_exclusion","priority":7,"vtp_includeConditions":["list","avs4you\\.com"],"tag_id":19},{"function":"__ogt_session_timeout","priority":7,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":20},{"function":"__ogt_dma","priority":7,"vtp_delegationMode":"ON","vtp_dmaDefault":"DENIED","tag_id":21},{"function":"__ogt_1p_data_v2","priority":7,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnable

Chrome Cache Entry: 236

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3729
Entropy (8bit):	4.662949597568925
Encrypted:	false
SSDEEP:	96:3c5WT9BvpXKZhUyXuXsk8hLb3Dhm2ykOo3y:3c5WNXK3XuXW5u
MD5:	315189E78870A981B98AC46594B328B9
SHA1:	EBC05EE73D63CB5042B65FD9EFF384D3E8B70E85
SHA-256:	C90868EDA3C9AF15AE25D148666500FD47F6C3CB601028FCB1D61C68534615C9
SHA-512:	3FE843F8D06C63CE570D9D69037A84B1DFCBF3FA5B52C684C6E510A14161DE14B084BF869ABD0E7C659EEB4881214261D32622C1FB8838E222B2D9CFAFB5AC58
Malicious:	false
URL:	https://bat.bing.com/p/action/4024645.js
Preview:	(function(w,d,s,i) {.. var c=d.currentScript;.. if (c) {.. var uo = c.getAttribute('data-ueto');.. if (uo && w[uo] && w[uo].uetConfig && w[uo].uetConfig.deBlock === true).. return;.. }.. var f,j; f=d.getElementsByTagName(s)[0]; j=d.createElement(s); j.async=true;.. j.src='https://www.clarity.ms/tag/uet/'+i+'';.. j.onload = function () {.. if (!c) return;.. var co = function(u) { return u && typeof u === 'object' && !(u instanceof Array) && u.beaconParams && u.beaconParams.mid && w.clarity; };.. var r = 40;.. var cl = function() {.. if (r-- < 1) return;.. var uo = c.getAttribute('data-ueto');.. if (!uo) return;.. var u = w[uo];.. w.clarityuetq = w.mtagq \|\| u;.. if (!co(u)) { setTimeout(function () { cl(); }, 250); return; }.. var m = u.beaconParams.mid;.. w.clarity('set', '_uetmid', m);.. w.clarity('metadata', (function

Chrome Cache Entry: 237

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 470 x 87, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	7087
Entropy (8bit):	7.953553980776468
Encrypted:	false
SSDEEP:	96:yjtHJYnPdmAEO2FKqNXowYmrgNJXUd7jZUPMlQ6qOCGpHauA7KU3YqCp+YG:yjfKEO2FKqNXowY2d7lNC256u77E
MD5:	560C83ACA91592A5D2786012B4CA5D22
SHA1:	A92911801A3C28ACFF934016B851DF6A89FBCBC5
SHA-256:	2289477BD67842270B03F01B438D7841A31F7C8D1BC8FAE6806C3EF188145260
SHA-512:	D18276D53763BCF0F40E8E8A0363EA69686C510D605595F01EB4FE9E476866C6E4F3E7BA7AE7C710AC31457A1CFAB8A40368C648B107C0EEF6BA3587269D8944
Malicious:	false
URL:	https://www.avs4you.com/static/246926afbd284fb716642aa731f7a86a/77c99/register-available-carts.png
Preview:	.PNG........IHDR.......W......_......PLTEGpL..........B..p..n..D..n..F...q...~..U..T......p..D.?U.....&.....D..<{.o..?}+C...q.`......................&;.....;...\...@........IYhN_.......nnn.....K.p...?~~~.............0/@s.^^]............!........#,f...v.....[../d...@......Y......C..........???....N.....w........OON?..4......3.....s.os....!.....y..'.w.\..............]h.8B..x....H.....y v...P..cg.....ht.?k....I..Yn...........332......_.....3....O........9..DY..A..R.s....<........T...Tbq..KKK......... ....9^...L.. [.....a..Z.n....m............c..5...M.k....Y...M.........kE........81nQc....L..#...}.../...<L..K........\|8.9v.Fu9N....b...$$SW...?C..w...k.`I.6.i..(....Lnv.O..-...u...S^.....F..e...Y..Gm#Z#y..m~..P///gd`...+.q<Nh..O^\..pt.X..._..Y.+...lG##"....}..(;w..........tRNS..K..?... ...A.`..Y......KIDATx.._H[Y..K.]..i..'......7Ar..2.i.$..i..x!`.E.E.Z..`!T.U.!....K..5....)....@[PJ).e...m..a....M...Y...99..{.....~.s.].6...o...G.),....:..5....

Chrome Cache Entry: 238

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, was "va.js", last modified: Mon May 6 09:40:08 2024, from Unix, original size modulo 2^32 244655
Category:	downloaded
Size (bytes):	80614
Entropy (8bit):	7.996669263095903
Encrypted:	true
SSDEEP:	1536:xy67h/02eOA5fli94QaEWcCyDUUi7d9XppCwfk9+94QifrAEtn3S7jsysu88:BVxA5fEadcgTbBGq47DAfPuu88
MD5:	1D151CD763750FF2705E2D3F149B735D
SHA1:	6234950BCB3732F64BBD9EBF3F4E749487E2C1BC
SHA-256:	E731652D9A6D0847C59366B1D0C29290AB429448336C53ED4159CD5C2A8D2B86
SHA-512:	7326FDE3EE97A2D968F41037035C8B9C09842F5A3043C7EC77031C0F0E9A1FFBE1AFC754E965F6A27F76B754FE607AFBF2A69A6A24ABCFADE8FFDA8ADF726983
Malicious:	false
URL:	https://dev.visualwebsiteoptimizer.com/7.0/va-02675bafc3b15c3fe9607f49f9c72a3c.js
Preview:	....x.8f..va.js..}.{.6....+(^_..`JNw..Rfu..l.u..4.JJ.. ....$e.t.......(..~<.>....0......g.Y..E.Y.(..:...k.>X.0.i.........t..[n...m$.8.r...3.Z..[o.u1.}..y...Y...!.n...L].y..k...M.`[/..N.e(..".W~.s.E.E.4YvVi.O...7..a9.C9.....j:...f.5h:..7......f.'if......2O.Q.aS....7..m....5O9....#Jo9...:x.V<.Ar......Bo....#..d..)..Y.L#.....%....\...%..D.=T.l....0.`%..d.G."Y.V.3...a0.4..3....G.H...[BY.p.....Y.d.....V.8...E....fXH..p6.$.2...!.....R....\!fs.+..~.,..A.\..z.3.t...N.(....8N.q.....(...$y..o.;Ns..!...,....X}..!..+.A...V.c.r .`.k..OM...S..8^......'W..lh........e....f......-.qurq..\|e.\\|.~9.x....W.......=?.@.......g...^@...k......^_b...v6.".7.....z......#.^.]_ .W...z{ru}v.....z.....p.#x../..^]AG.7..k.:.2k.+.X..'..4..w0.+."v\|z......__[./._......w..\| {.......a..7'........US.\|.z@E....wz}vy.39.....W.s..V}R..g...N....WW......]..hz1........n8(..rpr......k...5_..4.}..{,.zv..L-..&,.F...ywQ...{~.E9OV9p..<EQc3{.........._..{.8Y..).(O..>Og.p*....0....d.Q.IO.o.p

Chrome Cache Entry: 239

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12603)
Category:	downloaded
Size (bytes):	12693
Entropy (8bit):	5.371917963778476
Encrypted:	false
SSDEEP:	192:kcRngkyLbxUlO+2hAEkBngGGMCDMug7U3Mis9DhxBsTUwoh2uERT/:5OkyL9UlOhh9+RCOxtxBsTU509
MD5:	6B93590AE1858DAFC820D2AF1BD29B9E
SHA1:	7A9536B3565089424692920F6BD56B767F0C6439
SHA-256:	35A6B68A1EA87E40648CE4F4692C274DEE04CB8F25D611CCF20B48D83D8753DC
SHA-512:	26FA1F9D9E39F0DD30BF920AA40651F82FF5F2179273AC72A46C1B104B456A6F263C9FB2D28D9DB9A7A0C179FDE2DDDA7F1EE83A95479727EAAEDE095C310375
Malicious:	false
URL:	https://www.avs4you.com/dbfd5dde42d0c6776b28c56d4c3e613fa59d0324-5229893a2299067c0dab.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[17],{"8o2o":function(t,e,n){"use strict";function s(t,e){if(null==t)return{};var n,s,a={},o=Object.keys(t);for(s=0;s<o.length;s++)n=o[s],e.indexOf(n)>=0\|\|(a[n]=t[n]);return a}n.d(e,"a",(function(){return s}))},"9w4e":function(t,e){t.exports="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxMyIgaGVpZ2h0PSIxNy4wNDUiIHZpZXdCb3g9IjAgMCAxMyAxNy4wNDUiPgogIDxwYXRoIGlkPSJBcnJvd19sZWZ0XyIgZGF0YS1uYW1lPSJBcnJvdyAobGVmdCkiIGQ9Ik0xLjM1MywxNS44MzRBLjk1My45NTMsMCwwLDEsLjc5MiwxNmEuOTUzLjk1MywwLDAsMS0uNTYtLjE2Ni40NjEuNDYxLDAsMCwxLDAtLjhMMTAuMDg3LDgsLjIzMi45NjZhLjQ2MS40NjEsMCwwLDEsMC0uOCwxLjAzMSwxLjAzMSwwLDAsMSwxLjEyMSwwTDExLjc2OCw3LjZhLjQ2MS40NjEsMCwwLDEsMCwuOFoiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDEyLjUgMTYuNTAxKSByb3RhdGUoMTgwKSIgc3Ryb2tlPSIjMDAwIiBzdHJva2Utd2lkdGg9IjEiLz4KPC9zdmc+"},Fhyt:function(t,e,n){"use strict";var s=n("9Hrx"),a=n("q1tI"),o=n.n(a),i=n("vOnD");function r(){return(r=Object.assign\|\|function(t){

Chrome Cache Entry: 240

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65439)
Category:	downloaded
Size (bytes):	226334
Entropy (8bit):	5.723657605072958
Encrypted:	false
SSDEEP:	3072:N8EfAZctqZE5EtPyeY37ysIlb43271qZ1+M0EJi:3esxGQ4f
MD5:	BFAFE7614371A7F1A3FFCCF2DAB995C0
SHA1:	6F4EA70881B3C7FB2ED3CEE7CD95A8413E154120
SHA-256:	A2B83B8B2B84BCDD95ABAAA65F01DC3AB4B9312353BE6B5E3B74C5D8DE979CE3
SHA-512:	01B06FDF671D58F0884BD38E5710D28C2AB6B1B315691DF053A9C9C063DEF22BEE77C2B5758EABB5AB588928D890C5C450F8F9F2E3029811DC3A54CDC0ACB676
Malicious:	false
URL:	https://www.avs4you.com/commons-6d24d96f29bfebe3476c.js
Preview:	/! For license information please see commons-6d24d96f29bfebe3476c.js.LICENSE.txt /.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[0],{"+4m5":function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.isBrowser=function(){return"undefined"==typeof window}},"+pqY":function(e,t){e.exports="data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTYiIGhlaWdodD0iMTYiIHZpZXdCb3g9IjAgMCAxNiAxNiIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPG1hc2sgaWQ9Im1hc2swXzJfNjQ0IiBzdHlsZT0ibWFzay10eXBlOmFscGhhIiBtYXNrVW5pdHM9InVzZXJTcGFjZU9uVXNlIiB4PSIwIiB5PSIwIiB3aWR0aD0iMTYiIGhlaWdodD0iMTYiPgo8cGF0aCBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGNsaXAtcnVsZT0iZXZlbm9kZCIgZD0iTTAgOEMwIDMuNTgxNzIgMy41ODE3MiAwIDggMEMxMi40MTgzIDAgMTYgMy41ODE3MiAxNiA4QzE2IDEyLjQxODMgMTIuNDE4MyAxNiA4IDE2QzMuNTgxNzIgMTYgMCAxMi40MTgzIDAgOFoiIGZpbGw9IndoaXRlIi8+CjwvbWFzaz4KPGcgbWFzaz0idXJsKCNtYXNrMF8yXzY0NCkiPgo8cGF0aCBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGNsaXAtcnVsZT0iZXZlbm9kZCIgZD0iTS00IDhWMEgyMFY4SC00WiIgZmlsbD0id2hp

Chrome Cache Entry: 241

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	214527
Entropy (8bit):	4.937846789993234
Encrypted:	false
SSDEEP:	3072:a2rj3fULvliRmAJ3yB8B8PhWUZ43M3WogIkUasn9CgZ8:WlEyB8B8PhxaWCgZ8
MD5:	5CD7527E5D146F451335F6ABA3A0C44C
SHA1:	946F3D90974BCB8A7CD468FC4DA4FFBAA313DD9A
SHA-256:	F08B8D8ECD461E3DC5C871924E3032BFB110CB7470CBFC2336F2025AFB8DAF29
SHA-512:	75F9FB3DA6C4730FEE4EA336FB162D212C1B03F81A1B620A4CBA77F6D04598943DB60F49D27B94AD74FD5B5FD33D5D02A4578C49929785C15E93B1C742438D37
Malicious:	false
Preview:	{"componentChunkName":"component---src-pages-privacy-aspx-js","path":"/privacy.aspx","result":{"pageContext":{"availableLocales":[{"value":"en","text":"English"},{"value":"de","text":"Deutsch"},{"value":"it","text":"Italiano"},{"value":"fr","text":"Fran.ais"},{"value":"es","text":"Espa.ol"},{"value":"jp","text":"..."},{"value":"ru","text":"......."},{"value":"pl","text":"Polski"},{"value":"ko","text":"..."},{"value":"da","text":"Dansk"},{"value":"nl","text":"Nederland"},{"value":"pt","text":"Portugu.s"},{"value":"zh","text":".."}],"locale":"en","routed":true,"data":[{"content":"{\n\t\"**********************COMMON***********************\": \"********************COMMON***********************\",\n\n\n\t\"/\": \"/\",\n\t\"CurrentLanguage\": \"English\",\n\n\n\n\n\t\"********************HEADER DOWNLOAD BUTTONS***********************\": \"********************HEADER DOWNLOAD BUTTONS*************************\",\n\n\n\t\"get $5 coupon code\"

Chrome Cache Entry: 242

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15549)
Category:	downloaded
Size (bytes):	337431
Entropy (8bit):	5.591856398951145
Encrypted:	false
SSDEEP:	3072:85i4nQSxc0Iard8OdwDMoba8pyCKqjysCBIQ+9agdDBqzGmRFSHxK+RkiH5T5ECo:V4zb8OdwDMgFz1zQ+9fdDBqzGahi/Ba
MD5:	6587EE954844C034F540F44F72E3C6F2
SHA1:	30795EACC94B4088CC9128376081C8C935CDC22B
SHA-256:	5F78DFE83C91DCD3CA9BE14ACF1B546FC72F7FFE54BBF61C5724BB61A8ED51CD
SHA-512:	D41A3F7B3E99F0D1FD8FF21BF72D0DAE0E5735BD7D63CCC13B3AFBE11967EDA4059138C8F3586983EB3A7A5DAAB2AF035BA8EAAB5AEA4A2E8F74EA62D7484D37
Malicious:	false
URL:	https://www.googletagmanager.com/gtag/js?id=G-BWSZ9WEBRH&l=dataLayer&cx=c
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"6",. . "macros":[{"function":"__e"},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_cross_domain","priority":42,"vtp_rules":["list","teamlab\\.info","avs4you\\.com","tracking\\.avangate\\.net","secure\\.2checkout\\.com"],"tag_id":22},{"function":"__ogt_ga_send","priority":32,"vtp_value":true,"tag_id":18},{"function":"__ogt_referral_exclusion","priority":32,"vtp_includeConditions":["list","avs4you\\.com","secure\\.avangate\\.com","support\\.avs4you\\.com","store\\.avs4you\\.com","forum\\.avs4you\\.com","www\\.avs4you\\.com"],"tag_id":20},{"function":"__ogt_session_timeout","priority":32,"vtp_engagementSeconds":10,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":21}

Chrome Cache Entry: 243

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1081546
Entropy (8bit):	6.0707824603241365
Encrypted:	false
SSDEEP:	24576:9vqvBifm0mouDTaWXbXv5PoXUoKmLo5m0m6m0ms1/1GU:9vqvBOm0mouDTaWLXuXFU5m0m6m0msF3
MD5:	66757AF97A72F7163BCC8791FF9D6F3E
SHA1:	D353CE011C23B92CA9336389BAC45F400B6488D8
SHA-256:	03DAA1AE0D986B3D4841EA1A2FF5F4713FF639FFB13FECFFE26CEDA542092D87
SHA-512:	1D8DA2633863AFBA373D79BB947F32E1379DD42362BA5548CBF5AB9D134E9CE851DB9D2C9835EF963F064C76B05F216EA667A660352C4385F5121BA8CCEE0BFA
Malicious:	false
URL:	https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register
Preview:	<!DOCTYPE html><html><head><meta charSet="utf-8"/><meta http-equiv="x-ua-compatible" content="ie=edge"/><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/><style data-href="/styles.0ffc19c546984659d868.css" id="gatsby-global-css">.headerBackgroundImageVES{background-image:url(/static/back_ground_image_final-554d538d896d104f56ec6513bc169a29.jpg);top:0}.fonImage,.headerBackgroundImageVES{width:100%;z-index:-1;height:100%;position:absolute}.fonImage{top:-120px;right:0;padding-top:9%;min-width:1620px;-o-object-fit:none;object-fit:none;-o-object-position:center center;object-position:center center;opacity:1;transition:opacity .5s ease 0s}.footerInfoAVS35{font-family:Montserrat}.footerInfoAVS35 .headerDescriptionTitleAVS{padding:15px 33% 40px}.vel_header,.vel_header_powerful{width:100%;margin:0;padding:0;height:744px;color:#fff;text-align:center;position:relative;z-index:100;overflow:hidden}.vel_header_powerful video,.vel_header video{position:absolute;top

Chrome Cache Entry: 244

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, was "worker.js", last modified: Tue Jul 21 10:14:25 2020, from Unix, original size modulo 2^32 47679
Category:	dropped
Size (bytes):	15189
Entropy (8bit):	7.9870756297562275
Encrypted:	false
SSDEEP:	384:N9uozDZy5DkV1oL9XPB/uQPTiX6IRmxVbq7zq2x48HCR4:Ncoz1yIAxuO2XN5nRB
MD5:	35B88482B6E5742604AF3DE8BA01F378
SHA1:	5F9FB43DBA25DB1D4169A37036C0B5A101240BB5
SHA-256:	F33C6CDD27C56C4F194C9020DAFF3E8ECBA38AED831E9A9508F1CC20A93126B5
SHA-512:	CE8AB8F00436A05D630867AFFAB325188F5EE01733216BD78665A4255EF6AD552DF17D9C61342F604833F2F493EE7556D05527884EDEB3C141B9AB49BE5B4D1C
Malicious:	false
Preview:	......._..worker.js..Z.s.8..........A1...AehB.f)d.....2....cgm.l.p..=.$.2.$.......,..G..d....;...%7>..F.. ...v......w.L...2.u{...~4.........k.....F'XD.3..U2..vs<....^..^l,y..u../..F...k.,...HB.\|o..(...U.....f.A.....d....M.X.h,...`.c..W7<HX.2...c.L@...5.d.....;W.."}Jn.y.2\%F..$......_-P.t..n<.N.j.w....b.=..7..s.....\|/^.c..rW..:c...$...ad...->p.`.BO...<\....(...s..o.;.v...D.."....>.y.=...}?.C...`.6bg.........z.^...lS..F..I..K....W..Y.`'{$KU...q.N.1..#!..j..k\.O.tF].wa...?.N.'F.s...1~...c.(F....1<5:...O...1........p..}..y.......y...7.....b.......B.....>tG.g....{.d'...x.k..GF.8....~gd._...]........#X...;..@..3.?C.8.....N..K....f...?.z........w].A.].+.....;...8.\|..YC.[/8U....d(W..?....T..p0.A...F../...1:....t4..[9h2.2....+9.9.V..l_^t.E..n.......M...U R.i=\|a...N.nY.......v4..'.k..~_...).j...;.....m.@v._.1.S...).~\..%Go.._3..Y..P.m.....C .?0,.r.K.-..+Jy..T/e..$tK.R..am.ek.Z.[.F.c$&'.x.C...1....5_.I<.O\<..\|.c....."^...&...e.R....U...(.

Chrome Cache Entry: 245

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	12982
Entropy (8bit):	5.088648954613395
Encrypted:	false
SSDEEP:	192:1Hcm65FvoEDK3jVQwjT/jEdqNPi0ozD7kTzdcvKAeziHQd:1H6fvDWrbcqPi7keKAsd
MD5:	79791AA1B82EC319446A28648F789D47
SHA1:	80887A0C60C4F1F37154429D4540175AFA0F0E62
SHA-256:	1FF4586D1B5D97042D4A8DDA5186BB3DD060CF7CC3CB5C206BB6D173F5AD1DCE
SHA-512:	FB87D0E0682CD90E433208B8EC071A282AB5445398E98D158737C8E1449F24FE75408660648CBBC793754E324D81BEE72C25AE1B7C090DDCCD247996047C0A17
Malicious:	false
Preview:	<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="16" height="16" viewBox="0 0 16 16"><defs><style>.a{fill:none;}.b{fill:#f0f0f0;}.c{fill:#ff241f;}.d{fill:#0022d4;}.e{fill:#e6e6e6;}.f{clip-path:url(#a);}.g{fill:url(#b);}.h{clip-path:url(#c);}.i{clip-path:url(#d);}.j{fill:url(#e);}.k{clip-path:url(#g);}.l{fill:url(#h);}.m{clip-path:url(#j);}.n{fill:url(#k);}.o{clip-path:url(#m);}.p{fill:url(#n);}.q{clip-path:url(#p);}.r{fill:url(#q);}.s{fill:#f02800;}.t{fill:#0600a4;}.u{clip-path:url(#r);}.v{fill:url(#s);}.w{clip-path:url(#u);}.x{fill:url(#v);}.y{clip-path:url(#x);}.z{fill:url(#y);}.aa{clip-path:url(#aa);}.ab{fill:url(#ab);}.ac{clip-path:url(#ad);}.ad{fill:url(#ae);}</style><clipPath id="a"><path class="a" d="M108.451,70.673l-.007-.011.007.011m-.007-.011,0-.006,0,.006" transform="translate(-108.44 -70.656)"/></clipPath><linearGradient id="b" x1="-1063.165" y1="522.788" x2="-1053.36" y2="522.788" gradientUnits="objectBoundingBox"><stop offset="0" s

Chrome Cache Entry: 246

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (46429), with no line terminators
Category:	downloaded
Size (bytes):	46430
Entropy (8bit):	5.303853365298302
Encrypted:	false
SSDEEP:	768:OaOFhhR5OIahpjfRys3LzQR04TYYyDMOWPKQ:OaOFnRqDRtzQ64IfWiQ
MD5:	72BCA04FD669EB89FC65D59052D0FC00
SHA1:	27E60AEF86F0CB1B2F6B6ED9DF9A4E3BA88EFD21
SHA-256:	823804A7807864B44093A3843788F4CD076E89CF4A6FDEB8D153AE5C2C2DF721
SHA-512:	56058E4C927563CA37DEC4979AF28A415EA3042A389C0BA22738C76D39131317A703A38A95EAB9D913F116F7C2D1DA62A0A87750F47DECA2DDB3447D64303B12
Malicious:	false
URL:	https://bat.bing.com/bat.js
Preview:	function UET(o){this.stringExists=function(n){return n&&n.length>0};this.domain="bat.bing.com";this.domainCl="bat.bing.net";this.URLLENGTHLIMIT=4096;this.pageLoadEvt="pageLoad";this.customEvt="custom";this.pageViewEvt="page_view";o.Ver=o.Ver!==undefined&&(o.Ver==="1"\|\|o.Ver===1)?1:2;this.uetConfig={};this.uetConfig.consent={enabled:!1,adStorageAllowed:!0,adStorageUpdated:!1,hasWaited:!1,waitForUpdate:0};this.uetConfig.tcf={enabled:!1,vendorId:1126,hasLoaded:!1,timeoutId:null,gdprApplies:undefined,adStorageAllowed:undefined,measurementAllowed:undefined,personalizationAllowed:undefined};this.beaconParams={};this.supportsCORS=this.supportsXDR=!1;this.paramValidations={string_currency:{type:"regex",regex:/^[a-zA-Z]{3}$/,error:"{p} value must be ISO standard currency code"},number:{type:"num",digits:3,max:999999999999},integer:{type:"num",digits:0,max:999999999999},hct_los:{type:"num",digits:0,max:30},date:{type:"regex",regex:/^\d{4}-\d{2}-\d{2}$/,error:"{p} value must be in YYYY-MM-DD date

Chrome Cache Entry: 247

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4179)
Category:	downloaded
Size (bytes):	208163
Entropy (8bit):	5.538106415559375
Encrypted:	false
SSDEEP:	3072:hBc0Iard8OdOMbS89yCiqjysCB8PJ7dQWqzGmRFd4xKlJAzS7A:Hb8OdOwFr1NPRdQWqzGav0
MD5:	D4F14F45FC3ECCC22FB4A98A0E495F04
SHA1:	88D9172A7279D465FA9D94CC78F2B43059EA548C
SHA-256:	EC402DA3B1CEDBFD1384F0764AE479A8717EAE1C7619FE0352EDE680B139F2B6
SHA-512:	1CE484D592DCC8D37FF104D6AD7E67E5A8622A2CDAB0B0B4428B02B0107093EDDF0067BD243924D7DBEDDDE6F4BE9BA228F6D23903619B220C748DD6F214A3BF
Malicious:	false
URL:	https://www.googletagmanager.com/gtag/js?id=UA-1338774-7&l=dataLayer&cx=c
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_1p_data_v2","priority":2,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_autoEmailEnabled":true,"vtp_autoPhoneEnabled":false,"vtp_autoAddressEnabled":false,"vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":6},{"function":"__ccd_ga_first","priority":1,"vtp_instanceDestinationId":"UA-1338774-7","tag_id":9},{"function":"__rep","vtp_containerId":"UA-1338774-7","vtp_remoteConfig":["map"],"tag_id":1},{"function":"__zone","vtp_childContainers":["list",["map","publicId","G-FEYVLL88YK"]],"vtp_enableConfiguration":false,"tag_id":3},{"function":"__ccd_ga_last","priority":0,"vtp_instanceDestinationId":"UA-1338774-7","tag_id":8}],. "predicates":[{"function":"_eq","arg0":["macro",0],"arg1":"gtm.js"},{"function":"_eq","arg0":["macro",0],"arg1":"gtm.

Chrome Cache Entry: 248

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (60577)
Category:	downloaded
Size (bytes):	60712
Entropy (8bit):	5.177326044282994
Encrypted:	false
SSDEEP:	768:MW1LcdJmcDOhecsTWkJQ9JqxyKp9/1nadP8MNmfOgKfCY:2dJmci9ss4VadfkfO5
MD5:	D39686E29B02A3CF092E8C3C606FB714
SHA1:	9A1749AAB1607DA98CDDFF283F719A8E26C8AE5E
SHA-256:	E14EB9E326533C6F96D66DF4938F3D2F89EF3A1FDDDF2E9B1BA8A1AA1C167B53
SHA-512:	99F5423ECED5E8ECE2CDE422C0FFA9A63463E76C9CCB647342688D339E6F278D65D4D903C06CD14F6241D0FF253272828D07A887ED0F53988CDBA5E2ECEC7B82
Malicious:	false
URL:	https://www.avs4you.com/app-ec6a9b7fc501dcfa2bce.js
Preview:	/! For license information please see app-ec6a9b7fc501dcfa2bce.js.LICENSE.txt /.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[21],{"+ZDr":function(e,t,n){"use strict";var r=n("5NKs");t.__esModule=!0,t.withPrefix=h,t.withAssetPrefix=function(e){return h(e,m())},t.navigateTo=t.replace=t.push=t.navigate=t.default=void 0;var o=r(n("uDP2")),a=r(n("v06X")),i=r(n("XEEL")),s=r(n("j8BX")),u=r(n("17x9")),c=r(n("q1tI")),l=n("YwZP"),p=n("LYrO"),f=n("cu4x");t.parsePath=f.parsePath;var d=function(e){return null==e?void 0:e.startsWith("/")};function h(e,t){var n,r;if(void 0===t&&(t=v()),!g(e))return e;if(e.startsWith("./")\|\|e.startsWith("../"))return e;var o=null!==(n=null!==(r=t)&&void 0!==r?r:m())&&void 0!==n?n:"/";return""+((null==o?void 0:o.endsWith("/"))?o.slice(0,-1):o)+(e.startsWith("/")?e:"/"+e)}var m=function(){return""},v=function(){return""},g=function(e){return e&&!e.startsWith("http://")&&!e.startsWith("https://")&&!e.startsWith("//")};var b=function(e,t){return"number"==typeof

Chrome Cache Entry: 249

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	214469
Entropy (8bit):	4.937520454268805
Encrypted:	false
SSDEEP:	3072:h2rj3fULvliRmAJ3yB8B8PhWUZ43M3WogIkUasn9CgZW:TlEyB8B8PhxaWCgZW
MD5:	47ED8898BCA3325ADD7230A5BE6F7AAE
SHA1:	5491CEB42874BDC3FF155D197A8A0969F373DA50
SHA-256:	2CC43C8A1E752883FA5374E501F1E1BCC9F64B870C390476BDC52D05772990B4
SHA-512:	AC2A2A055A26C7DC09150BCB10F1B827DD268B94836DD7E8AFD21ABDB1F1910F0B7B593693542E544E726234B225BFD069273A51A4FB0B41ECD71302B6A102E8
Malicious:	false
Preview:	{"componentChunkName":"component---src-pages-index-js","path":"/","result":{"pageContext":{"availableLocales":[{"value":"en","text":"English"},{"value":"de","text":"Deutsch"},{"value":"it","text":"Italiano"},{"value":"fr","text":"Fran.ais"},{"value":"es","text":"Espa.ol"},{"value":"jp","text":"..."},{"value":"ru","text":"......."},{"value":"pl","text":"Polski"},{"value":"ko","text":"..."},{"value":"da","text":"Dansk"},{"value":"nl","text":"Nederland"},{"value":"pt","text":"Portugu.s"},{"value":"zh","text":".."}],"locale":"en","routed":true,"data":[{"content":"{\n\t\"**********************COMMON***********************\": \"********************COMMON***********************\",\n\n\n\t\"/\": \"/\",\n\t\"CurrentLanguage\": \"English\",\n\n\n\n\n\t\"********************HEADER DOWNLOAD BUTTONS***********************\": \"********************HEADER DOWNLOAD BUTTONS*************************\",\n\n\n\t\"get $5 coupon code\": \"GET $5 COUPON C

Chrome Cache Entry: 250

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	12555
Entropy (8bit):	4.874490985667397
Encrypted:	false
SSDEEP:	96:+HJ/kAu9sb23sw112+0jPKNzz6vDEIzHHXhypZCKJTcwppe3dq/QfTWeC2MiN:CcA89c4zwAILHQp8TAg3doMWefMg
MD5:	FBF130C4CF651D793EF080714EB235D7
SHA1:	26D3A1EE98EAD9C7D3BC390520D2202D845681D3
SHA-256:	A54D17BD1FDD815F83DB626FE35A259940E9430E6F083538E56A8E3C87F8489E
SHA-512:	E14B1E006F43E89F46D3F359225C8B8CFB18261FE5FA01D5EF5AD7F829AB0133168FDE48BCD791D721C6D3546F3A537C605CD5D5696E15F4E657A49E66EDA14F
Malicious:	false
URL:	https://www.avs4you.com/static/portugal-flag-fbf130c4cf651d793ef080714eb235d7.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="16" height="16" viewBox="0 0 16 16">. <defs>. <clipPath id="clip-path">. <circle id="Ellipse_771" data-name="Ellipse 771" cx="8" cy="8" r="8" transform="translate(0.203 0.203)" fill="none"/>. </clipPath>. <clipPath id="clip-path-2">. <path id="Path_21267" data-name="Path 21267" d="M150,78.773A3.773,3.773,0,1,0,153.773,75,3.773,3.773,0,0,0,150,78.773" transform="translate(-150 -75)" fill="none"/>. </clipPath>. </defs>. <g id="Portugal" transform="translate(-74.467 0.533)">. <g id="Group_4078" data-name="Group 4078" transform="translate(74.264 -0.736)">. <g id="Group_4077" data-name="Group 4077" clip-path="url(#clip-path)">. <rect id="Rectangle_2609" data-name="Rectangle 2609" width="23.559" height="17.091" transform="translate(-3.576 -0.343)" fill="#009b3a"/>. <path id="Path_21264" data-name="Path 21264" d="M47.143,42.142l8.947,5.713,8.947-5.713L56.09,

Chrome Cache Entry: 251

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1359
Entropy (8bit):	6.932307426986453
Encrypted:	false
SSDEEP:	24:Jy1he91Wwjx82lY2T3ouVYiP2i/yJ3VXiGYiIGQLjoq4p5KimRA0btI3Djb:JwqQNn2xHTqJ3ASI9Pod5KimRrJcPb
MD5:	F55EB5FE088895007E3E0AA4B5594DE2
SHA1:	C59A975637F7F4381AE2A59B692226801AE2D200
SHA-256:	2E430CD091B0596BE41D237A933C4BAA9E407C8CBBCA99A9E54DBEDE9912C900
SHA-512:	E34349E0A916938545270A6A27B7E883FAD261B7E2A5D4E6CBFD27BA93CC3C51AC5ABFC3F9BD0ACFF3089958CB84B3922694C71865FE17C493623337BCE775BC
Malicious:	false
URL:	https://www.avs4you.com/favicon.ico
Preview:	.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:1667382BDE3A11E2B5CDE9D9B5EA068B" xmpMM:DocumentID="xmp.did:1667382CDE3A11E2B5CDE9D9B5EA068B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:16673829DE3A11E2B5CDE9D9B5EA068B" stRef:documentID="xmp.did:1667382ADE3A11E2B5CDE9D9B5EA068B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.A......IDATx..K(Da.....3Y..c.QH..FJc41^%"JQ..db.l.i.a..$.$J..3.V,.Is..]........w..s..T..A.h'..3qN...R.,..,q.

Chrome Cache Entry: 252

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (22144)
Category:	downloaded
Size (bytes):	22234
Entropy (8bit):	6.025609578988064
Encrypted:	false
SSDEEP:	384:N4Pz5LUe9NYjyyqdBIJqTY7/aDKH9OJ0UuaVOwWDcrDdZLlzbxQkLz8lcz:NUL5NYmrGuhMcyLDkD9zbD8W
MD5:	2AAA7015496CC202F82D9BCEDE5AEE1E
SHA1:	080E0AA1F31E2C7F88FABADE3BA4186A1C7EFC01
SHA-256:	562FBC9C1F7034C9BC523C1EB8B17CEFA998C903D54A99DDC01D7D6AF1BB0906
SHA-512:	48A8D3BC8E8D8C552BABAA41D2FBABD9721CF4CE1365CA37CC2BFCB8AE7A553D0CC796F1E9D20FD4CB286F940EE797563FF3BD2E6FEC52E9C0D7D61C7CF73322
Malicious:	false
URL:	https://www.avs4you.com/9dca3c060c98a2ec0e5a6368c886bb5833c66958-6c0ebfb674551fc6862e.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[12],{ANJs:function(f,I){f.exports="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMUAAABACAYAAACqRbObAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAB24SURBVHgB7V0JXFTV9/8CM+z7KggKiAsq4gLimoqWC25JlhVqalr+Nc3UfpUttqhlqZVaVi6llpmluZcbmnvihooKCgjIvg4MwzDMzP/cNzDMwMwww5KK8/34HN59951333vn3LPde58Jmghbdv8VsGLrnn5XTl31QkYxjDDiQcMnvGP+ey+/cHLGC6Nv6KpngkbEmdRUq1deWPhqWlnpzII8gT+seGYwM4MRRjwUkMkAUYXU0c46o7WT88pvNy9d18fHR1SzWqMJRa8Js8JuX0/aUgBJW5iawggjHmqQgDia8u516eA/6Z/f1v6jeqhRhCLomVfGXLtx9w/wjWrBiEcMFTJpWAf/Ced3fvd7VVGDhaLbyKm9LyemngTP1CgQRjyakEilPu38IlJ3//A3222QnRMtl/OSkzN/MgqEEY80yMIpuXt/NfOJ2W6DmPnCkfjpqeKSyTCpp8KRyxW/Jo3q7xthhMEok0tdTu07UZSXGnemQZoiQyKaXy+nWiKBvbMrekVEwjcwCEYY8cBBfJwlEs1if/JQTxyIPuc9Yupb/rCz0O+EigpYWlnDr2soOg8ZAZdWfpBJpbgybxqMMOJhQGFBifeuv48Pr7dQ7Dp8tBMs6og2MfOItIJ/cAja9xsIn+BQmKqckhkfhzJRKYlmvZthhBGNB2ue2fb9x3oazI3zl33TY+uWfRO3Hjw9GeZaTpeYINSjFHa9n0Xr8FGwsLbVWC3h3CmjQBjx8IA67EP/XtHPfPph926PZUt/mpovlU

Chrome Cache Entry: 253

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Category:	downloaded
Size (bytes):	48236
Entropy (8bit):	7.994912604882335
Encrypted:	true
SSDEEP:	768:uj6JxavgLx5rjTH3CdZ3y11o4uMb2IVEhiB6z6GAAHJApICtBgso6HaOjTXHRWK:ujoa4LxZPCdm3B2IVEhiB62apApISxos
MD5:	015C126A3520C9A8F6A27979D0266E96
SHA1:	2ACF956561D44434A6D84204670CF849D3215D5F
SHA-256:	3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
SHA-512:	02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C
Malicious:	false
URL:	https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Preview:	wOF2.......l......D...............................O..B..h?HVAR.x.`?STAT.$'...0+...\|.../V........+..2.0..6.6.$..`. ..~......[B4q.....t..P.M_.z...1..R.S...u.#..R....fR.1.N.v.N.P...;.2........!Z......Qs...5f.G.K.an2&....2.........C.H.t..N!.....nh.<(.vN.....j.._.L.P.t..Ai.%.............._I.i,..o,C.].H.X9.....a.=N....k.....n.L..k.f.u..{...:.}^\[..~5...Z`...........`!...%4..,...K0..&.a/....P....S....m.Z......u...D.j.F...f.0`I.`.`.h#..)(FQ.F!o$........S.).MV8%Rh...r...x...T]$.=......Y...!.3.&U..."....Q....{.l/0..d..4iJ/..}...3....i[Z..NG.WD...>.[U..Q.h..@m.=..S...1C2...d...<..v.?.q.f..n...OUz.....&Z......Z."..N.....n...9.B..C..W....}...W..6Zs.i.+Z........jB.n..x.8M.....q..@I....-.%..,C,..K..#.2...4)/.v_..x.<....t.....%[.4?.=j.V..jj''..W.u..q....I.L.=......E...\.M.7{.>......W........C.`...,9$......\..o........y...4A..m.P.,X..=?.:................wF`..+.P..........M!.4.......l.>M..t.ff5r..^..Z.g...!fA,hIIQ...e.R>B.AH.VuX..>..\.=.ky...1>C....>C.c.;...6D.

Chrome Cache Entry: 254

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (34035)
Category:	downloaded
Size (bytes):	34244
Entropy (8bit):	5.239487210330212
Encrypted:	false
SSDEEP:	768:UeaijQDqQ8uJmFCS57ote9907IrBGVQr5aLI9cRnKdTkr1QcuDSr7Ogf1ExLR:9EeEmP57ote990kQKWHnKdTmWDSr6gfE
MD5:	68A0190568888EB159931BFBE76C740A
SHA1:	3932F595F566043555B19A3C233B0BF495D6A536
SHA-256:	EE4BF27E01EA2E8BE5D022B2CC486ACF606E471BFE3E5486EBEE1CDCE4D162F9
SHA-512:	B7E0901910732CC0111BEA55A411E0E9594E2D0033F00AECB2F4450BF46802D93052D721AA195E059F12C37D45AA5D4F6C2388B37779F5A7E1D89AE549AF67CB
Malicious:	false
URL:	https://www.avs4you.com/2065217a474d4a3fd54097f75f88115fcb365010-adda0b8e31f45949fb70.js
Preview:	/! For license information please see 2065217a474d4a3fd54097f75f88115fcb365010-adda0b8e31f45949fb70.js.LICENSE.txt /.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[5],{ZbKm:function(e,t,n){"use strict";n.d(t,"a",(function(){return g})),n.d(t,"b",(function(){return b}));var r=n("q1tI"),o=n.n(r),i="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},s=function(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")},a=function(){function e(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,r.key,r)}}return function(t,n,r){return n&&e(t.prototype,n),r&&e(t,r),t}}(),l=Object.assign\|\|function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])

Chrome Cache Entry: 255

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	12555
Entropy (8bit):	4.874490985667397
Encrypted:	false
SSDEEP:	96:+HJ/kAu9sb23sw112+0jPKNzz6vDEIzHHXhypZCKJTcwppe3dq/QfTWeC2MiN:CcA89c4zwAILHQp8TAg3doMWefMg
MD5:	FBF130C4CF651D793EF080714EB235D7
SHA1:	26D3A1EE98EAD9C7D3BC390520D2202D845681D3
SHA-256:	A54D17BD1FDD815F83DB626FE35A259940E9430E6F083538E56A8E3C87F8489E
SHA-512:	E14B1E006F43E89F46D3F359225C8B8CFB18261FE5FA01D5EF5AD7F829AB0133168FDE48BCD791D721C6D3546F3A537C605CD5D5696E15F4E657A49E66EDA14F
Malicious:	false
Preview:	<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="16" height="16" viewBox="0 0 16 16">. <defs>. <clipPath id="clip-path">. <circle id="Ellipse_771" data-name="Ellipse 771" cx="8" cy="8" r="8" transform="translate(0.203 0.203)" fill="none"/>. </clipPath>. <clipPath id="clip-path-2">. <path id="Path_21267" data-name="Path 21267" d="M150,78.773A3.773,3.773,0,1,0,153.773,75,3.773,3.773,0,0,0,150,78.773" transform="translate(-150 -75)" fill="none"/>. </clipPath>. </defs>. <g id="Portugal" transform="translate(-74.467 0.533)">. <g id="Group_4078" data-name="Group 4078" transform="translate(74.264 -0.736)">. <g id="Group_4077" data-name="Group 4077" clip-path="url(#clip-path)">. <rect id="Rectangle_2609" data-name="Rectangle 2609" width="23.559" height="17.091" transform="translate(-3.576 -0.343)" fill="#009b3a"/>. <path id="Path_21264" data-name="Path 21264" d="M47.143,42.142l8.947,5.713,8.947-5.713L56.09,

Chrome Cache Entry: 256

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3240)
Category:	downloaded
Size (bytes):	11290
Entropy (8bit):	5.5965320055224375
Encrypted:	false
SSDEEP:	192:dkE4q6W8mUpp7n/uW4GRG8K96RAgQqTlzH3n8x8tjzaCvtwLZ4DGs:dTgpx/54GRGQZZMutjzaCvt8Hs
MD5:	275505F84E386151F4225B3DCBA180F7
SHA1:	B7C0A5E95101A3BEB21B63B245AB07B59AF6CA5F
SHA-256:	8CBFA6A1326E3BD7743E9FFD3D7069D34C318F5538B4A8CAA82E3D1892F66E6A
SHA-512:	84F734C5EC67CC8ACDB82203BC16661914AC956A0DFCD31D466840073C25733FD827C4C347E1EF2BCF993DDEB262BFD39588F66C2496704B32DD3F355A5309EC
Malicious:	false
URL:	https://dev.visualwebsiteoptimizer.com/j.php?a=279977&u=https%3A%2F%2Fwww.avs4you.com%2FRegister.aspx%3FType%3DInstall%26ProgID%3D72%26URL%3DRegister&f=1&r=0.39962393127720364
Preview:	try{;(function(){var aC=window._vwo_code;if(aC){window._vwo_j_e=window._vwo_j_e\|\|0;if(window._vwo_j_e==1){window._vwo_mt="dupCode";clearTimeout(window._vwo_settings_timer);if(window.VWO&&window.VWO._&&window.VWO._.bIE){window._vwo_code.finish()}return}if(window._vwo_j_e==-1){window._vwo_j_e=1}}window._vwo_mt="live"; var localPreviewObject = {}; var previewKey = "_vis_preview_279977"; var wL = window.location; try {localPreviewObject[previewKey] = window.localStorage.getItem(previewKey); JSON.parse(localPreviewObject[previewKey])} catch (e) {localPreviewObject[previewKey] = ""}; try{window._vwo_tm="";var getMode=function(e){var n;if(window.name.indexOf(e)>-1){n=window.name}else{n = wL.search.match("_vwo_m=([^&]*)");n=n&&n[1]}return n&&JSON.parse(decodeURIComponent(n))};var ccMode = getMode("_vwo_cc");if(window.name.indexOf("_vis_heatmap")>-1\|\|window.name.indexOf("_vis_editor")>-1\|\|ccMode\|\|window.name.indexOf("_vis_preview")>-1){try{ if (window.name && JSON.parse(window.name)) { window._

Chrome Cache Entry: 257

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, was "worker.js", last modified: Tue Jul 21 10:14:25 2020, from Unix, original size modulo 2^32 47679
Category:	downloaded
Size (bytes):	15189
Entropy (8bit):	7.9870756297562275
Encrypted:	false
SSDEEP:	384:N9uozDZy5DkV1oL9XPB/uQPTiX6IRmxVbq7zq2x48HCR4:Ncoz1yIAxuO2XN5nRB
MD5:	35B88482B6E5742604AF3DE8BA01F378
SHA1:	5F9FB43DBA25DB1D4169A37036C0B5A101240BB5
SHA-256:	F33C6CDD27C56C4F194C9020DAFF3E8ECBA38AED831E9A9508F1CC20A93126B5
SHA-512:	CE8AB8F00436A05D630867AFFAB325188F5EE01733216BD78665A4255EF6AD552DF17D9C61342F604833F2F493EE7556D05527884EDEB3C141B9AB49BE5B4D1C
Malicious:	false
URL:	https://dev.visualwebsiteoptimizer.com/analysis/worker-70faafffa0475802f5ee03ca5ff74179.js
Preview:	......._..worker.js..Z.s.8..........A1...AehB.f)d.....2....cgm.l.p..=.$.2.$.......,..G..d....;...%7>..F.. ...v......w.L...2.u{...~4.........k.....F'XD.3..U2..vs<....^..^l,y..u../..F...k.,...HB.\|o..(...U.....f.A.....d....M.X.h,...`.c..W7<HX.2...c.L@...5.d.....;W.."}Jn.y.2\%F..$......_-P.t..n<.N.j.w....b.=..7..s.....\|/^.c..rW..:c...$...ad...->p.`.BO...<\....(...s..o.;.v...D.."....>.y.=...}?.C...`.6bg.........z.^...lS..F..I..K....W..Y.`'{$KU...q.N.1..#!..j..k\.O.tF].wa...?.N.'F.s...1~...c.(F....1<5:...O...1........p..}..y.......y...7.....b.......B.....>tG.g....{.d'...x.k..GF.8....~gd._...]........#X...;..@..3.?C.8.....N..K....f...?.z........w].A.].+.....;...8.\|..YC.[/8U....d(W..?....T..p0.A...F../...1:....t4..[9h2.2....+9.9.V..l_^t.E..n.......M...U R.i=\|a...N.nY.......v4..'.k..~_...).j...;.....m.@v._.1.S...).~\..%Go.._3..Y..P.m.....C .?0,.r.K.-..+Jy..T/e..$tK.R..am.ek.Z.[.F.c$&'.x.C...1....5_.I<.O\<..\|.c....."^...&...e.R....U...(.

Chrome Cache Entry: 258

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1453
Entropy (8bit):	4.919319786500308
Encrypted:	false
SSDEEP:	24:2tlewmAH6jE5ziApRgk1TRHDH/qRhr2sIOhRa8qRHPr2HRHwKvTDVIx:YH6jE5ziAfdjghr2sIq5gvr2xzvdg
MD5:	96D6C0FBB60D8F2310AFCCF2B326EA8F
SHA1:	F28892EB012D3CFD950DE777F4F98A80D2DFE1E0
SHA-256:	2950C48DD89818332DD1D83FA79F666E3784B8A3EFA579F94465BDDD54E8E977
SHA-512:	93E31E8C1EA636C71D242015A905FF2A13F18D726FE975F60038BD27E0C0ABB0293BAE9A699592A95584051AA7F9B0ADC9E3D699F8ADE0EE2004800B1D78FD74
Malicious:	false
URL:	https://www.avs4you.com/impact-affiliates-run.js
Preview:	(function () {.. var affKeyArrary = ['campaign_id', 'media_partner_id', 'tracker_id'];. var affParam = '';.. for (var i = 0; i < affKeyArrary.length; i++) {. var affKey = affKeyArrary[i];.. if (document.cookie.indexOf(affKey + '=') != -1) {. var affVal = getCookie(affKey);.. if (!affVal) {. affParam = "";. break;. }.. affParam += '&' + affKey + '=' + affVal;. }. }.. if (affParam) {.. var shartitBtnsOneYear = document.querySelectorAll('a[href="store.avs4you.com/order/checkout.php?PRODS=604110"]');. var shartitBtnsUnlimited = document.querySelectorAll('a[href="store.avs4you.com/order/checkout.php?PRODS=604132"]');.. for (var i = 0, len = shartitBtnsOneYear.length; i < len; i++) {. var newUrl = "https://order.shareit.com/cart/add?vendorid=200281390&PRODUCT[300919254]=1" + affParam;. shartitBtnsOneYear[i].setAttribute('href', newUrl);.

Chrome Cache Entry: 259

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (25486)
Category:	downloaded
Size (bytes):	25828
Entropy (8bit):	5.961946905303433
Encrypted:	false
SSDEEP:	384:MCdKqaf62cVjHGaFo/2Z7KYa3jvs8ryV9SvQR17RYYZL5rMo:MWj2ahF421KR3Ds7V0v7YIo
MD5:	774D4540E8024BB660ECE029C5EDD7D0
SHA1:	F44C3D7B1143F18AA467AA31114D755B26CF97FC
SHA-256:	928E1D949C6592C8104C1F8286CE11F8E792A40F703EAEF295ED5483A1061356
SHA-512:	832733D6A3A6AD949212E15E336C7122B7859C2F120371F76DD302D3E2A2CADE368D3E21625C551D65CE395D8F4FC3084EEAD1CA6B0996454E2B3DD436A2D76B
Malicious:	false
URL:	https://www.avs4you.com/33e6b7bb568ff42f71b848c5df167b4296d898c4-ac14a9bffec845baa13f.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[16],{"2zBu":function(M,D){M.exports="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI4NiIgaGVpZ2h0PSI4NiIgdmlld0JveD0iMCAwIDg2IDg2Ij48ZGVmcz48c3R5bGU+LmEsLmZ7ZmlsbDojZmZmN2YxO30uYiwuY3tmaWxsOiNmYjhhMjk7fS5ke2ZpbGw6I2ZmZjtmb250LXNpemU6MTNweDtmb250LWZhbWlseTpPcGVuU2Fucy1TZW1pYm9sZCwgT3BlbiBTYW5zO2ZvbnQtd2VpZ2h0OjYwMDt9LmUsLmZ7c3Ryb2tlOm5vbmU7fTwvc3R5bGU+PC9kZWZzPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKC02ODguNjU0IC0yOTk2KSI+PGNpcmNsZSBjbGFzcz0iYSIgY3g9IjQzIiBjeT0iNDMiIHI9IjQzIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg2ODguNjU0IDI5OTYpIi8+PGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoOTIuODY4IDY2LjE0NykiPjxjaXJjbGUgY2xhc3M9ImIiIGN4PSIyMy41IiBjeT0iMjMuNSIgcj0iMjMuNSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNjE1Ljc4NiAyOTQ4Ljg1MykiLz48cGF0aCBjbGFzcz0iYiIgZD0iTTMuODExLDBINjUuMTRhNC4xMjksNC4xMjksMCwwLDEsMy44MTEsNC4zODZWMjMuNTI0QTQuMTI5LDQuMTI5LDAsMCwxLDY1LjE0LDI3LjkxSDMuODExQTQuMTI5LDQuMTI5LDAsMCwxLDAsMjMuNTI0VjQuMzg2QTQuMTI5LDQuMTI5LDAsMCwxLDMu

Chrome Cache Entry: 260

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (58162)
Category:	downloaded
Size (bytes):	249182
Entropy (8bit):	5.291940179197707
Encrypted:	false
SSDEEP:	3072:L2+Z4r/HOqgkQP3aRoUUtszZzo+QrDk+t0AtBnczjqHV9M:le7RmazZzo+QrDk+t0AtS+DM
MD5:	9361DFF593FFB8864741894E1F6F0AFE
SHA1:	0A407F69E3DD5C447B9864DD3F1B587BF314C103
SHA-256:	C47B6D3222FBEDD89442AAB729B95751E9AD2E2DCF7AFD13A73D04FF12AE2307
SHA-512:	900942DAC9A77078DB9F5B735B8F9F341C62ED79A0A3391ED8E5E9CCFE20562025532EE920018F7023F2C5B17454405BFCEDE258F6B18AA643F6239655E4CA25
Malicious:	false
URL:	https://secure.2checkout.com/checkout/client/twoCoInlineCart.js
Preview:	!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.TwoCoInlineCart=e():t.TwoCoInlineCart=e()}(window,function(){return function(t){var e={};function n(r){if(e[r])return e[r].exports;var o=e[r]={i:r,l:!1,exports:{}};return t[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)\|\|Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var o in t)n.d(r,o,function(e){return t[e]}.bind(null,o));return r},n.n=function(t){var e=t&&t.__esModule?funct

Chrome Cache Entry: 261

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2343)
Category:	downloaded
Size (bytes):	52916
Entropy (8bit):	5.51283890397623
Encrypted:	false
SSDEEP:	768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL
MD5:	575B5480531DA4D14E7453E2016FE0BC
SHA1:	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
SHA-256:	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
SHA-512:	174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
Malicious:	false
URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var n=this\|\|self,p=function(a,b){a=a.split(".");var c=n;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r\|\|u();v=v\|\|q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2\|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240\|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192\|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING\|\|[];w.TAGGING[a]=!0};var ba=Array.isArray,c

Chrome Cache Entry: 262

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	35
Entropy (8bit):	2.9889227488523016
Encrypted:	false
SSDEEP:	3:CUdrllHh/:HJ/
MD5:	28D6814F309EA289F847C69CF91194C6
SHA1:	0F4E929DD5BB2564F7AB9C76338E04E292A42ACE
SHA-256:	8337212354871836E6763A41E615916C89BAC5B3F1F0ADF60BA43C7C806E1015
SHA-512:	1D68B92E8D822FE82DC7563EDD7B37F3418A02A89F1A9F0454CCA664C2FC2565235E0D85540FF9BE0B20175BE3F5B7B4EAE1175067465D5CCA13486AAB4C582C
Malicious:	false
URL:	https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=279977&d=avs4you.com&u=D7089C87ED9985DECDFE20D474BE53994&h=76d0d9c659f6f247740bd2ae94d457e2&t=false
Preview:	GIF89a.............,...........D..;

Chrome Cache Entry: 263

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (19927)
Category:	downloaded
Size (bytes):	308931
Entropy (8bit):	5.569259185161612
Encrypted:	false
SSDEEP:	3072:ZruU2uc0IardIOdfMbba81qCiqjysCBIQOaR1prkH+dQWqzGmRmH4xKQ483PN:Rx2ubIOdfMh9r1zQbzzdQWqzGaPV
MD5:	B17698D48257FEAB42364B4535090B89
SHA1:	42A70B4E794956410A209C1BC3DFBF468D5797A0
SHA-256:	15BB4B1A7E15E134F82058780BD2F9689F1BE440FC16F8216C75B92A9A076C67
SHA-512:	7B17B2A53D572AEF95B5126A92BBD01BE6E2B3D80DFBBA28615B056C7449F9B1B53EE9DF089C75BC61268035B2827863B28A2B64A662061DA7EA444FD77ED446
Malicious:	false
URL:	https://www.googletagmanager.com/gtm.js?id=GTM-WMB2TZX
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. . (function(w,g){w[g]=w[g]\|\|{};. w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');. .(function(){..var data = {."resource": {. "version":"287",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":"G-BWSZ9WEBRH"},{"function":"__f","vtp_component":"URL"},{"function":"__v","vtp_name":"gtm.elementUrl","vtp_dataLayerVersion":1},{"function":"__v","vtp_name":"gtm.triggers","vtp_dataLayerVersion":2,"vtp_setDefaultValue":true,"vtp_defaultValue":""},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"gtag4.items"},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"gtag4.currency"},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"gtag4.transaction_id"},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDef

Chrome Cache Entry: 264

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2171
Entropy (8bit):	5.159604826440586
Encrypted:	false
SSDEEP:	48:DZvvEiBmZfr1gGkjpgR6Qfr0Q2btKBjuBYger7iZ3brZUzveEnXbhDZhggIM:FjGIgRhf4Q2bwByBucyLeUDZhgBM
MD5:	7E43190E6AD6C24D7FC6DF7C665395BC
SHA1:	39B009BE92200D2A155DEE2004CAABA3F34B3463
SHA-256:	E91906E4C98E7C27C46E97E4325067D80DD5C595C7F18A3CC5104464DB51888D
SHA-512:	4B8FEA30DA7C55954FB35EEB810A7D0EDCB544EB10443D295C9F7B5CF151A4A928618CDDF5EDC3C576207440B65F67605D7FAF3E7C9D8EC0723E5371D13DE91F
Malicious:	false
URL:	https://secure.avangate.com/content/check_affiliate_v2.js
Preview:	var AVG_CHECK_AFF_URL_HTTP = "http://content.avangate.com/check_affiliate_js/index.php?";.var AVG_CHECK_AFF_URL_HTTPS = "https://secure.avangate.com/content/check_affiliate_js/index.php?";..function _AVGSetCookie (name, value) {..if (value == "") value = "-"; ..var curDate..= new Date();..var expireDate.= new Date(curDate.getTime() + 24 * 3600 * 1000);..var nameStr..= name + "=" + escape(value);..//var expireStr.= "expires=" + expireDate.toGMTString();..var expireStr.= "";..var pathStr..= "path=" + "/";..var cookieVal .= nameStr + "; " + expireStr + "; " + pathStr + "; ";..document.cookie = cookieVal;.}..function _AVGGetCookie(name) {. var dc = document.cookie;. var prefix = name + "=";. var begin = dc.indexOf("; " + prefix);. if (begin == -1) {. begin = dc.indexOf(prefix);. if (begin != 0) return null;. }. else {. begin += 2;. }.. var end = document.cookie.indexOf(";", begin);.. if (end == -1) {. end = dc.length;. }. return

Chrome Cache Entry: 265

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	214527
Entropy (8bit):	4.937846789993234
Encrypted:	false
SSDEEP:	3072:a2rj3fULvliRmAJ3yB8B8PhWUZ43M3WogIkUasn9CgZ8:WlEyB8B8PhxaWCgZ8
MD5:	5CD7527E5D146F451335F6ABA3A0C44C
SHA1:	946F3D90974BCB8A7CD468FC4DA4FFBAA313DD9A
SHA-256:	F08B8D8ECD461E3DC5C871924E3032BFB110CB7470CBFC2336F2025AFB8DAF29
SHA-512:	75F9FB3DA6C4730FEE4EA336FB162D212C1B03F81A1B620A4CBA77F6D04598943DB60F49D27B94AD74FD5B5FD33D5D02A4578C49929785C15E93B1C742438D37
Malicious:	false
URL:	https://www.avs4you.com/page-data/privacy.aspx/page-data.json
Preview:	{"componentChunkName":"component---src-pages-privacy-aspx-js","path":"/privacy.aspx","result":{"pageContext":{"availableLocales":[{"value":"en","text":"English"},{"value":"de","text":"Deutsch"},{"value":"it","text":"Italiano"},{"value":"fr","text":"Fran.ais"},{"value":"es","text":"Espa.ol"},{"value":"jp","text":"..."},{"value":"ru","text":"......."},{"value":"pl","text":"Polski"},{"value":"ko","text":"..."},{"value":"da","text":"Dansk"},{"value":"nl","text":"Nederland"},{"value":"pt","text":"Portugu.s"},{"value":"zh","text":".."}],"locale":"en","routed":true,"data":[{"content":"{\n\t\"**********************COMMON***********************\": \"********************COMMON***********************\",\n\n\n\t\"/\": \"/\",\n\t\"CurrentLanguage\": \"English\",\n\n\n\n\n\t\"********************HEADER DOWNLOAD BUTTONS***********************\": \"********************HEADER DOWNLOAD BUTTONS*************************\",\n\n\n\t\"get $5 coupon code\"

Chrome Cache Entry: 266

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	50
Entropy (8bit):	4.62146788019945
Encrypted:	false
SSDEEP:	3:YSAjKv8Lt/1TP9QCEXC:YSAjKvax1TPyCF
MD5:	B961A03FE5BB8EB7D3324058193AA444
SHA1:	211E383E8F7F4BC090EB0F2EC11D2C894D5D4525
SHA-256:	4542D533EEA94E7D867DBAB17707DF2CF9008F0D27ECDE6936C7D2B4520AFA48
SHA-512:	F545E671705E93EC11472514440C9A80DEC00EA0301E064E73BFE5340C83A24E7788F5C64FCA042DC948A0910DF3BD3E64B9F40CEDE6FDED62C0F48B175DB607
Malicious:	false
Preview:	{"webpackCompilationHash":"17b6a520676125bfe6a2"}.

Chrome Cache Entry: 267

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	13
Entropy (8bit):	2.7773627950641693
Encrypted:	false
SSDEEP:	3:qVZPV:qzd
MD5:	C83301425B2AD1D496473A5FF3D9ECCA
SHA1:	941EFB7368E46B27B937D34B07FC4D41DA01B002
SHA-256:	B633A587C652D02386C4F16F8C6F6AAB7352D97F16367C3C40576214372DD628
SHA-512:	83BAFE4C888008AFDD1B72C028C7F50DEE651CA9E7D8E1B332E0BF3AA1315884155A1458A304F6E5C5627E714BF5A855A8B8D7DB3F4EB2BB2789FE2F8F6A1D83
Malicious:	false
URL:	https://td.doubleclick.net/td/ga/rul?tid=G-BWSZ9WEBRH&gacid=1987730708.1716565152&gtm=45je45m0v9102177972z876934661za200zb76934661&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=1807214805
Preview:	<html></html>

Chrome Cache Entry: 268

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	50
Entropy (8bit):	4.62146788019945
Encrypted:	false
SSDEEP:	3:YSAjKv8Lt/1TP9QCEXC:YSAjKvax1TPyCF
MD5:	B961A03FE5BB8EB7D3324058193AA444
SHA1:	211E383E8F7F4BC090EB0F2EC11D2C894D5D4525
SHA-256:	4542D533EEA94E7D867DBAB17707DF2CF9008F0D27ECDE6936C7D2B4520AFA48
SHA-512:	F545E671705E93EC11472514440C9A80DEC00EA0301E064E73BFE5340C83A24E7788F5C64FCA042DC948A0910DF3BD3E64B9F40CEDE6FDED62C0F48B175DB607
Malicious:	false
URL:	https://www.avs4you.com/page-data/app-data.json
Preview:	{"webpackCompilationHash":"17b6a520676125bfe6a2"}.

Chrome Cache Entry: 269

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	13
Entropy (8bit):	2.7773627950641693
Encrypted:	false
SSDEEP:	3:qVZPV:qzd
MD5:	C83301425B2AD1D496473A5FF3D9ECCA
SHA1:	941EFB7368E46B27B937D34B07FC4D41DA01B002
SHA-256:	B633A587C652D02386C4F16F8C6F6AAB7352D97F16367C3C40576214372DD628
SHA-512:	83BAFE4C888008AFDD1B72C028C7F50DEE651CA9E7D8E1B332E0BF3AA1315884155A1458A304F6E5C5627E714BF5A855A8B8D7DB3F4EB2BB2789FE2F8F6A1D83
Malicious:	false
URL:	https://td.doubleclick.net/td/ga/rul?tid=G-FEYVLL88YK&gacid=1987730708.1716565152&gtm=45je45m0v9123194436za200&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=845811239
Preview:	<html></html>

Chrome Cache Entry: 270

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	214469
Entropy (8bit):	4.937520454268805
Encrypted:	false
SSDEEP:	3072:h2rj3fULvliRmAJ3yB8B8PhWUZ43M3WogIkUasn9CgZW:TlEyB8B8PhxaWCgZW
MD5:	47ED8898BCA3325ADD7230A5BE6F7AAE
SHA1:	5491CEB42874BDC3FF155D197A8A0969F373DA50
SHA-256:	2CC43C8A1E752883FA5374E501F1E1BCC9F64B870C390476BDC52D05772990B4
SHA-512:	AC2A2A055A26C7DC09150BCB10F1B827DD268B94836DD7E8AFD21ABDB1F1910F0B7B593693542E544E726234B225BFD069273A51A4FB0B41ECD71302B6A102E8
Malicious:	false
URL:	https://www.avs4you.com/page-data/index/page-data.json
Preview:	{"componentChunkName":"component---src-pages-index-js","path":"/","result":{"pageContext":{"availableLocales":[{"value":"en","text":"English"},{"value":"de","text":"Deutsch"},{"value":"it","text":"Italiano"},{"value":"fr","text":"Fran.ais"},{"value":"es","text":"Espa.ol"},{"value":"jp","text":"..."},{"value":"ru","text":"......."},{"value":"pl","text":"Polski"},{"value":"ko","text":"..."},{"value":"da","text":"Dansk"},{"value":"nl","text":"Nederland"},{"value":"pt","text":"Portugu.s"},{"value":"zh","text":".."}],"locale":"en","routed":true,"data":[{"content":"{\n\t\"**********************COMMON***********************\": \"********************COMMON***********************\",\n\n\n\t\"/\": \"/\",\n\t\"CurrentLanguage\": \"English\",\n\n\n\n\n\t\"********************HEADER DOWNLOAD BUTTONS***********************\": \"********************HEADER DOWNLOAD BUTTONS*************************\",\n\n\n\t\"get $5 coupon code\": \"GET $5 COUPON C

Chrome Cache Entry: 271

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	12982
Entropy (8bit):	5.088648954613395
Encrypted:	false
SSDEEP:	192:1Hcm65FvoEDK3jVQwjT/jEdqNPi0ozD7kTzdcvKAeziHQd:1H6fvDWrbcqPi7keKAsd
MD5:	79791AA1B82EC319446A28648F789D47
SHA1:	80887A0C60C4F1F37154429D4540175AFA0F0E62
SHA-256:	1FF4586D1B5D97042D4A8DDA5186BB3DD060CF7CC3CB5C206BB6D173F5AD1DCE
SHA-512:	FB87D0E0682CD90E433208B8EC071A282AB5445398E98D158737C8E1449F24FE75408660648CBBC793754E324D81BEE72C25AE1B7C090DDCCD247996047C0A17
Malicious:	false
URL:	https://www.avs4you.com/static/korea-flag-79791aa1b82ec319446a28648f789d47.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="16" height="16" viewBox="0 0 16 16"><defs><style>.a{fill:none;}.b{fill:#f0f0f0;}.c{fill:#ff241f;}.d{fill:#0022d4;}.e{fill:#e6e6e6;}.f{clip-path:url(#a);}.g{fill:url(#b);}.h{clip-path:url(#c);}.i{clip-path:url(#d);}.j{fill:url(#e);}.k{clip-path:url(#g);}.l{fill:url(#h);}.m{clip-path:url(#j);}.n{fill:url(#k);}.o{clip-path:url(#m);}.p{fill:url(#n);}.q{clip-path:url(#p);}.r{fill:url(#q);}.s{fill:#f02800;}.t{fill:#0600a4;}.u{clip-path:url(#r);}.v{fill:url(#s);}.w{clip-path:url(#u);}.x{fill:url(#v);}.y{clip-path:url(#x);}.z{fill:url(#y);}.aa{clip-path:url(#aa);}.ab{fill:url(#ab);}.ac{clip-path:url(#ad);}.ad{fill:url(#ae);}</style><clipPath id="a"><path class="a" d="M108.451,70.673l-.007-.011.007.011m-.007-.011,0-.006,0,.006" transform="translate(-108.44 -70.656)"/></clipPath><linearGradient id="b" x1="-1063.165" y1="522.788" x2="-1053.36" y2="522.788" gradientUnits="objectBoundingBox"><stop offset="0" s

Chrome Cache Entry: 272

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (62300), with CRLF line terminators
Category:	downloaded
Size (bytes):	62397
Entropy (8bit):	5.350884702903751
Encrypted:	false
SSDEEP:	768:9Ijne57zoxJa28mpUG5YTMbLpPuB8++KX5wZUZJjK1qED0F4ztva+tZW:qjetzoxJaVQC+KJwZUj0iOW
MD5:	B31E76D22DA4399DB4B8C8ECCD35DC2B
SHA1:	B36D4554849D3F05DF0363366BE9133D35EACA98
SHA-256:	5BA7B351020430E304E1C38988858E13690202831484697551E56FED5826004E
SHA-512:	DE2A305DC568D53CA6961D0C9E9FF4497A9A7FE462620417DB3F7ABB2FD508E3729C5090A1119A0DF7DA998AE7C9BF6BB140838681AFCAD493848187BDB9A312
Malicious:	false
URL:	https://www.clarity.ms/s/0.7.32/clarity.js
Preview:	/* clarity-js v0.7.32: https://github.com/microsoft/clarity (License: MIT) */..!function(){"use strict";var t=Object.freeze({__proto__:null,get queue(){return Fa},get start(){return Ua},get stop(){return Va},get track(){return Pa}}),e=Object.freeze({__proto__:null,get clone(){return hr},get compute(){return pr},get data(){return ir},get keys(){return or},get reset(){return vr},get start(){return dr},get stop(){return mr},get trigger(){return fr},get update(){return gr}}),n=Object.freeze({__proto__:null,get check(){return Or},get compute(){return Tr},get data(){return rr},get start(){return Er},get stop(){return Sr},get trigger(){return Nr}}),a=Object.freeze({__proto__:null,get compute(){return Dr},get data(){return xr},get log(){return Cr},get reset(){return Ar},get start(){return _r},get stop(){return Ir},get updates(){return Mr}}),r=Object.freeze({__proto__:null,get callbacks(){return Rr},get clear(){return qr},get consent(){return Yr},get data(){return jr},get electron(){return Lr},

Chrome Cache Entry: 273

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, was "track.js", last modified: Mon May 6 09:44:19 2024, from Unix, original size modulo 2^32 15679
Category:	downloaded
Size (bytes):	4932
Entropy (8bit):	7.966471918077223
Encrypted:	false
SSDEEP:	96:xZJCjbA1y/VW7UWubH3a2GrABrhVBnKAwrjyHsjv0:xZcnh/M7bAlhVBK1rWMjM
MD5:	1276F78CCE57E4B9A8D7D503A53B9D26
SHA1:	DB7105D8D1BF1C219E6559855517A077F5BC5D81
SHA-256:	F47FB330CEAA1ECD6D79006375BCB9F34044246529B51873C425DC3080BD7A46
SHA-512:	C91CE1E6FBEE4E9A1570F5B7DF84ED9F4F6C3238E3532CB6A7875D7CBD45FF65D5B08E56108CAAD848E8F4368AE2FF1B8979E8B39A85E77C140FA2C3AC9987FB
Malicious:	false
URL:	https://dev.visualwebsiteoptimizer.com/7.0/track-02675bafc3b15c3fe9607f49f9c72a3c.js
Preview:	....s.8f..track.js..[ms.H..~..D..B..Jy....Rd.aF.\...\.....c.Bc'k..s...B...\|.[;.@./..y.k...$p......`G.J..z....t.'...z.....#.(h@.V..Z.?....C...fe.G.i6..~.....5...3.k..hh....Zk.._.F..2.qiN~...1G......90G..1....!.F.v51..W...e...h]2.....z..^....p...KW..Y.Y.f.._eD.....c.V..b.....G....k.\|{M..1.0.Y3..O./.oo.g.yV3.+.....^8..9<...q..2)....f.......m.d..T...dI..e.....b'_.<-.H..n.../14.@g.O...%..I...xm..E[..6...-wt].N%X.HJ/.......l..`2W..$S.......V........y.J?3...#._.ax.Q#H....W...O.j..vK".C\...<..I/'M....%.>W.`+1.3......=o)7..n..!..2.V ...=M...m%...<Zd.,.Ug.<f....R..ho.P..TQ.S.....qa/.._.^....0K..$>.ac..?m.-...O\..m..l{.@+n>.1..]...x......v.^\.c....X`1,..*L..t+-...k.........;...w...)~.(...\.F..!..E.dJ..$...8.O...I.2&.2".d@>.;rA..C[...1.l..W...#p..^.#g..F1.].F..l~..d...z.b+\3..Y...h.U.Iwc.,{...<{..F....;z.&kM..._.}.)6X./..m>K\|/..dY.6...,..;...h...T..`~L..-.0..b......e..~...F.w.....x...c.z...Z..!.......P^..{...cJ.qrJb...H?m.i.. .`.Ni..

Chrome Cache Entry: 274

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	55199
Entropy (8bit):	5.44768375370973
Encrypted:	false
SSDEEP:	384:fvPfu5SvQBv0ER51ULgvdtw5M9Obv6Kr5HaxSvDTi5ej81vo4F5BI3Uvhxk5IBKN:w4IEQMwi
MD5:	306E8641D4D211DAD4A118C24AA85DAC
SHA1:	8E0DB770BD49EB91BAAC2EA121E8F32209BF2041
SHA-256:	B346E206C533E6C1A8A1DC56E27EE804C1DE4D2201DE08B2E9611C65275A4CD6
SHA-512:	A7D47E866AEDBA68DCB9A227AA8FEA598F66DF660B03BB65FC3DC5757D9818637342B78B38228C60C3DCB95664971FFEB760CC62109339417AA588B28CE30E99
Malicious:	false
URL:	"https://fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700,800\|Inter:200,300,400,400i,500,600,700,800"
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 200;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 200;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 200;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 200;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1pL7

Chrome Cache Entry: 275

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 470 x 87, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	7087
Entropy (8bit):	7.953553980776468
Encrypted:	false
SSDEEP:	96:yjtHJYnPdmAEO2FKqNXowYmrgNJXUd7jZUPMlQ6qOCGpHauA7KU3YqCp+YG:yjfKEO2FKqNXowY2d7lNC256u77E
MD5:	560C83ACA91592A5D2786012B4CA5D22
SHA1:	A92911801A3C28ACFF934016B851DF6A89FBCBC5
SHA-256:	2289477BD67842270B03F01B438D7841A31F7C8D1BC8FAE6806C3EF188145260
SHA-512:	D18276D53763BCF0F40E8E8A0363EA69686C510D605595F01EB4FE9E476866C6E4F3E7BA7AE7C710AC31457A1CFAB8A40368C648B107C0EEF6BA3587269D8944
Malicious:	false
Preview:	.PNG........IHDR.......W......_......PLTEGpL..........B..p..n..D..n..F...q...~..U..T......p..D.?U.....&.....D..<{.o..?}+C...q.`......................&;.....;...\...@........IYhN_.......nnn.....K.p...?~~~.............0/@s.^^]............!........#,f...v.....[../d...@......Y......C..........???....N.....w........OON?..4......3.....s.os....!.....y..'.w.\..............]h.8B..x....H.....y v...P..cg.....ht.?k....I..Yn...........332......_.....3....O........9..DY..A..R.s....<........T...Tbq..KKK......... ....9^...L.. [.....a..Z.n....m............c..5...M.k....Y...M.........kE........81nQc....L..#...}.../...<L..K........\|8.9v.Fu9N....b...$$SW...?C..w...k.`I.6.i..(....Lnv.O..-...u...S^.....F..e...Y..Gm#Z#y..m~..P///gd`...+.q<Nh..O^\..pt.X..._..Y.+...lG##"....}..(;w..........tRNS..K..?... ...A.`..Y......KIDATx.._H[Y..K.]..i..'......7Ar..2.i.$..i..x!`.E.E.Z..`!T.U.!....K..5....)....@[PJ).e...m..a....M...Y...99..{.....~.s.].6...o...G.),....:..5....

Chrome Cache Entry: 276

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	214547
Entropy (8bit):	4.937888697193014
Encrypted:	false
SSDEEP:	3072:a2rj3fULvliRmAJ3yB8B8PhWUZ43M3WogIkUasn9CgZT:WlEyB8B8PhxaWCgZT
MD5:	3CE4986D0FB14A75999B9651D5D58BAA
SHA1:	27AB672D35C497C8D4ADA12F7FD08F31A760538A
SHA-256:	D1327EF2771B784E36AA3EBC9A799804F8EDB702355FD109903F49A54AF13EDF
SHA-512:	FC431309703A0AEB64C980A6760DEA3E53882104D2B74116FDFAB94E182EBF7700CCB9C81DD96DA456B2C3CB6FC0AB4D73EC418CFCE14FD5A5B0C59DF8F52014
Malicious:	false
URL:	https://www.avs4you.com/page-data/register.aspx/page-data.json
Preview:	{"componentChunkName":"component---src-pages-register-aspx-js","path":"/register.aspx","result":{"pageContext":{"availableLocales":[{"value":"en","text":"English"},{"value":"de","text":"Deutsch"},{"value":"it","text":"Italiano"},{"value":"fr","text":"Fran.ais"},{"value":"es","text":"Espa.ol"},{"value":"jp","text":"..."},{"value":"ru","text":"......."},{"value":"pl","text":"Polski"},{"value":"ko","text":"..."},{"value":"da","text":"Dansk"},{"value":"nl","text":"Nederland"},{"value":"pt","text":"Portugu.s"},{"value":"zh","text":".."}],"locale":"en","routed":true,"data":[{"content":"{\n\t\"**********************COMMON***********************\": \"********************COMMON***********************\",\n\n\n\t\"/\": \"/\",\n\t\"CurrentLanguage\": \"English\",\n\n\n\n\n\t\"********************HEADER DOWNLOAD BUTTONS***********************\": \"********************HEADER DOWNLOAD BUTTONS*************************\",\n\n\n\t\"get $5 coupon code

Chrome Cache Entry: 277

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (19661)
Category:	downloaded
Size (bytes):	19749
Entropy (8bit):	5.019312239501359
Encrypted:	false
SSDEEP:	192:/mfu8S8aJLtbL5n2gSUv2ihRSPeFTfsIeSjhH5l0RyNjj6LpcQcKHw6DppCtiQvC:/mfR4lJL5nLS5CJfsIhlHzc4cgtB3Qj
MD5:	EF6E0B3B7125BC98AD310EAA59816112
SHA1:	10F306CC160BC83E8112674784D1735966E5B0B8
SHA-256:	EA6254080B29ECB1A9E27441CDDCEB60BAC8CFB943AACD2BB75B9787A568885D
SHA-512:	4403356A8331958975FFAB45CDF638B220B046A06779853D48C96F770FE3691D167F30AA23F4082BB75693E3B30684A13502376DF3D450B3695EB0EDF1FD651E
Malicious:	false
URL:	https://www.avs4you.com/component---src-pages-register-aspx-js-6f46d8866c51b1dcd83a.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[69],{eT2P:function(e,a,t){"use strict";t.r(a);var n=t("9Hrx"),s=t("q1tI"),r=t.n(s),o=t("YJrG"),i=t("5Vy0"),l=t("Bl7J"),c=t("69R2"),p=(t("ujrq"),t("FT44")),m=t("NHav"),d=t("9ONQ"),h=t("TJpk"),f=t("Wbzz"),u=t("Rufa"),x=t("avc3"),g=t("/m4c"),b=t("B9Tu"),E=t.n(b),N=t("c3st"),y=t.n(N),w=t("2zBu"),v=t.n(w),k=t("kDO/"),_=t.n(k),S=t("lQDu"),C=t.n(S),T=t("elgg"),U=t.n(T),I=t("ttCo"),M=t.n(I),O=t("X4r4"),Y=t.n(O),A=t("4z7u"),z=t.n(A);function D(e,a){return new Date(e,a+1,0).getDate()}var F=/=regnow:(.*):/,V=new Date,j=V.getMonth(),H=V.getFullYear(),L=["January","February","March","April","May","June","July","August","September","October","November","December"],B=function(e){function a(a){var t;return(t=e.call(this,a)\|\|this).cookies=new d.a,t.affiliateID="",t.siteTrasingCookie=t.cookies.get("Site_Tracing"),t.siteTrasingCookie&&(t.affiliateID=t.siteTrasingCookie.match(F)[1]),t.state={hrefUnlim:t.cookies.get("Site_Tracing")?"https://order.shareit

Chrome Cache Entry: 278

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1181
Entropy (8bit):	4.714161995310392
Encrypted:	false
SSDEEP:	24:2PDhJWIlewTXBQiG0sI+WAZQG0lE+LKuS7ki1a0w0byg:/GjyJIKuS7kik0w0yg
MD5:	A8E762DBCFFB7242BAB8F909D36A77E8
SHA1:	C53B19DA060DCC7075989471D47CB887E069FF86
SHA-256:	4A48307AA1ED1A4B742C22201D2E3855CB018288E527EA1CDB22D5C3E42DFDC8
SHA-512:	2F5C2682150F64DAB23E0DAAA3DBF523869B0B281E2E79B912DEC0C03018B0D4B27AA9576268B4BAC1D9F5F021840491B224822332D5D89E5A7F2EF486B738E0
Malicious:	false
URL:	https://www.avs4you.com/impact-write-cookie.js
Preview:	(function () {. // define the parameters of Impact Radius Affiliate. var affKeyArrary = ['campaign_id', 'media_partner_id', 'tracker_id'];.. function getParameterByName(name, url) {. if (!url) url = window.location.href;. name = name.replace(/[\[\]]/g, "\\$&");. var regex = new RegExp("[?&]" + name + "(=([^&#])\|&\|#\|$)"),. results = regex.exec(url);. if (!results) return null;. if (!results[2]) return '';.. return decodeURIComponent(results[2].replace(/\+/g, " "));. }.. function setCookie(key, value) {. var expires = new Date();. expires.setTime(expires.getTime() + (60 (40 * 1000)));. document.cookie = key + '=' + value + ';expires=' + expires.toUTCString();. }.. if (affKeyArrary && affKeyArrary.length) {.. for (var i = 0; i < affKeyArrary.length; i++) {. var affKey = affKeyArrary[i];.. if (window.location.href.search(affKey) != -1) {. var url = win

Chrome Cache Entry: 279

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 26736, version 1.0
Category:	downloaded
Size (bytes):	26736
Entropy (8bit):	7.992700056590475
Encrypted:	true
SSDEEP:	768:ykLQ/7ViopV5bgtwNdULiYmlMIabSd98eM:vc4of5KwjaYGSdK
MD5:	8404CFED82D322C1BE8E149FD9F40EB8
SHA1:	3E3657246DB3B889E68D520904AC294A230DB56D
SHA-256:	8F76526E440538EC1300AA89F671ACD1B746925833F7160F6C0E29443008F97F
SHA-512:	47EA700F6173773136F46BBE61563C1A7CC7314B6BE85286BE064C273927F48CC57FAD00331549316B29EC42F89BACEB5ACF456D918842F6AA54927555BCE7DB
Malicious:	false
URL:	https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
Preview:	wOF2......hp..........g...........................@..<..X?HVAR.a.`?STAT.$'..."+...\|.../V....(.%....0....6.$..6. ..~..R......pgO0..@...z.-..V....-..ed .8.... .....2F......o.lJ.U...Qax4.NyU8.+T..~r<.....Ew..)..-.......t.<.C.N.9!.z.a.S..du}2:..."..QW8.x.........-.....]p.z $../....~.M.....A[.b......i..7Mj#..dCe...m.5{..G..l...f....H....xd...#...!..~..N......s......RL........G.8Z......@....8g..4i#.$m..T......m...33v..3....U.z.^..........U..DF...pac.......j."..M....m3...7'..b.B..Eb.f$f...M_..- J..@.+0.j...\|........H,".B.......7...(.:V.D#...4...!........?U.RW...3\|..S...X.... ..=.^".K.,.h\.\.=6.I/ti.F.'..x.LW... ...C.....Lq..,.tq.W....?...`.P.....(...X........j.Z.h..`.......6..L.7_u.g.+...nn.....)J.H. :E75.......f..l=...k./....?.6...h...Au.E7.....[-$...........R`5..}3..?...z.H...B\.kVA.2T.,...2..}.Z...`...7..s.J@...... `n.`..,H....T....]j('P....Hnf3..h6.n...mQm7sg..y...CJ;3 ..H....~.)..).C.\|.E.?.Y..#H.@..H.Aa..)....O..(..*.u.._-....V_.....\..w.A

Chrome Cache Entry: 280

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15872)
Category:	downloaded
Size (bytes):	16637
Entropy (8bit):	5.516497072546917
Encrypted:	false
SSDEEP:	384:KutjzaCANZSjyN0SjwNmSj5SbCNmSjdCSjtNbSjW:x5ANZSjyN0SjwNmSj5KCNmSjdCSjtNbN
MD5:	52D7316C95E8EAF971E6F89584A0D8D5
SHA1:	ED46D8983FB83489BE86ED0473CFB2A0514667FE
SHA-256:	474A667A94DA894B9D6A68F34A36C2355A4713BB616EA1D5698BE362A5247DD6
SHA-512:	8A11E4457699D723EC7128B6563E0EC9164FE799F2152CF06A7D965160EE05D7C26A1258B0041EC99CFB3ADEE61154E9DA810A54BAA336CD181DDCC011C7D317
Malicious:	false
URL:	https://dev.visualwebsiteoptimizer.com/settings.js?a=279977&settings_type=1&vn=7.0&exc=18\|25
Preview:	try{window.VWO = window.VWO \|\| []; window.VWO.data = window.VWO.data \|\| {}; window.VWO.data.ts = 1716565151;(function(){var VWOOmniTemp={};window.VWOOmni=window.VWOOmni\|\|{};for(var key in VWOOmniTemp)Object.prototype.hasOwnProperty.call(VWOOmniTemp,key)&&(window.VWOOmni[key]=VWOOmniTemp[key]);;})();(function(){window.VWO=window.VWO\|\|[];var pollInterval=100;var _vis_data={};var intervalObj={};var analyticsTimerObj={};var experimentListObj={};window.VWO.push(["onVariationApplied",function(data){if(!data){return}var expId=data[1],variationId=data[2];if(expId&&variationId&&["VISUAL_AB","VISUAL","SPLIT_URL"].indexOf(window._vwo_exp[expId].type)>-1){}}])})();window.VWO.data.vi = window.VWO.data.vi \|\| {"dt":"desktop","br":"Chrome","os":"Windows","de":"Other"};.window.VWO.push(['updateSettings',{"321":[{"name":"Campaign-321","ep":1715940499000,"clickmap":1,"ss":{"csa":1,"pu":"_vwo_t.cm('eO','dom.load')"},"exclude_url":"^.&DOTEST\\=1.$","multiple_domains":1,"ibe":1,"comb_n":{"4":"Variation-3

Chrome Cache Entry: 281

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	35
Entropy (8bit):	2.9889227488523016
Encrypted:	false
SSDEEP:	3:CUdrllHh/:HJ/
MD5:	28D6814F309EA289F847C69CF91194C6
SHA1:	0F4E929DD5BB2564F7AB9C76338E04E292A42ACE
SHA-256:	8337212354871836E6763A41E615916C89BAC5B3F1F0ADF60BA43C7C806E1015
SHA-512:	1D68B92E8D822FE82DC7563EDD7B37F3418A02A89F1A9F0454CCA664C2FC2565235E0D85540FF9BE0B20175BE3F5B7B4EAE1175067465D5CCA13486AAB4C582C
Malicious:	false
Preview:	GIF89a.............,...........D..;

Chrome Cache Entry: 282

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	479761
Entropy (8bit):	5.273098930766283
Encrypted:	false
SSDEEP:	6144:fetCc89ajCOqLkYRyHtXPMBcpCwGeRJnshTBUx1uebymRGw3qW+uP1oqZN+RxNpe:UXBbym7Zr
MD5:	7BCA8D9C8BD4BF68771A9E9D8FDC84F3
SHA1:	2033EDFB1A0BF7896E776A54405402ACC820AEEF
SHA-256:	98A3EDBDA5D3E985A6F9053C03DD3627FE701B4FA524984F7895261EEC47B755
SHA-512:	AFAA3F0155E198BB6E94E324C967D5C03C522BADA6740A177E4B0AE149E1A7EB14489A0FB1D16803DD8115A8D7ACA580A649B91FFDCEDDAEEF01416858C021B3
Malicious:	false
URL:	https://www.avs4you.com/page-data/sq/d/1818369706.json
Preview:	{"data":{"allImageSharp":{"edges":[{"node":{"fluid":{"aspectRatio":1.4123711340206186,"src":"/static/496da861ea4375128e3ee3e0774b3e87/5a891/CUT_3d.png","srcSet":"/static/496da861ea4375128e3ee3e0774b3e87/5a891/CUT_3d.png 274w","sizes":"(max-width: 274px) 100vw, 274px","originalName":"CUT_3d.png"}}},{"node":{"fluid":{"aspectRatio":1.4123711340206186,"src":"/static/7eb55fadee567c9b4b8b05b9a55de283/5a891/MERGE_3d.png","srcSet":"/static/7eb55fadee567c9b4b8b05b9a55de283/5a891/MERGE_3d.png 274w","sizes":"(max-width: 274px) 100vw, 274px","originalName":"MERGE_3d.png"}}},{"node":{"fluid":{"aspectRatio":1.4123711340206186,"src":"/static/79db0a3928f34b5497fd3ac522e50ae3/5a891/SPLIT_3d.png","srcSet":"/static/79db0a3928f34b5497fd3ac522e50ae3/5a891/SPLIT_3d.png 274w","sizes":"(max-width: 274px) 100vw, 274px","originalName":"SPLIT_3d.png"}}},{"node":{"fluid":{"aspectRatio":1.4123711340206186,"src":"/static/f35549e0453ab27fa1970bfb06408cbe/5a891/TRIM_3d.png","srcSet":"/static/f35549e0453ab27fa1970bfb0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.999741551350607
TrID:	Win32 Executable (generic) a (10002005/4) 98.86% Inno Setup installer (109748/4) 1.08% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02%
File name:	SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe
File size:	10'891'576 bytes
MD5:	166dffbe964c48c778e24617ec1a683d
SHA1:	463813d3e78537dce33dffe1adcfcaaab2b7f3a5
SHA256:	97d5ae489ea5268f5ac420ec13e5e2b15b9ea69d6a61ee5c70b39a23dda9e7d0
SHA512:	1c86b7129aa21b7f6d3b98fd099f20516d635a81b04bbf993c406bc3ea623893578600e19880af1fecdd7449c5a47b5a84771e77e6d9123724a84e85e057646e
SSDEEP:	196608:G5v6PAVup5LKkL83kc/s8FNh7C1HuBVhsG4ozx73AnOmwUs5oASDPYCGLhW+pe9n:G1OAVONTI3F/P37ua7syALwv5oASbGLW
TLSH:	8BB633EBB0D5E47DF9494DB8521B03CEE1323C545BEC713C34EBC9A8A126A8748D9927
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	2d2e3797b32b2b99

Static PE Info

General

Entrypoint:	0x409a58
Entrypoint Section:	CODE
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	1
OS Version Minor:	0
File Version Major:	1
File Version Minor:	0
Subsystem Version Major:	1
Subsystem Version Minor:	0
Import Hash:	884310b1928934402ea6fec1dbd3cf5e

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Validation Error:	A certificate was explicitly revoked by its issuer
Error Number:	-2146762484
Not Before, Not After	01/12/2008 00:00:00 01/12/2011 23:59:59
Subject Chain	CN=Online Media Technologies Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Online Media Technologies Ltd., L=London, S=London, C=GB
Version:	3
Thumbprint MD5:	DC8464617374153B37B17F02181CD02E
Thumbprint SHA-1:	0E97B631E40EC5D03E0763B5BDEFE6B4C9F293F8
Thumbprint SHA-256:	8ACE91BA33CBC63F43179701DF845E5857D9F7E27155F715599AD39C25363DF7
Serial:	41ECEDCE3C0C97C050D886547FF849F3

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFC4h
push ebx
push esi
push edi
xor eax, eax
mov dword ptr [ebp-10h], eax
mov dword ptr [ebp-24h], eax
call 00007F8CECEAA833h
call 00007F8CECEABA3Ah
call 00007F8CECEADC65h
call 00007F8CECEADCACh
call 00007F8CECEB04D3h
call 00007F8CECEB063Ah
xor eax, eax
push ebp
push 0040A10Bh
push dword ptr fs:[eax]
mov dword ptr fs:[eax], esp
xor edx, edx
push ebp
push 0040A0D4h
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
mov eax, dword ptr [0040C014h]
call 00007F8CECEB1060h
call 00007F8CECEB0BC7h
lea edx, dword ptr [ebp-10h]
xor eax, eax
call 00007F8CECEAE271h
mov edx, dword ptr [ebp-10h]
mov eax, 0040CDE4h
call 00007F8CECEAA8E4h
push 00000002h
push 00000000h
push 00000001h
mov ecx, dword ptr [0040CDE4h]
mov dl, 01h
mov eax, 004072A4h
call 00007F8CECEAEADCh
mov dword ptr [0040CDE8h], eax
xor edx, edx
push ebp
push 0040A08Ch
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
call 00007F8CECEB10D0h
mov dword ptr [0040CDF0h], eax
mov eax, dword ptr [0040CDF0h]
cmp dword ptr [eax+0Ch], 01h
jne 00007F8CECEB120Ah
mov eax, dword ptr [0040CDF0h]
mov edx, 00000028h
call 00007F8CECEAEEDDh
mov edx, dword ptr [0040CDF0h]
cmp eax, dword ptr [edx+00h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xd000	0x950	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x11000	0x2a00	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xa624b0	0xc88
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xf000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
CODE	0x1000	0x9174	0x9200	ea92e1415bc80e2738e334267ebbb921	False	0.614699272260274	data	6.566253815683607	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
DATA	0xb000	0x24c	0x400	f96da19d2571a42bdff1b9e8bd62ec99	False	0.3076171875	data	2.7350839451932765	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
BSS	0xc000	0xe48	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xd000	0x950	0xa00	bb5485bf968b970e5ea81292af2acdba	False	0.414453125	data	4.430733069799036	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0xe000	0x8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0xf000	0x18	0x200	9ba824905bf9c7922b6fc87a38b74366	False	0.052734375	data	0.2044881574398449	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.reloc	0x10000	0x8b4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.rsrc	0x11000	0x2a00	0x2a00	d457f581c815aeacefec8f10ccd6b02f	False	0.33203125	data	4.506480161013465	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x11354	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	Dutch	Netherlands	0.5675675675675675
RT_ICON	0x1147c	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	Dutch	Netherlands	0.4486994219653179
RT_ICON	0x119e4	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	Dutch	Netherlands	0.4637096774193548
RT_ICON	0x11ccc	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152	Dutch	Netherlands	0.3935018050541516
RT_STRING	0x12574	0x2f2	data			0.35543766578249336
RT_STRING	0x12868	0x30c	data			0.3871794871794872
RT_STRING	0x12b74	0x2ce	data			0.42618384401114207
RT_STRING	0x12e44	0x68	data			0.75
RT_STRING	0x12eac	0xb4	data			0.6277777777777778
RT_STRING	0x12f60	0xae	data			0.5344827586206896
RT_RCDATA	0x13010	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0x1303c	0x3e	data	English	United States	0.8387096774193549
RT_VERSION	0x1307c	0x4b8	COM executable for DOS	English	United States	0.3170529801324503
RT_MANIFEST	0x13534	0x47e	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.4330434782608696

Imports

DLL	Import
kernel32.dll	DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
user32.dll	MessageBoxA
oleaut32.dll	VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
kernel32.dll	WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
user32.dll	TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
comctl32.dll	InitCommonControls
advapi32.dll	AdjustTokenPrivileges

Possible Origin

Language of compilation system	Country where language is spoken	Map
Dutch	Netherlands
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 17:37:59.038201094 CEST	49675	443	192.168.2.4	173.222.162.32
May 24, 2024 17:38:08.647521019 CEST	49675	443	192.168.2.4	173.222.162.32
May 24, 2024 17:38:22.670618057 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:22.670670986 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:22.670785904 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:22.688545942 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:22.688564062 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:23.498840094 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:23.498958111 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:23.552366018 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:23.552409887 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:23.552683115 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:23.741271019 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:24.965084076 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:25.006577015 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.227169037 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.227229118 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.227247953 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.227302074 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:25.227334976 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.227351904 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:25.227356911 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.227364063 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.227380037 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:25.227421999 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:25.227437019 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.227504969 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:25.236762047 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.236794949 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.236829042 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.236860037 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:25.236896038 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:25.236928940 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.237051010 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:25.237102985 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:26.011712074 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:26.011712074 CEST	49730	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:26.011735916 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:26.011745930 CEST	443	49730	40.127.169.103	192.168.2.4
May 24, 2024 17:38:27.612533092 CEST	49723	80	192.168.2.4	93.184.221.240
May 24, 2024 17:38:27.675570011 CEST	80	49723	93.184.221.240	192.168.2.4
May 24, 2024 17:38:27.675693989 CEST	49723	80	192.168.2.4	93.184.221.240
May 24, 2024 17:38:28.726108074 CEST	52685	53	192.168.2.4	1.1.1.1
May 24, 2024 17:38:28.731179953 CEST	53	52685	1.1.1.1	192.168.2.4
May 24, 2024 17:38:28.731271982 CEST	52685	53	192.168.2.4	1.1.1.1
May 24, 2024 17:38:28.784125090 CEST	53	52685	1.1.1.1	192.168.2.4
May 24, 2024 17:38:29.204036951 CEST	52685	53	192.168.2.4	1.1.1.1
May 24, 2024 17:38:29.257381916 CEST	53	52685	1.1.1.1	192.168.2.4
May 24, 2024 17:38:29.257486105 CEST	52685	53	192.168.2.4	1.1.1.1
May 24, 2024 17:38:42.423544884 CEST	60593	53	192.168.2.4	162.159.36.2
May 24, 2024 17:38:42.431919098 CEST	53	60593	162.159.36.2	192.168.2.4
May 24, 2024 17:38:42.432007074 CEST	60593	53	192.168.2.4	162.159.36.2
May 24, 2024 17:38:42.500842094 CEST	53	60593	162.159.36.2	192.168.2.4
May 24, 2024 17:38:42.919135094 CEST	60593	53	192.168.2.4	162.159.36.2
May 24, 2024 17:38:42.963145018 CEST	53	60593	162.159.36.2	192.168.2.4
May 24, 2024 17:38:42.963221073 CEST	60593	53	192.168.2.4	162.159.36.2
May 24, 2024 17:38:42.972044945 CEST	60594	443	192.168.2.4	52.165.164.15
May 24, 2024 17:38:42.972064018 CEST	443	60594	52.165.164.15	192.168.2.4
May 24, 2024 17:38:42.972125053 CEST	60594	443	192.168.2.4	52.165.164.15
May 24, 2024 17:38:42.972713947 CEST	60594	443	192.168.2.4	52.165.164.15
May 24, 2024 17:38:42.972738028 CEST	443	60594	52.165.164.15	192.168.2.4
May 24, 2024 17:38:43.679292917 CEST	443	60594	52.165.164.15	192.168.2.4
May 24, 2024 17:38:43.679383039 CEST	60594	443	192.168.2.4	52.165.164.15
May 24, 2024 17:38:43.684940100 CEST	60594	443	192.168.2.4	52.165.164.15
May 24, 2024 17:38:43.684950113 CEST	443	60594	52.165.164.15	192.168.2.4
May 24, 2024 17:38:43.685220003 CEST	443	60594	52.165.164.15	192.168.2.4
May 24, 2024 17:38:43.693473101 CEST	60594	443	192.168.2.4	52.165.164.15
May 24, 2024 17:38:43.738501072 CEST	443	60594	52.165.164.15	192.168.2.4
May 24, 2024 17:38:43.910167933 CEST	443	60594	52.165.164.15	192.168.2.4
May 24, 2024 17:38:43.910516024 CEST	60594	443	192.168.2.4	52.165.164.15
May 24, 2024 17:38:43.910536051 CEST	443	60594	52.165.164.15	192.168.2.4
May 24, 2024 17:38:43.910739899 CEST	60594	443	192.168.2.4	52.165.164.15
May 24, 2024 17:38:43.910891056 CEST	443	60594	52.165.164.15	192.168.2.4
May 24, 2024 17:38:43.910970926 CEST	443	60594	52.165.164.15	192.168.2.4
May 24, 2024 17:38:43.911015987 CEST	60594	443	192.168.2.4	52.165.164.15
May 24, 2024 17:38:44.333167076 CEST	60595	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:44.333281040 CEST	443	60595	40.127.169.103	192.168.2.4
May 24, 2024 17:38:44.333411932 CEST	60595	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:44.333813906 CEST	60595	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:44.333848000 CEST	443	60595	40.127.169.103	192.168.2.4
May 24, 2024 17:38:45.290399075 CEST	443	60595	40.127.169.103	192.168.2.4
May 24, 2024 17:38:45.290501118 CEST	60595	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:45.292187929 CEST	60595	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:45.292203903 CEST	443	60595	40.127.169.103	192.168.2.4
May 24, 2024 17:38:45.292534113 CEST	443	60595	40.127.169.103	192.168.2.4
May 24, 2024 17:38:45.293407917 CEST	60595	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:45.334520102 CEST	443	60595	40.127.169.103	192.168.2.4
May 24, 2024 17:38:45.527951002 CEST	443	60595	40.127.169.103	192.168.2.4
May 24, 2024 17:38:45.528194904 CEST	60595	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:45.528234005 CEST	443	60595	40.127.169.103	192.168.2.4
May 24, 2024 17:38:45.528321028 CEST	60595	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:45.528428078 CEST	443	60595	40.127.169.103	192.168.2.4
May 24, 2024 17:38:45.528470993 CEST	443	60595	40.127.169.103	192.168.2.4
May 24, 2024 17:38:45.528634071 CEST	60595	443	192.168.2.4	40.127.169.103
May 24, 2024 17:38:46.640357971 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:46.640402079 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:46.640485048 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:46.640949965 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:46.640991926 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:47.531653881 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:47.531750917 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:47.798973083 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:47.799056053 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:47.799381018 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:47.800657988 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:47.842524052 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:48.059788942 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:48.059833050 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:48.059874058 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:48.059909105 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:48.059930086 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:48.059962034 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:48.059982061 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:48.069341898 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:48.069468975 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:48.069478035 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:48.069524050 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:48.069572926 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:48.070147991 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:48.070158005 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:48.070173025 CEST	60596	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:48.070177078 CEST	443	60596	20.114.59.183	192.168.2.4
May 24, 2024 17:38:48.310856104 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:48.310900927 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:48.310992956 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:48.311435938 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:48.311455965 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.159887075 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.159969091 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:49.161792040 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:49.161817074 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.162074089 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.164238930 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:49.210498095 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.625184059 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.625248909 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.625293016 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.625346899 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:49.625381947 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.625408888 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:49.625446081 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:49.647645950 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.647736073 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.647766113 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:49.647790909 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.647901058 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.647923946 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:49.647994041 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:49.648051023 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:49.648087025 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:49.648112059 CEST	60597	443	192.168.2.4	20.114.59.183
May 24, 2024 17:38:49.648127079 CEST	443	60597	20.114.59.183	192.168.2.4
May 24, 2024 17:38:51.631182909 CEST	49672	443	192.168.2.4	173.222.162.32
May 24, 2024 17:38:51.635706902 CEST	60598	443	192.168.2.4	173.222.162.32
May 24, 2024 17:38:51.635745049 CEST	443	60598	173.222.162.32	192.168.2.4
May 24, 2024 17:38:51.635822058 CEST	60598	443	192.168.2.4	173.222.162.32
May 24, 2024 17:38:51.636087894 CEST	60598	443	192.168.2.4	173.222.162.32
May 24, 2024 17:38:51.636101961 CEST	443	60598	173.222.162.32	192.168.2.4
May 24, 2024 17:38:51.929068089 CEST	49672	443	192.168.2.4	173.222.162.32
May 24, 2024 17:38:52.370975971 CEST	443	60598	173.222.162.32	192.168.2.4
May 24, 2024 17:38:52.371066093 CEST	60598	443	192.168.2.4	173.222.162.32
May 24, 2024 17:38:52.538216114 CEST	49672	443	192.168.2.4	173.222.162.32
May 24, 2024 17:38:53.741463900 CEST	49672	443	192.168.2.4	173.222.162.32
May 24, 2024 17:38:56.147979021 CEST	49672	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:01.048053980 CEST	49672	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:03.058754921 CEST	60602	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:03.059547901 CEST	60603	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:03.102843046 CEST	60604	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:03.109467030 CEST	80	60602	18.244.140.117	192.168.2.4
May 24, 2024 17:39:03.109507084 CEST	80	60603	18.244.140.117	192.168.2.4
May 24, 2024 17:39:03.109533072 CEST	60602	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:03.109576941 CEST	60603	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:03.109997988 CEST	60602	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:03.115416050 CEST	80	60604	18.244.140.117	192.168.2.4
May 24, 2024 17:39:03.115485907 CEST	60604	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:03.127159119 CEST	80	60602	18.244.140.117	192.168.2.4
May 24, 2024 17:39:03.764439106 CEST	80	60602	18.244.140.117	192.168.2.4
May 24, 2024 17:39:03.773354053 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:03.773401022 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:03.773499966 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:03.773766041 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:03.773777008 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:03.930113077 CEST	60602	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:04.767131090 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:04.767395020 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:04.767406940 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:04.768851042 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:04.768937111 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:04.769988060 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:04.770070076 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:04.770179987 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:04.814506054 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:04.923177004 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:04.923198938 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.025680065 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.204731941 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.250134945 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.250164032 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.250181913 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.250241041 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.250257015 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.250292063 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.250308990 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.250314951 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.279815912 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.279911995 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.279920101 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.295720100 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.295741081 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.295774937 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.295782089 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.295794964 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.295820951 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.295830011 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.295937061 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.303930044 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.303950071 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.303968906 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.303988934 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.304009914 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.304032087 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.304039001 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.304063082 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.309252977 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.309272051 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.309323072 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.309330940 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.309350014 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.344708920 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.344773054 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.344780922 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.376064062 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.376086950 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.376120090 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.376130104 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.376142979 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.376169920 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.387151003 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.387171030 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.387188911 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.387221098 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.387229919 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.387250900 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.387259960 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.387279034 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.387288094 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.387295961 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.387311935 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.387331963 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.399350882 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.399391890 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.399420023 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.399429083 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.399437904 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.399461985 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.399490118 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.405723095 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.405764103 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.405812979 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.405819893 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.405838966 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.405864000 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.405869961 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.430320978 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.430389881 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.430397987 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.463598013 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.463666916 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.463675976 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.463715076 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.463759899 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.474314928 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.474334955 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.474375010 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.474401951 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.474411011 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.474553108 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.474560022 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.475346088 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.481157064 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.481200933 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.481231928 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.481240988 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.481267929 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.481290102 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.487595081 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.487637997 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.487678051 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.487684965 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.487732887 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.487756014 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.490246058 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.490328074 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.490334988 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.491024017 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.491084099 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.491091013 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.495771885 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.495812893 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.495850086 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.495857954 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.495882988 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.518927097 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.518974066 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.519025087 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.519062042 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.519084930 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.519834995 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.519887924 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.519896030 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.520273924 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.520327091 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.520334005 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.522361994 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.534985065 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.535049915 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.535087109 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.535095930 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.535126925 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.556035042 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.556081057 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.556116104 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.556132078 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.556145906 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.563577890 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.563618898 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.563647032 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.563657045 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.563730001 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.565726042 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.565768957 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.565793037 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.565799952 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.565820932 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.565840006 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.569143057 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.569185019 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.569230080 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.569237947 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.569266081 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.572873116 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.572912931 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.572940111 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.572947979 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.572977066 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.576657057 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.576697111 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.576725960 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.576733112 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.576792002 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.578303099 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.578358889 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.578378916 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.578386068 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.578418016 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.579190969 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.579252958 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.579261065 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.609318018 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.609358072 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.609412909 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.609436035 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.609456062 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.609467983 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.609524965 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.609532118 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.642594099 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.642635107 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.642677069 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.642699957 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.642734051 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.644202948 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.644265890 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.644273043 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.644288063 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.644330025 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.644335985 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.644351006 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.660540104 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.660589933 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.660630941 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.660640001 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.660685062 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.664567947 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.664633036 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.664648056 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.664659023 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.664690971 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.667633057 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.667682886 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.667711020 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.667720079 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.667736053 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.670238018 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.670279026 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.670310020 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.670316935 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.670344114 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.671226978 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.671288967 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.671297073 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.673640966 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.673681974 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.673759937 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.673759937 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.673773050 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.674324989 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.674395084 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.674401999 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.674444914 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.723599911 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.723648071 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.723718882 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.723737001 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.723792076 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.723792076 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.747143984 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.747231007 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.747237921 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.747265100 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.747303009 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.747319937 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.749780893 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.749824047 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.749870062 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.749876976 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.749895096 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.749912024 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.777205944 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.777282000 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.778898001 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.778985977 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.778995991 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.779038906 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.781605959 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.781651020 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.781687975 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.781694889 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.781743050 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.784312010 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.784364939 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.784380913 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.784389973 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.784413099 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.784435034 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.785958052 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.786009073 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.786034107 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.786040068 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.786073923 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.786094904 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.788218975 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.788264036 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.788290977 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.788299084 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.788321972 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.788341045 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.812241077 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.812292099 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.812345028 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.812355995 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.812387943 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.812407970 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.817894936 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.839782000 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.839823961 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.839857101 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.839878082 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.839895010 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.842092037 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.842140913 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.842164040 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.842171907 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.842200041 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.867279053 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.867367029 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.867377043 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.869339943 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.869383097 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.869406939 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.869414091 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.869457006 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.869461060 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.869508982 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.869515896 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.871483088 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.871524096 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.871546030 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.871552944 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.871615887 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.873475075 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.873517036 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.873562098 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.873570919 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.873631954 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.875734091 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.875778913 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.875813007 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.875827074 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.875854015 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.877326965 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.877388954 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.877408028 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.877420902 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.877434015 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.877453089 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.877471924 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.877477884 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.877521038 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.906677008 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.906718016 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.906755924 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.906764984 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.906804085 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.906817913 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.929347992 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.929393053 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.929439068 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.929450035 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.929501057 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.929522991 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.956729889 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.956774950 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.956816912 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.956832886 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.956882000 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.956903934 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.960731030 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.960772991 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.960817099 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.960825920 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.960859060 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.960882902 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.962620020 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.962662935 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.962691069 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.962697983 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.962728024 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.963957071 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.964005947 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.964050055 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.964062929 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.964092016 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.967730045 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.967791080 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.967799902 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.967842102 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.968080044 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.968120098 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.968143940 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.968149900 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.968178034 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.968204021 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.969192982 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.969233990 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.969271898 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.969279051 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.969312906 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.969341040 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.996999025 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.997046947 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.997093916 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.997104883 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:05.997164965 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:05.997184038 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.019006968 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.019079924 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.019090891 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.019150972 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.019627094 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.019699097 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.019701958 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.019748926 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.019761086 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.049741983 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.049782991 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.049844980 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.049845934 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.049875975 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.049880981 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.049918890 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.051328897 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.051399946 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.051417112 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.051455021 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.051491976 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.052879095 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.052918911 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.052953005 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.052958965 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.052992105 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.054433107 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.054522991 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.054529905 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.054544926 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.054598093 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.054604053 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.057785988 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.057841063 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.057857990 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.057866096 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.057897091 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.085495949 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.085540056 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.085577965 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.085596085 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.085611105 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.085643053 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.098608971 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.098650932 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.098721027 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.099148989 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.099169016 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.108103037 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.108150959 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.108220100 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.108239889 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.108253956 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.108288050 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.109632015 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.109675884 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.109698057 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.109704018 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.109731913 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.109755039 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.116424084 CEST	60611	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.116442919 CEST	443	60611	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.116497040 CEST	60611	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.116694927 CEST	60611	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.116710901 CEST	443	60611	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.117202997 CEST	60612	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.117230892 CEST	443	60612	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.117295027 CEST	60612	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.117449045 CEST	60612	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.117460012 CEST	443	60612	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.118928909 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.118937969 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.119002104 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.119441032 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.119453907 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.119965076 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.119971991 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.120026112 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.120686054 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.120698929 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.126096964 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.126121998 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.126174927 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.126368046 CEST	60617	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.126374960 CEST	443	60617	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.126450062 CEST	60617	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.126625061 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.126637936 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.126827955 CEST	60617	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.126837969 CEST	443	60617	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.138803005 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.138845921 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.138889074 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.138899088 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.138927937 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.138940096 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.139192104 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.139882088 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.140906096 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.140947104 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.140999079 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.141005039 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.141016960 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.141024113 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.141072989 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.141077995 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.142308950 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.142359018 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.142378092 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.142384052 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.142411947 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.145242929 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.145299911 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.145306110 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.145401001 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.145461082 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.145740986 CEST	60607	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.145757914 CEST	443	60607	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.146040916 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.146054983 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.146126986 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.152811050 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.152822018 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.702976942 CEST	443	60617	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.703284025 CEST	60617	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.703299999 CEST	443	60617	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.704400063 CEST	443	60617	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.704469919 CEST	60617	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.705513954 CEST	60617	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.705584049 CEST	443	60617	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.705861092 CEST	60617	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.705868959 CEST	443	60617	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.709954023 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.710163116 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.710170984 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.711196899 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.711260080 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.712506056 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.712577105 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.712690115 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.754518986 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.763530016 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.763550997 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.763597965 CEST	60617	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.811886072 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.816801071 CEST	443	60617	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.816910982 CEST	443	60617	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.817090988 CEST	443	60617	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.817122936 CEST	60617	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.817164898 CEST	60617	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.823095083 CEST	60617	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:06.823117971 CEST	443	60617	45.60.14.94	192.168.2.4
May 24, 2024 17:39:06.823704004 CEST	443	60611	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.823976040 CEST	60611	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.823995113 CEST	443	60611	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.824378967 CEST	443	60611	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.824722052 CEST	60611	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.824803114 CEST	443	60611	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.825057030 CEST	60611	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.841279984 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.841447115 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.841506004 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.841519117 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.841701031 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.841707945 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.842586994 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.842660904 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.843004942 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.843058109 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.843118906 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.843153000 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.843316078 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.843389034 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.843545914 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.843554020 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.843607903 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.843614101 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.850009918 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.850306034 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.850321054 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.850838900 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.851401091 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.851505041 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.851516008 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.854052067 CEST	443	60612	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.854254007 CEST	60612	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.854259968 CEST	443	60612	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.855889082 CEST	443	60612	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.855953932 CEST	60612	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.856256008 CEST	60612	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.856348038 CEST	443	60612	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.856364965 CEST	60612	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.862730980 CEST	60619	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:06.862823963 CEST	443	60619	216.58.206.68	192.168.2.4
May 24, 2024 17:39:06.862915993 CEST	60619	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:06.863106966 CEST	60619	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:06.863142967 CEST	443	60619	216.58.206.68	192.168.2.4
May 24, 2024 17:39:06.866497993 CEST	443	60611	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.874020100 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.874273062 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.874286890 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.875713110 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.875777006 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.876074076 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.876151085 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.876188993 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.884525061 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.884555101 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.898493052 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.898509026 CEST	443	60612	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.900561094 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.901031017 CEST	60612	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.901046038 CEST	443	60612	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.916136980 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.916163921 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:06.946548939 CEST	60612	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:06.962332010 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.194514990 CEST	443	60611	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.194647074 CEST	443	60611	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.194825888 CEST	60611	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.206260920 CEST	60611	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.206273079 CEST	443	60611	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.206620932 CEST	60621	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.206655025 CEST	443	60621	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.207171917 CEST	60621	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.209021091 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.221091986 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.221103907 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.221117020 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.221263885 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.221282005 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.221343994 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.222172022 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.222227097 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.255747080 CEST	60621	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.255784035 CEST	443	60621	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.277950048 CEST	443	60612	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.282748938 CEST	443	60612	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.284482002 CEST	60612	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.297784090 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.297866106 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.303143024 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.303196907 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.303225040 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.303231001 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.303270102 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.313184023 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.313390970 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.313483953 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.313500881 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.313905001 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.315773010 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.315834045 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.315840960 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.315856934 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.315881968 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.315888882 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.315936089 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.318588018 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.318651915 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.318653107 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.318653107 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.318679094 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.318701029 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.318717003 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.318727970 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.318763971 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.319467068 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.319495916 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.319504023 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.319504976 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.319524050 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.319555044 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.319564104 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.319603920 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.319624901 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.320429087 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.320476055 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.320485115 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.328233004 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.328290939 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.328299046 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.328313112 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.328366041 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.328402042 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.328453064 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.328464031 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.328511000 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.328547001 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.328598022 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.328803062 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.328855991 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.328887939 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.329612970 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.330198050 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.330205917 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.335979939 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.341804028 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.341811895 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.341821909 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.341903925 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.341981888 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.342024088 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.342124939 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.354682922 CEST	60612	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.354701996 CEST	443	60612	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.355258942 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.355290890 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.355442047 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.356578112 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.356591940 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.358969927 CEST	60615	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.358977079 CEST	443	60615	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.359308958 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.359318018 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.359529018 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.359997034 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.360008001 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.366720915 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.381937027 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.388453007 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.388477087 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.388518095 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.388530016 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.388581038 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.388588905 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.388665915 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.390893936 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.390913963 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.390986919 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.396593094 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.396641016 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.396661997 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.396673918 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.396697044 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.396708012 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.396725893 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.398674011 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.398724079 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.398735046 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.398751974 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.398773909 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.398797035 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.398802996 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.398884058 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.399549007 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.399615049 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.402038097 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.402095079 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.402472973 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.402537107 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.402579069 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.402637005 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.404109001 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.404169083 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.404192924 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.404243946 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.404995918 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.405056000 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.405071974 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.406256914 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.406336069 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.406342983 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.406953096 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.407016039 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.407025099 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.407042027 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.407212973 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.407219887 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.407676935 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.407741070 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.407747030 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.407764912 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.407834053 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.407840014 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.408417940 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.408473969 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.408505917 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.408519983 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.408544064 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.409085989 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.409410000 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.409416914 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.413487911 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.413527012 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.413543940 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.413551092 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.413570881 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.413585901 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.413603067 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.413639069 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.414028883 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.414117098 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.414170027 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.414175987 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.414197922 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.414221048 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.414227962 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.414361954 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.415004969 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.415087938 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.415102959 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.415235043 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.415290117 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.415297031 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.416016102 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.416078091 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.416084051 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.416101933 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.416162014 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.416167974 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.416182041 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.416518927 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.416526079 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.416872025 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.416924953 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.416930914 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.416975975 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.417363882 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.417370081 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.434668064 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.434815884 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.434819937 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.434849024 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.434881926 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.434911013 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.438426018 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.438441038 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.438509941 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.438529015 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.438592911 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.446691990 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.446727037 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.446764946 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.446768045 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.446814060 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.446835995 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.447051048 CEST	60610	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.447081089 CEST	443	60610	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.447403908 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.447443008 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.447504044 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.448014021 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.448031902 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.459845066 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.459949970 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.479644060 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.479744911 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.479754925 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.479794979 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.479796886 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.480031967 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.480160952 CEST	60613	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.480171919 CEST	443	60613	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.480645895 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.480690956 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.480765104 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.480993986 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.481050014 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.481054068 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.481072903 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.481221914 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.481519938 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.481537104 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.484462023 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.484532118 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.484548092 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.484601974 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.484631062 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.484683990 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.484719038 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.484806061 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.484863997 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.484870911 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.484890938 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.484973907 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.484982014 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.485001087 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.485081911 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.485102892 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.485110998 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.485168934 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.485184908 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.485193968 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.485235929 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.485275984 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.485326052 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.485768080 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.485831022 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.485858917 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.485908985 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.485941887 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.486010075 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.486021996 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.486083031 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.492759943 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.492824078 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.492835045 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.493818998 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.493901014 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.493911028 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.493922949 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.493969917 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.495569944 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.495637894 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.495691061 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.495743036 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.495992899 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.496045113 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.496536970 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.496592999 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.496623039 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.496701956 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.496727943 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.496737957 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.497261047 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.497329950 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.497335911 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.497380972 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.499577999 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.499634027 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.499677896 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.499731064 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.499749899 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.499826908 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.499910116 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.499953985 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.499960899 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.499985933 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.500003099 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.500011921 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.500062943 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.500111103 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.500117064 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.500133991 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.500164032 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.500169992 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.500209093 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.500219107 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.500245094 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.500298023 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.500324011 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.500371933 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.500468969 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.500521898 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.500545025 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.500606060 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.500621080 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.500690937 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.501264095 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.501323938 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.501343966 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.501414061 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.501465082 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.501471043 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.502010107 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.502069950 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.502075911 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.502095938 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.502173901 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.502223969 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.502230883 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.502271891 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.502820969 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.511172056 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.511184931 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.511210918 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.511221886 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.511229992 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.511271954 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.511298895 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.511326075 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.511357069 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.511357069 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.549776077 CEST	443	60619	216.58.206.68	192.168.2.4
May 24, 2024 17:39:07.550225973 CEST	60619	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:07.550291061 CEST	443	60619	216.58.206.68	192.168.2.4
May 24, 2024 17:39:07.551419020 CEST	443	60619	216.58.206.68	192.168.2.4
May 24, 2024 17:39:07.551491022 CEST	60619	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:07.552481890 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.552942038 CEST	60619	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:07.553025007 CEST	443	60619	216.58.206.68	192.168.2.4
May 24, 2024 17:39:07.570142984 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.570221901 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.570255995 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.570313931 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.570391893 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.570446014 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.570475101 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.570557117 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.571110010 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.571196079 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.571255922 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.571274042 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.571608067 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.571662903 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.571671009 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.571711063 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.571717024 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.571758032 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.572048903 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.572055101 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.572078943 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.572166920 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.572174072 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.572400093 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.572458982 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.572464943 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.572482109 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.572530031 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.572535992 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.572563887 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.572621107 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.572628021 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.573318958 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.573374033 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.573379040 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.573400974 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.573451996 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.573457956 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.574605942 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.574662924 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.574676037 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.574698925 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.574755907 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.574762106 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.574784994 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.574837923 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.574843884 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.574868917 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.574925900 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.574932098 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.575031996 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.575093985 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.575099945 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.575118065 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.575201988 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.575252056 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.575258970 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.575282097 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.575304985 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.575311899 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.575886965 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.575942039 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.575948954 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.575975895 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.576025009 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.576031923 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.576061964 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.576086044 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.576092005 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.576145887 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.576153994 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.576180935 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.576469898 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.576704025 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.576759100 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.576791048 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.576859951 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.576874018 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.576925039 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.576946020 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.581398964 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.581479073 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.581482887 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.581500053 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.581552029 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.581599951 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.581654072 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.581687927 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.581737995 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.581770897 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.581829071 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.582268953 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.582331896 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.582474947 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.582578897 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.582614899 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.582622051 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.582665920 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.582928896 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.582998037 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.583022118 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.583106041 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.583136082 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.583142996 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.583266020 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.583363056 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.583451033 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.583514929 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.583520889 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.583534002 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.583580971 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.583586931 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.583928108 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.584003925 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.584009886 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.584031105 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.584146976 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.584256887 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.584309101 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.584337950 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.584486961 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.584614992 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.584672928 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.584705114 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.584754944 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.584785938 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.584846020 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.585290909 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.585355997 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.585475922 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.585529089 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.585555077 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.585656881 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.585711956 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.585717916 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.585741997 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.585793972 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.585799932 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.585820913 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.585916996 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.585922956 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.586164951 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.586258888 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.586265087 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.586363077 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.586544991 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.586550951 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.586590052 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.586668968 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.586724997 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.586731911 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.586774111 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.587032080 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.587090015 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.587311029 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.587368011 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.587398052 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.587455988 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.587482929 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.587537050 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.587570906 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.587656975 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.587713003 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.587718964 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.587735891 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.587821007 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.587826967 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.588195086 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.588254929 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.588262081 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.588387012 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.588442087 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.588448048 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.588469028 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.588553905 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.588560104 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.588913918 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.588973999 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.588979959 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.588995934 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.589046955 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.589054108 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.589528084 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.589590073 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.589596033 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.589615107 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.589698076 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.589699984 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.589719057 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.589801073 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.589848995 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.589855909 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.589898109 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.589903116 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.590357065 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.590420961 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.590428114 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.590773106 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.590835094 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.590841055 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.590864897 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.590945005 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.591012955 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.591020107 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.591063976 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.591604948 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.591676950 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.591689110 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.591782093 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.592041969 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.592103004 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.592124939 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.592206001 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.592842102 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.592902899 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.592952967 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.593004942 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.593375921 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.593386889 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.593410969 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.593424082 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.593453884 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.593463898 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.593497992 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.593511105 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.596770048 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.596780062 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.596807003 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.596846104 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.596856117 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.596890926 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.596904993 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.600627899 CEST	60619	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:07.600667953 CEST	443	60619	216.58.206.68	192.168.2.4
May 24, 2024 17:39:07.646775007 CEST	60619	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:07.658272028 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.658343077 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.658374071 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.658463001 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.658561945 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.658566952 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.658588886 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.658945084 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.662903070 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.663070917 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.663125038 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.665469885 CEST	60616	443	192.168.2.4	45.60.14.94
May 24, 2024 17:39:07.665482998 CEST	443	60616	45.60.14.94	192.168.2.4
May 24, 2024 17:39:07.678102970 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.678128004 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.678185940 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.678198099 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.678229094 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.678242922 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.679238081 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.679260969 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.679338932 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.679347038 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.679385900 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.681030035 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.681046963 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.681112051 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.681118965 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.681159019 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.683887005 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.683902979 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.684004068 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.684010029 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.684111118 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.764338970 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.764400959 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.765305042 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.765316963 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.765659094 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.765672922 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.765698910 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.765837908 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.765873909 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.765923023 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.767606974 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.767621994 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.767704010 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.767712116 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.767754078 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.769593000 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.769608974 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.769663095 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.769670010 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.769710064 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.771462917 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.771476984 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.771517992 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.771524906 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.771565914 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.772926092 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.772957087 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.772986889 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.772990942 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.772999048 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.773049116 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.776812077 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.776845932 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.776894093 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.776899099 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.776933908 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.776949883 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.777321100 CEST	60618	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.777340889 CEST	443	60618	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.777829885 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.777880907 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.777946949 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.778476000 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.778491020 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.988102913 CEST	443	60621	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.988415003 CEST	60621	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.988434076 CEST	443	60621	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.988850117 CEST	443	60621	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.989240885 CEST	60621	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:07.989301920 CEST	443	60621	18.244.140.117	192.168.2.4
May 24, 2024 17:39:07.989409924 CEST	60621	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.034512997 CEST	443	60621	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.071964979 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.072335958 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.072354078 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.073358059 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.073422909 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.073820114 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.073882103 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.073976994 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.114522934 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.116137981 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.116589069 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.116599083 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.117727995 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.118046999 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.118191957 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.118218899 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.128319979 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.128330946 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.159718037 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.175175905 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.199408054 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.199819088 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.199860096 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.201070070 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.201142073 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.201483011 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.201590061 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.201622009 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.204066992 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.204277992 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.204287052 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.207874060 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.207967043 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.210623980 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.210824013 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.210920095 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.210927010 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.242471933 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.242516041 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.242544889 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.258538961 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.286770105 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.424472094 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.436959028 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.436970949 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.437014103 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.437021017 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.437040091 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.437055111 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.437077045 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.437093019 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.437093019 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.437099934 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.437113047 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.445544004 CEST	443	60621	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.456557035 CEST	443	60621	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.456621885 CEST	443	60621	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.456629992 CEST	60621	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.456659079 CEST	443	60621	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.456676006 CEST	60621	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.456948996 CEST	60621	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.457094908 CEST	443	60621	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.457154989 CEST	60621	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.457552910 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.457602978 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.457676888 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.458201885 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.458233118 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.491517067 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.503815889 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.504096031 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.504113913 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.507699966 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.507775068 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.508670092 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.508814096 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.508819103 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.508856058 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.517287016 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.517298937 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.517362118 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.517368078 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.517416000 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.517427921 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.517430067 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.517452002 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.517481089 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.517775059 CEST	60623	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.517791033 CEST	443	60623	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.518167019 CEST	60629	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.518233061 CEST	443	60629	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.518342018 CEST	60629	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.519030094 CEST	60629	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.519059896 CEST	443	60629	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.555103064 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.555140018 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.586831093 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.586893082 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.586947918 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.586967945 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.594309092 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.600825071 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.604589939 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.604615927 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.604657888 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.604696989 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.604696989 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.604717016 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.604763031 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.609637976 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.609680891 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.609709978 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.609724045 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.609754086 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.609772921 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.650695086 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.671808004 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.674734116 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.674758911 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.674860001 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.674892902 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.674935102 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.675017118 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.675693989 CEST	60624	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.675730944 CEST	443	60624	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.676256895 CEST	60630	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.676310062 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.676403046 CEST	60630	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.676944971 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.677014112 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.677035093 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.677054882 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.677069902 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.677081108 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.677097082 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.677102089 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.677144051 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.677150011 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.677309990 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.677759886 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.678942919 CEST	60630	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.678978920 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.694056988 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.694129944 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.694169044 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.694180012 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.694192886 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.694214106 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.696680069 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.696734905 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.696743011 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.696863890 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.696922064 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.697067022 CEST	60622	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.697077990 CEST	443	60622	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.697479963 CEST	60632	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.697577000 CEST	443	60632	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.697673082 CEST	60632	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.698223114 CEST	60632	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.698259115 CEST	443	60632	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.725598097 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.733392954 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.758698940 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.758728981 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.758768082 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.758786917 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.758964062 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:08.765773058 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.769066095 CEST	60625	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:08.769093037 CEST	443	60625	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.028316021 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.028338909 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.028347015 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.028374910 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.028388023 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.028402090 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.028419971 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.028431892 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.028435946 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.028650999 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.082127094 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.109997988 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.110038996 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.110054970 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.110079050 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.110090017 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.110133886 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.142784119 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.142792940 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.142836094 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.142859936 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.142877102 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.142887115 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.142926931 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.151940107 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.152014971 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.175353050 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.175415993 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.188043118 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.188081026 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.188107967 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.188117027 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.188158989 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.204770088 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.205044031 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.205069065 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.205418110 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.205719948 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.205771923 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.205861092 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.206650019 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.206670046 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.206728935 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.206739902 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.216254950 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.216285944 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.216314077 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.216320992 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.216389894 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.218581915 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.218636036 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.220282078 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.220334053 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.225137949 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.225202084 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.246524096 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.266201973 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.266225100 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.266313076 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.266344070 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.266556978 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.274228096 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.274244070 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.274265051 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.274322033 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.274331093 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.274347067 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.282807112 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.282825947 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.282888889 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.282897949 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.282928944 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.288954020 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.288970947 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.289119005 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.289125919 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.289197922 CEST	443	60629	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.289628983 CEST	60629	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.289669037 CEST	443	60629	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.291102886 CEST	443	60629	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.291645050 CEST	60629	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.291738033 CEST	443	60629	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.291815042 CEST	60629	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.293891907 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.293912888 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.293967009 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.293972969 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.294023991 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.298223019 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.298238039 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.298290968 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.298296928 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.300288916 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.300339937 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.300349951 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.300384998 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.300625086 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.300667048 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.307805061 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.307852983 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.307857037 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.307877064 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.307925940 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.308121920 CEST	60627	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.308137894 CEST	443	60627	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.338519096 CEST	443	60629	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.432193995 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.434335947 CEST	443	60632	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.466527939 CEST	60632	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.466552019 CEST	443	60632	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.466734886 CEST	60630	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.466778994 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.467941046 CEST	443	60632	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.468071938 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.473021984 CEST	60632	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.473258018 CEST	443	60632	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.473635912 CEST	60630	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.473751068 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.473803043 CEST	60632	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.473871946 CEST	60630	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.514519930 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.518490076 CEST	443	60632	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.657017946 CEST	443	60629	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.657346964 CEST	443	60629	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.657429934 CEST	60629	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.689481974 CEST	60629	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.689522028 CEST	443	60629	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.690350056 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.690383911 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.690409899 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.690443993 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.690462112 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.690506935 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.690506935 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.690620899 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.741595984 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.766704082 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.766737938 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.766801119 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.766818047 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.766835928 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.766849995 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.787561893 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.787611008 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.787637949 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.787662983 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.787686110 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.787717104 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.794712067 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.794801950 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.845980883 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.846004963 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.846062899 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.846071959 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.846126080 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.850220919 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.850286961 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.857619047 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.857671976 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.866801977 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.866873026 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.866884947 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.866924047 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.866945982 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.884568930 CEST	443	60632	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.884634018 CEST	443	60632	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.884701014 CEST	60632	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.884716034 CEST	443	60632	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.884778023 CEST	60632	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.884821892 CEST	443	60632	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.884869099 CEST	60632	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.886004925 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.886040926 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.886065006 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.886075974 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.886101961 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.886113882 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.886889935 CEST	60632	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.886900902 CEST	443	60632	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.889369011 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.889435053 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.894081116 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.894176006 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.895404100 CEST	60633	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.895421028 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.895617962 CEST	60633	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.895864964 CEST	60633	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.895875931 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.922959089 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.923042059 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.925096035 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.933506966 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.933563948 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.933598995 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.933610916 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.933641911 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.941828012 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.941858053 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.941894054 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.941901922 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.941945076 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.941956043 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.941960096 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.942014933 CEST	60630	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.942024946 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.942035913 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.942066908 CEST	60630	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.942074060 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.942091942 CEST	60630	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.942148924 CEST	60630	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.942162991 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.942213058 CEST	60630	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.942584038 CEST	60630	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.942599058 CEST	443	60630	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.947076082 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.947103024 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.947139978 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.947149038 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.947185993 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.947210073 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.951932907 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.951972961 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.951997995 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.952007055 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.952053070 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.955244064 CEST	60637	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.955266953 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.955394983 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.955437899 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.955478907 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.955487013 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.955487013 CEST	60637	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.955518961 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.955538034 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.955801010 CEST	60637	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.955816984 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.957117081 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.957180977 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.961668015 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.961711884 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.961743116 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.961756945 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.961791992 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.964790106 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.964842081 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.964864016 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.964880943 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.964915037 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.964940071 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.968244076 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.968286037 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.968313932 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.968326092 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:09.968354940 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.968375921 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:09.969530106 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:09.969544888 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:09.969681025 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:09.969897985 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:09.969912052 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.010128021 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.010190010 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.010207891 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.010226011 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.010262966 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.010319948 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.013201952 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.013254881 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.013276100 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.013295889 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.013324022 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.013398886 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.016213894 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.016295910 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.016341925 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.016357899 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.016388893 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.016412020 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.017199039 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.017270088 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.018805981 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.018877029 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.020453930 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.020524979 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.021204948 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.021279097 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.022783041 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.022862911 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.024379015 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.024450064 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.026350975 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.026391983 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.026431084 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.026443005 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.026472092 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.029016018 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.029736042 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.029779911 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.029819965 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.029830933 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.029880047 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.029880047 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.031956911 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.032007933 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.032030106 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.032048941 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.032068968 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.032984972 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.033009052 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.033025980 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.033051014 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.033078909 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.033107996 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.033168077 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.042073011 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.098273039 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.098375082 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.098397970 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.098447084 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.098520994 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.098520994 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.098977089 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.099057913 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.100126982 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.100198030 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.102062941 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.102106094 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.102135897 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.102149010 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.102178097 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.102221012 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.104038000 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.104093075 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.104116917 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.104132891 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.104183912 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.104183912 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.106657982 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.106717110 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.106746912 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.106761932 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.106794119 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.106818914 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.108643055 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.108696938 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.108707905 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.108724117 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.108755112 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.108774900 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.113823891 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.113878965 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.113910913 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.113925934 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.113954067 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.114715099 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.120609999 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.120663881 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.120695114 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.120708942 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.120740891 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.120927095 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.121778011 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.121829033 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.121855974 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.121870041 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.121896029 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.121913910 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.123641014 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.123703003 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.123716116 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.123852968 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.123915911 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.123979092 CEST	60628	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.124006033 CEST	443	60628	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.241715908 CEST	60639	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.241735935 CEST	443	60639	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.241812944 CEST	60639	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.242172956 CEST	60639	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.242194891 CEST	443	60639	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.250456095 CEST	60640	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.250484943 CEST	443	60640	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.250766039 CEST	60640	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.251189947 CEST	60640	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.251202106 CEST	443	60640	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.338098049 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.338135958 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.338212967 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.338751078 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.338759899 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.338866949 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.339427948 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.339454889 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.339582920 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.339600086 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.506171942 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.507698059 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.507713079 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.509262085 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.509351969 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.510615110 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.510726929 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.510827065 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.510834932 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.555623055 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.654294968 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.654774904 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.654891968 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.655606031 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.655622959 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.660661936 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.660773039 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.660840034 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.660851002 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.660893917 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.662647963 CEST	49672	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:10.663388014 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.666136980 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.666207075 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.666208029 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.666227102 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.666414022 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.666423082 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.666435957 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.666495085 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.668643951 CEST	60633	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.668667078 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.669805050 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.669869900 CEST	60633	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.671191931 CEST	60633	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.671261072 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.671900034 CEST	60633	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.671907902 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.672980070 CEST	60638	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.673003912 CEST	443	60638	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.682142973 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.683060884 CEST	60637	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.683084965 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.684516907 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.684747934 CEST	60637	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.716479063 CEST	60637	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.716667891 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.717221022 CEST	60637	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.717245102 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.720736027 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.720772028 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.720947027 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.721447945 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.721467972 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.721739054 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.722246885 CEST	60645	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.722265005 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.722322941 CEST	60645	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.722764969 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.722779036 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.722970963 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.722985983 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.723082066 CEST	60645	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:10.723094940 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:10.725436926 CEST	60633	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.762129068 CEST	60637	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.924850941 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.930900097 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.930912018 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.930934906 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.930943966 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.930968046 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.931001902 CEST	60633	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.931030035 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.931041002 CEST	60633	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.931056023 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.931102037 CEST	60633	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.931464911 CEST	60633	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.931476116 CEST	443	60633	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.933373928 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.940843105 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.940859079 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.940901041 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.940923929 CEST	60637	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.940942049 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.940985918 CEST	60637	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.940985918 CEST	60637	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.941489935 CEST	60637	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.941502094 CEST	443	60637	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.975744963 CEST	443	60640	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.976094961 CEST	60640	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.976109982 CEST	443	60640	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.976465940 CEST	443	60640	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.980556965 CEST	60640	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.980648041 CEST	443	60640	18.244.140.117	192.168.2.4
May 24, 2024 17:39:10.981287956 CEST	60640	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:10.991661072 CEST	443	60639	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.022501945 CEST	443	60640	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.031028032 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.033061028 CEST	60639	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.037000895 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.037014008 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.037173986 CEST	60639	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.037178993 CEST	443	60639	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.037866116 CEST	443	60639	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.038418055 CEST	60639	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.038526058 CEST	443	60639	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.038538933 CEST	60639	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.038575888 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.038631916 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.039972067 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.040062904 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.040368080 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.040375948 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.074023962 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.074305058 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.074327946 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.075426102 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.075501919 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.075912952 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.075980902 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.076363087 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.076375008 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.082505941 CEST	443	60639	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.091662884 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.091665983 CEST	60639	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.117012024 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.201560974 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.201895952 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.201961040 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.202913046 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.203234911 CEST	60645	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.203244925 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.203753948 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.203835011 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.204097033 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.204190016 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.204287052 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.204307079 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.204387903 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.204441071 CEST	60645	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.204672098 CEST	60645	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.204740047 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.205193996 CEST	60645	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.205200911 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.211636066 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.211951971 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.211961985 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.213042021 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.213135004 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.213644028 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.213721991 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.213962078 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.213969946 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.256980896 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.257148027 CEST	60645	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.257245064 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.315438032 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.315607071 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.315905094 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.315903902 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.315937042 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.316003084 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.316260099 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.317054987 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.317747116 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.317817926 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.317848921 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.318701982 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.318773985 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.318788052 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.318844080 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.318856955 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.319838047 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.319911003 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.319925070 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.320636988 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.320705891 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.320719004 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.321840048 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.322273970 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.322314024 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.322377920 CEST	60645	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.322387934 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.322434902 CEST	60645	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.324596882 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.324767113 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.325100899 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.325176954 CEST	60645	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.325644970 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.325803995 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.325998068 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.326006889 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.326067924 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.326261997 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.329066992 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.329159975 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.329242945 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.329250097 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.329336882 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.329385996 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.329392910 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.332014084 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.332087994 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.332096100 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.332154036 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.333024025 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.367677927 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.381345987 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.381354094 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.401535034 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.401726961 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.402065992 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.402081013 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.402228117 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.402410030 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.402422905 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.403259039 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.403345108 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.403357983 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.403666019 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.403739929 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.403753996 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.404366970 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.404726028 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.404795885 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.404809952 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.405015945 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.405139923 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.405874968 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.405946016 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.405960083 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.406598091 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.406663895 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.406685114 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.407744884 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.407804966 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.407823086 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.408027887 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.408111095 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.408111095 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.408140898 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.408210993 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.408634901 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.409179926 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.409235954 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.409250021 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.414535046 CEST	60645	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.414547920 CEST	443	60645	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.428726912 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.431905985 CEST	443	60640	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.431936026 CEST	443	60640	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.431993961 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.432012081 CEST	443	60640	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.432063103 CEST	60640	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.432102919 CEST	60640	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.432598114 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.432652950 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.432660103 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.432770967 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.432818890 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.432835102 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.433979034 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.434056044 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.434062004 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.434540987 CEST	60640	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.434567928 CEST	443	60640	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.434626102 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.434753895 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.434762001 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.435044050 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.435642958 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.435718060 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.435725927 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.435874939 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.436184883 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.436342001 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.436444998 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.436453104 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.436738014 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.436817884 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.436834097 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.437597036 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.437771082 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.437933922 CEST	443	60644	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.437983036 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.437983036 CEST	60644	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.442523003 CEST	443	60639	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.442552090 CEST	443	60639	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.442559958 CEST	443	60639	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.442626953 CEST	443	60639	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.442641020 CEST	60639	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.443150043 CEST	60639	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.443649054 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.443716049 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.443717003 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.443733931 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.443783045 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.444001913 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.444051981 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.444108963 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.444502115 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.444518089 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.448822021 CEST	60639	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.448831081 CEST	443	60639	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.456958055 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.456981897 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.456990957 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.457043886 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.457093954 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.457093954 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.457106113 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.457114935 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.457151890 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.457370996 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.468003035 CEST	60652	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.468097925 CEST	443	60652	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.468183041 CEST	60652	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.468770027 CEST	60652	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.468811035 CEST	443	60652	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.476629019 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.476660967 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.476670027 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.476715088 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.476752043 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.476764917 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.476773977 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.476808071 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.476823092 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.476823092 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.476841927 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.476952076 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.487515926 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.488882065 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.488971949 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.488998890 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.489021063 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.489123106 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.489151001 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.490048885 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.490103960 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.490144968 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.490161896 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.490212917 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.490804911 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.491589069 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.491672993 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.491674900 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.491698980 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.491763115 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.492027998 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.492496967 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.492553949 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.492567062 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.493046999 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.493288994 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.493302107 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.493808985 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.493866920 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.493880033 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.494360924 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.494420052 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.494431973 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.499064922 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.499130964 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.499145031 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.499409914 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.499483109 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.499711990 CEST	60643	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.499739885 CEST	443	60643	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.555958986 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.555983067 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.556093931 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.556093931 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.556109905 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.556859970 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.556979895 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.556988955 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.558506012 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.559945107 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.560024977 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.560110092 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.560110092 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.560125113 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.564388990 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.564436913 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.564490080 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.564498901 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.564538002 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.564538002 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.564853907 CEST	60655	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.564897060 CEST	443	60655	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.564949036 CEST	60655	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.565463066 CEST	60655	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.565478086 CEST	443	60655	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.566082001 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.566101074 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.566186905 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.566186905 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.566199064 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.569624901 CEST	443	60598	173.222.162.32	192.168.2.4
May 24, 2024 17:39:11.569809914 CEST	60598	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:11.570914030 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.570931911 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.570981979 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.570991993 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.572567940 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.572943926 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.572977066 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.573035955 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.573318958 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:11.573332071 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:11.623964071 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.646344900 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.646353006 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.646377087 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.646411896 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.646421909 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.646492958 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.646509886 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.646532059 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.646532059 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.646532059 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.646542072 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.646559954 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.646867990 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.648113966 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.648981094 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.652523994 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.652565956 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.652615070 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.652622938 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.652668953 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.652668953 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.653214931 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.653223991 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.653276920 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.653290033 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.653309107 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.653362036 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.653362036 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.653372049 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.654967070 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.655062914 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.655071020 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.657731056 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.657784939 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.657850981 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.657850981 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.657859087 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.659743071 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.659799099 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.659847021 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.659856081 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.660052061 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.662555933 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.662571907 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.662647009 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.662647009 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.662657976 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.717518091 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.717518091 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.731086016 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.731096029 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.731136084 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.731142998 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.731187105 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.731220007 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.731220007 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.731240034 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.731291056 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.733649015 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.733704090 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.733720064 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.733737946 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.733766079 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.733788013 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.733812094 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.733818054 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.733818054 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.734559059 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.735152960 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.735167980 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.736219883 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.736270905 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.736325979 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.736325979 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.736336946 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.737293959 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.737624884 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.737677097 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.737714052 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.737750053 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.737750053 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.737760067 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.738714933 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.738773108 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.738784075 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.738797903 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.739111900 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.739120007 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.739605904 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.739626884 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.739691973 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.739701033 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.739739895 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.741987944 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.742002010 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.742072105 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.742084026 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.742125988 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.743702888 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.743757010 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.743803024 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.743813992 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.744256020 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.745601892 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.745661974 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.745718002 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.745718002 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.745728970 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.746354103 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.746368885 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.746505022 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.746516943 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.747124910 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.747354984 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.747411013 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.747431040 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.747522116 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.747714996 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.748086929 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.748104095 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.750504971 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.750514030 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.750551939 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.750602007 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.750623941 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.750623941 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.750631094 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.750691891 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.750691891 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.755122900 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.755166054 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.755328894 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.755399942 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.766501904 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.766516924 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:11.767230988 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:11.968620062 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.024699926 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.102292061 CEST	443	60655	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.115010977 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.117769003 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.118432045 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.118459940 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.119015932 CEST	60655	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.119033098 CEST	443	60655	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.119580984 CEST	443	60655	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.119911909 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.120255947 CEST	60655	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.120338917 CEST	443	60655	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.120521069 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.120867014 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.121072054 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.121294022 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.121306896 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.121442080 CEST	60655	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.121638060 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.121850967 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.126508951 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.126647949 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.128959894 CEST	60641	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.128988981 CEST	443	60641	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.129019976 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.129509926 CEST	60642	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.129524946 CEST	443	60642	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.162520885 CEST	443	60655	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.162537098 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.170506001 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.193648100 CEST	443	60652	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.204559088 CEST	60652	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.204583883 CEST	443	60652	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.204982042 CEST	443	60652	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.205796957 CEST	60652	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.205889940 CEST	443	60652	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.206181049 CEST	60652	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.235126019 CEST	443	60655	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.235241890 CEST	443	60655	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.235424042 CEST	60655	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.243351936 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.244678974 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.244950056 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.244970083 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.246115923 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.246215105 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.246221066 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.246535063 CEST	443	60652	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.248955965 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.249012947 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.249018908 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.255605936 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.255656004 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.255695105 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.255729914 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.255768061 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.255769014 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.255783081 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.255836010 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.258033037 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.258214951 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.258353949 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.262885094 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.263009071 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.263107061 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.263140917 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.264520884 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.264602900 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.264611959 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.266397953 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.266448021 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.266454935 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.268198013 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.268249035 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.268255949 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.270016909 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.270087004 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.270093918 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.271789074 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.271814108 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.271856070 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.271862030 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.271903038 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.271908998 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.271919012 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.271961927 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.420373917 CEST	60655	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.420445919 CEST	443	60655	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.426503897 CEST	60656	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.426526070 CEST	443	60656	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.431169987 CEST	60649	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.431190968 CEST	443	60649	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.432917118 CEST	60657	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.432954073 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.433008909 CEST	60657	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.433603048 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.433614969 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.433705091 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.436280966 CEST	60657	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.436300039 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.436841011 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.436856031 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.440102100 CEST	60659	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:12.440150023 CEST	443	60659	13.107.253.67	192.168.2.4
May 24, 2024 17:39:12.440309048 CEST	60659	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:12.440834045 CEST	60659	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:12.440854073 CEST	443	60659	13.107.253.67	192.168.2.4
May 24, 2024 17:39:12.466676950 CEST	443	60652	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.474278927 CEST	443	60652	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.474344969 CEST	60652	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.474354029 CEST	443	60652	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.474416018 CEST	60652	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.485760927 CEST	60652	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.485774040 CEST	443	60652	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.582436085 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.582454920 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.582535982 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.582775116 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.582782984 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.586349010 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.586359024 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.586438894 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.586738110 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:12.586755037 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:12.589222908 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.589266062 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.589376926 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.589376926 CEST	60663	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.589409113 CEST	443	60663	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.589551926 CEST	60663	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.589551926 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.589576960 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:12.589682102 CEST	60663	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:12.589694023 CEST	443	60663	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.143718958 CEST	443	60663	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.144020081 CEST	60663	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.144035101 CEST	443	60663	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.145107031 CEST	443	60663	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.145165920 CEST	60663	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.145575047 CEST	60663	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.145637989 CEST	443	60663	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.146061897 CEST	60663	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.146073103 CEST	443	60663	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.147986889 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.152561903 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.152884007 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.152892113 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.153976917 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.154042959 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.154339075 CEST	60657	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.154361963 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.154763937 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.157319069 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.163475990 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.163554907 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.166310072 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.166326046 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.167224884 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.167233944 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.167614937 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.167988062 CEST	60657	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.168091059 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.168287039 CEST	60657	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.168891907 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.168975115 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.169069052 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.190243006 CEST	443	60659	13.107.253.67	192.168.2.4
May 24, 2024 17:39:13.190372944 CEST	60663	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.198210955 CEST	60659	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:13.198271036 CEST	443	60659	13.107.253.67	192.168.2.4
May 24, 2024 17:39:13.199800968 CEST	443	60659	13.107.253.67	192.168.2.4
May 24, 2024 17:39:13.199875116 CEST	60659	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:13.202594042 CEST	60659	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:13.202722073 CEST	443	60659	13.107.253.67	192.168.2.4
May 24, 2024 17:39:13.202929020 CEST	60659	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:13.202950001 CEST	443	60659	13.107.253.67	192.168.2.4
May 24, 2024 17:39:13.210376024 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.210385084 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.210508108 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.211850882 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.257781982 CEST	60659	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:13.279824018 CEST	443	60663	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.281239986 CEST	443	60663	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.281450987 CEST	60663	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.282311916 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.284286022 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.284302950 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.284337044 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.284343958 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.284622908 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.288242102 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.290271044 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.290381908 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.290388107 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.295267105 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.295454979 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.295461893 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.300353050 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.300384998 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.300434113 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.300441027 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.300549984 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.304300070 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.304474115 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.304536104 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.306931973 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.307337999 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.307354927 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.307837009 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.308240891 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.308307886 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.308473110 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.311410904 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.311743021 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.311754942 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.312093973 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.312397957 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.312462091 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.312592030 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.316344976 CEST	60667	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:13.316382885 CEST	443	60667	74.125.206.156	192.168.2.4
May 24, 2024 17:39:13.316457033 CEST	60667	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:13.316689968 CEST	60667	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:13.316709042 CEST	443	60667	74.125.206.156	192.168.2.4
May 24, 2024 17:39:13.335218906 CEST	60668	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:13.335258007 CEST	443	60668	172.217.23.110	192.168.2.4
May 24, 2024 17:39:13.335366011 CEST	60668	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:13.335778952 CEST	60668	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:13.335793018 CEST	443	60668	172.217.23.110	192.168.2.4
May 24, 2024 17:39:13.338862896 CEST	60663	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.338876963 CEST	443	60663	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.339848995 CEST	60662	443	192.168.2.4	34.96.102.137
May 24, 2024 17:39:13.339859962 CEST	443	60662	34.96.102.137	192.168.2.4
May 24, 2024 17:39:13.350524902 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.354002953 CEST	60669	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:13.354036093 CEST	443	60669	142.250.186.66	192.168.2.4
May 24, 2024 17:39:13.354099989 CEST	60669	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:13.354336977 CEST	60669	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:13.354350090 CEST	443	60669	142.250.186.66	192.168.2.4
May 24, 2024 17:39:13.358495951 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.367954016 CEST	443	60659	13.107.253.67	192.168.2.4
May 24, 2024 17:39:13.368052959 CEST	443	60659	13.107.253.67	192.168.2.4
May 24, 2024 17:39:13.368119955 CEST	60659	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:13.371648073 CEST	60659	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:13.371690035 CEST	443	60659	13.107.253.67	192.168.2.4
May 24, 2024 17:39:13.378324986 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:13.378371954 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:13.378432035 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:13.378612041 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:13.378628969 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:13.567969084 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.568001032 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.568010092 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.568056107 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.568077087 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.568089962 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.568108082 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.568124056 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.568124056 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.568139076 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.573333025 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.603041887 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.603068113 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.603142977 CEST	60657	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.603157043 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.603188992 CEST	60657	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.603209972 CEST	60657	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.607307911 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.646697998 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.649883032 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.649903059 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.649943113 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.649985075 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.649997950 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.650024891 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.650048018 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.660979033 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.661031008 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.661072969 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.661082029 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.661143064 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.665532112 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.665544987 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.665589094 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.665611029 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.665633917 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.665656090 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.665684938 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.665707111 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.665726900 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.678901911 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.678977966 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.678986073 CEST	60657	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.679116964 CEST	60657	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.679543972 CEST	60657	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.679562092 CEST	443	60657	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.688874960 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.688894987 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.688962936 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.688987017 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.689555883 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.700624943 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.700644970 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.700711012 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.700727940 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.700773954 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.707623005 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.707675934 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.707808971 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.707824945 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.707824945 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.707848072 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.707990885 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.708075047 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.708075047 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.708602905 CEST	60658	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.708616972 CEST	443	60658	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.716715097 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.716763020 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.716801882 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.716809034 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.716835022 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.716855049 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.727653980 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.727675915 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.727751970 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.727818966 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.727884054 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.736835957 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.736912012 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.736911058 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.736932993 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.736970901 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.739356041 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.739432096 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.739450932 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.747112989 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.747128963 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.747209072 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.747226000 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.747309923 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.750433922 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.750473976 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.750524044 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.750547886 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.750575066 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.750601053 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.759501934 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.759516001 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.764025927 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.764049053 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.764101028 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.765888929 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.765908003 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.765975952 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.765994072 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.766058922 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.766761065 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.766819000 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.768527031 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.768543959 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.768627882 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.768645048 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.768752098 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.771924973 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.772003889 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.774208069 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.774302006 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.777205944 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.777280092 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.778686047 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.778702974 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.778779984 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.778795958 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.778846025 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.820970058 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.821089029 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.822367907 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.822438002 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.826150894 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.826230049 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.826258898 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.826339006 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.827233076 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.827321053 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.830943108 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.831023932 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.832431078 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.832499027 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.833755970 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.833825111 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.835290909 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.835313082 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.835380077 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.835402012 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.835452080 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.835845947 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.835917950 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.837835073 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.837917089 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.841715097 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.841733932 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.841782093 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.841797113 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.841830969 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.841851950 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.843185902 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.843250036 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.843264103 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.843318939 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.844578028 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.844666958 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.846174002 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.846189976 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.846251965 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.846267939 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.846349001 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.848748922 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.848814011 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.848826885 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.848864079 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.848893881 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.848922968 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.849096060 CEST	60661	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.849134922 CEST	443	60661	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.849719048 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.849734068 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.849788904 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.849807024 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.849888086 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.851684093 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.851701021 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.851767063 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.851782084 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.851835966 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.854398966 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.854414940 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.854446888 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.854463100 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.854510069 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.854526997 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.854549885 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.854567051 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.854590893 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.854612112 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.855016947 CEST	60660	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:13.855041981 CEST	443	60660	18.244.140.117	192.168.2.4
May 24, 2024 17:39:13.958585024 CEST	443	60667	74.125.206.156	192.168.2.4
May 24, 2024 17:39:13.958874941 CEST	60667	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:13.958899975 CEST	443	60667	74.125.206.156	192.168.2.4
May 24, 2024 17:39:13.959985971 CEST	443	60667	74.125.206.156	192.168.2.4
May 24, 2024 17:39:13.960081100 CEST	60667	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:13.961760044 CEST	60667	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:13.961841106 CEST	443	60667	74.125.206.156	192.168.2.4
May 24, 2024 17:39:13.961951017 CEST	60667	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:14.002497911 CEST	443	60667	74.125.206.156	192.168.2.4
May 24, 2024 17:39:14.003674984 CEST	443	60668	172.217.23.110	192.168.2.4
May 24, 2024 17:39:14.004009008 CEST	60668	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:14.004030943 CEST	443	60668	172.217.23.110	192.168.2.4
May 24, 2024 17:39:14.004414082 CEST	443	60668	172.217.23.110	192.168.2.4
May 24, 2024 17:39:14.004614115 CEST	60668	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:14.005153894 CEST	443	60668	172.217.23.110	192.168.2.4
May 24, 2024 17:39:14.005240917 CEST	60668	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:14.007119894 CEST	60668	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:14.007119894 CEST	60668	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:14.007142067 CEST	443	60668	172.217.23.110	192.168.2.4
May 24, 2024 17:39:14.007213116 CEST	443	60668	172.217.23.110	192.168.2.4
May 24, 2024 17:39:14.018867970 CEST	443	60669	142.250.186.66	192.168.2.4
May 24, 2024 17:39:14.019102097 CEST	60669	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:14.019114971 CEST	443	60669	142.250.186.66	192.168.2.4
May 24, 2024 17:39:14.020545959 CEST	443	60669	142.250.186.66	192.168.2.4
May 24, 2024 17:39:14.020612955 CEST	60669	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:14.023854017 CEST	60669	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:14.023946047 CEST	443	60669	142.250.186.66	192.168.2.4
May 24, 2024 17:39:14.024008036 CEST	60669	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:14.049994946 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.050247908 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.050283909 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.050802946 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.051193953 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.051333904 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.051351070 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.066524029 CEST	443	60669	142.250.186.66	192.168.2.4
May 24, 2024 17:39:14.068243980 CEST	60667	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:14.068269968 CEST	443	60667	74.125.206.156	192.168.2.4
May 24, 2024 17:39:14.068515062 CEST	60669	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:14.068523884 CEST	60668	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:14.068525076 CEST	443	60669	142.250.186.66	192.168.2.4
May 24, 2024 17:39:14.068543911 CEST	443	60668	172.217.23.110	192.168.2.4
May 24, 2024 17:39:14.116161108 CEST	60669	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:14.168473005 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.170273066 CEST	60667	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:14.170516014 CEST	60668	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:14.171319008 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.171346903 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.171356916 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.171392918 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.171411037 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.171403885 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.171453953 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.171489954 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.171492100 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.171489954 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.171530008 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.171705008 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.218456030 CEST	443	60667	74.125.206.156	192.168.2.4
May 24, 2024 17:39:14.220993042 CEST	443	60667	74.125.206.156	192.168.2.4
May 24, 2024 17:39:14.221065998 CEST	60667	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:14.231173038 CEST	60667	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:14.231210947 CEST	443	60667	74.125.206.156	192.168.2.4
May 24, 2024 17:39:14.252501965 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.252520084 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.252542973 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.252573967 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.252726078 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.252726078 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.252758026 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.253027916 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.258225918 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.258253098 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.258322001 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.258337021 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.258373022 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.258387089 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.298018932 CEST	443	60668	172.217.23.110	192.168.2.4
May 24, 2024 17:39:14.299833059 CEST	443	60668	172.217.23.110	192.168.2.4
May 24, 2024 17:39:14.299915075 CEST	60668	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:14.304341078 CEST	443	60669	142.250.186.66	192.168.2.4
May 24, 2024 17:39:14.307111025 CEST	443	60669	142.250.186.66	192.168.2.4
May 24, 2024 17:39:14.307301044 CEST	60669	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:14.339876890 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.339920998 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.339955091 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.339962006 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.339973927 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.340022087 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.403606892 CEST	60668	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:14.403629065 CEST	443	60668	172.217.23.110	192.168.2.4
May 24, 2024 17:39:14.514008045 CEST	60669	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:14.514022112 CEST	443	60669	142.250.186.66	192.168.2.4
May 24, 2024 17:39:14.516644955 CEST	60671	443	192.168.2.4	13.107.253.67
May 24, 2024 17:39:14.516706944 CEST	443	60671	13.107.253.67	192.168.2.4
May 24, 2024 17:39:14.616987944 CEST	60673	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:14.617029905 CEST	443	60673	172.217.23.110	192.168.2.4
May 24, 2024 17:39:14.617288113 CEST	60673	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:14.618561983 CEST	60674	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:14.618616104 CEST	443	60674	74.125.206.156	192.168.2.4
May 24, 2024 17:39:14.618675947 CEST	60674	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:14.632230997 CEST	60674	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:14.632271051 CEST	443	60674	74.125.206.156	192.168.2.4
May 24, 2024 17:39:14.632302046 CEST	60673	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:14.632318020 CEST	443	60673	172.217.23.110	192.168.2.4
May 24, 2024 17:39:15.291564941 CEST	443	60673	172.217.23.110	192.168.2.4
May 24, 2024 17:39:15.299011946 CEST	443	60674	74.125.206.156	192.168.2.4
May 24, 2024 17:39:15.340925932 CEST	60674	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:15.360047102 CEST	60673	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:15.410589933 CEST	60674	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:15.410619020 CEST	443	60674	74.125.206.156	192.168.2.4
May 24, 2024 17:39:15.411179066 CEST	443	60674	74.125.206.156	192.168.2.4
May 24, 2024 17:39:15.435293913 CEST	60673	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:15.435306072 CEST	443	60673	172.217.23.110	192.168.2.4
May 24, 2024 17:39:15.435990095 CEST	443	60673	172.217.23.110	192.168.2.4
May 24, 2024 17:39:15.436676025 CEST	60677	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:15.436712980 CEST	443	60677	142.250.186.66	192.168.2.4
May 24, 2024 17:39:15.436845064 CEST	60677	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:15.437908888 CEST	60674	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:15.438007116 CEST	443	60674	74.125.206.156	192.168.2.4
May 24, 2024 17:39:15.438623905 CEST	60673	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:15.438714981 CEST	443	60673	172.217.23.110	192.168.2.4
May 24, 2024 17:39:15.438945055 CEST	60677	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:15.438963890 CEST	443	60677	142.250.186.66	192.168.2.4
May 24, 2024 17:39:15.439704895 CEST	60674	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:15.439757109 CEST	60673	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:15.440978050 CEST	49724	80	192.168.2.4	93.184.221.240
May 24, 2024 17:39:15.482501984 CEST	443	60674	74.125.206.156	192.168.2.4
May 24, 2024 17:39:15.482522964 CEST	443	60673	172.217.23.110	192.168.2.4
May 24, 2024 17:39:15.495914936 CEST	80	49724	93.184.221.240	192.168.2.4
May 24, 2024 17:39:15.496074915 CEST	49724	80	192.168.2.4	93.184.221.240
May 24, 2024 17:39:15.657464981 CEST	443	60674	74.125.206.156	192.168.2.4
May 24, 2024 17:39:15.657538891 CEST	443	60674	74.125.206.156	192.168.2.4
May 24, 2024 17:39:15.657586098 CEST	60674	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:15.700453043 CEST	60674	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:15.700495005 CEST	443	60674	74.125.206.156	192.168.2.4
May 24, 2024 17:39:15.714135885 CEST	443	60673	172.217.23.110	192.168.2.4
May 24, 2024 17:39:15.716126919 CEST	60673	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:15.716234922 CEST	443	60673	172.217.23.110	192.168.2.4
May 24, 2024 17:39:15.716291904 CEST	60673	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:16.130861044 CEST	443	60677	142.250.186.66	192.168.2.4
May 24, 2024 17:39:16.338505030 CEST	443	60677	142.250.186.66	192.168.2.4
May 24, 2024 17:39:16.338614941 CEST	60677	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:17.433645964 CEST	443	60619	216.58.206.68	192.168.2.4
May 24, 2024 17:39:17.433712006 CEST	443	60619	216.58.206.68	192.168.2.4
May 24, 2024 17:39:17.433796883 CEST	60619	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:17.515367031 CEST	60677	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:17.515389919 CEST	443	60677	142.250.186.66	192.168.2.4
May 24, 2024 17:39:17.516112089 CEST	443	60677	142.250.186.66	192.168.2.4
May 24, 2024 17:39:17.518454075 CEST	60677	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:17.518570900 CEST	443	60677	142.250.186.66	192.168.2.4
May 24, 2024 17:39:17.521564960 CEST	60677	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:17.529114962 CEST	60619	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:17.529150963 CEST	443	60619	216.58.206.68	192.168.2.4
May 24, 2024 17:39:17.529561043 CEST	60678	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:17.529583931 CEST	443	60678	74.125.206.156	192.168.2.4
May 24, 2024 17:39:17.529660940 CEST	60678	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:17.529866934 CEST	60678	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:17.529880047 CEST	443	60678	74.125.206.156	192.168.2.4
May 24, 2024 17:39:17.566498041 CEST	443	60677	142.250.186.66	192.168.2.4
May 24, 2024 17:39:17.821474075 CEST	443	60677	142.250.186.66	192.168.2.4
May 24, 2024 17:39:17.821662903 CEST	443	60677	142.250.186.66	192.168.2.4
May 24, 2024 17:39:17.821711063 CEST	60677	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:17.836829901 CEST	60677	443	192.168.2.4	142.250.186.66
May 24, 2024 17:39:17.836858988 CEST	443	60677	142.250.186.66	192.168.2.4
May 24, 2024 17:39:18.013911009 CEST	60680	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:18.013947010 CEST	443	60680	18.244.140.117	192.168.2.4
May 24, 2024 17:39:18.014045954 CEST	60680	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:18.014377117 CEST	60680	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:18.014398098 CEST	443	60680	18.244.140.117	192.168.2.4
May 24, 2024 17:39:18.256114960 CEST	443	60678	74.125.206.156	192.168.2.4
May 24, 2024 17:39:18.263720036 CEST	60678	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:18.263793945 CEST	443	60678	74.125.206.156	192.168.2.4
May 24, 2024 17:39:18.264571905 CEST	443	60678	74.125.206.156	192.168.2.4
May 24, 2024 17:39:18.265849113 CEST	60678	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:18.265999079 CEST	443	60678	74.125.206.156	192.168.2.4
May 24, 2024 17:39:18.266071081 CEST	60678	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:18.295450926 CEST	60682	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:18.295494080 CEST	443	60682	172.217.23.110	192.168.2.4
May 24, 2024 17:39:18.295605898 CEST	60682	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:18.295958042 CEST	60682	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:18.295978069 CEST	443	60682	172.217.23.110	192.168.2.4
May 24, 2024 17:39:18.310503006 CEST	443	60678	74.125.206.156	192.168.2.4
May 24, 2024 17:39:18.555954933 CEST	443	60678	74.125.206.156	192.168.2.4
May 24, 2024 17:39:18.556062937 CEST	443	60678	74.125.206.156	192.168.2.4
May 24, 2024 17:39:18.556116104 CEST	60678	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:18.556978941 CEST	60678	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:18.557003021 CEST	443	60678	74.125.206.156	192.168.2.4
May 24, 2024 17:39:18.565990925 CEST	60683	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:18.566099882 CEST	443	60683	216.58.206.68	192.168.2.4
May 24, 2024 17:39:18.566178083 CEST	60683	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:18.566502094 CEST	60683	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:18.566544056 CEST	443	60683	216.58.206.68	192.168.2.4
May 24, 2024 17:39:18.579504013 CEST	60684	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:18.579538107 CEST	443	60684	74.125.206.156	192.168.2.4
May 24, 2024 17:39:18.579603910 CEST	60684	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:18.579914093 CEST	60684	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:18.579952002 CEST	443	60684	74.125.206.156	192.168.2.4
May 24, 2024 17:39:18.717628002 CEST	443	60680	18.244.140.117	192.168.2.4
May 24, 2024 17:39:18.719156981 CEST	60680	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:18.719168901 CEST	443	60680	18.244.140.117	192.168.2.4
May 24, 2024 17:39:18.719537020 CEST	443	60680	18.244.140.117	192.168.2.4
May 24, 2024 17:39:18.720031977 CEST	60680	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:18.720098972 CEST	443	60680	18.244.140.117	192.168.2.4
May 24, 2024 17:39:18.720158100 CEST	60680	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:18.760404110 CEST	60680	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:18.760421991 CEST	443	60680	18.244.140.117	192.168.2.4
May 24, 2024 17:39:18.969600916 CEST	443	60680	18.244.140.117	192.168.2.4
May 24, 2024 17:39:18.969691992 CEST	443	60680	18.244.140.117	192.168.2.4
May 24, 2024 17:39:18.969734907 CEST	60680	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:18.972126007 CEST	60680	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:18.972141981 CEST	443	60680	18.244.140.117	192.168.2.4
May 24, 2024 17:39:18.994066000 CEST	60686	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:18.994086027 CEST	443	60686	18.244.140.117	192.168.2.4
May 24, 2024 17:39:18.994151115 CEST	60686	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:18.994401932 CEST	60686	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:18.994410038 CEST	443	60686	18.244.140.117	192.168.2.4
May 24, 2024 17:39:19.029769897 CEST	443	60682	172.217.23.110	192.168.2.4
May 24, 2024 17:39:19.030194044 CEST	60682	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:19.030213118 CEST	443	60682	172.217.23.110	192.168.2.4
May 24, 2024 17:39:19.030695915 CEST	443	60682	172.217.23.110	192.168.2.4
May 24, 2024 17:39:19.030755997 CEST	60682	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:19.031405926 CEST	443	60682	172.217.23.110	192.168.2.4
May 24, 2024 17:39:19.031459093 CEST	60682	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:19.031704903 CEST	60682	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:19.031770945 CEST	443	60682	172.217.23.110	192.168.2.4
May 24, 2024 17:39:19.031867981 CEST	60682	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:19.074501038 CEST	443	60682	172.217.23.110	192.168.2.4
May 24, 2024 17:39:19.161657095 CEST	60682	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:19.161672115 CEST	443	60682	172.217.23.110	192.168.2.4
May 24, 2024 17:39:19.220802069 CEST	443	60683	216.58.206.68	192.168.2.4
May 24, 2024 17:39:19.221088886 CEST	60683	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:19.221153021 CEST	443	60683	216.58.206.68	192.168.2.4
May 24, 2024 17:39:19.222498894 CEST	443	60683	216.58.206.68	192.168.2.4
May 24, 2024 17:39:19.222573996 CEST	60683	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:19.222877026 CEST	60683	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:19.222982883 CEST	443	60683	216.58.206.68	192.168.2.4
May 24, 2024 17:39:19.223089933 CEST	60683	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:19.223107100 CEST	443	60683	216.58.206.68	192.168.2.4
May 24, 2024 17:39:19.228099108 CEST	443	60684	74.125.206.156	192.168.2.4
May 24, 2024 17:39:19.228578091 CEST	60684	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:19.228593111 CEST	443	60684	74.125.206.156	192.168.2.4
May 24, 2024 17:39:19.230024099 CEST	443	60684	74.125.206.156	192.168.2.4
May 24, 2024 17:39:19.230320930 CEST	60684	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:19.230503082 CEST	60684	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:19.230583906 CEST	60684	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:19.230592966 CEST	443	60684	74.125.206.156	192.168.2.4
May 24, 2024 17:39:19.272800922 CEST	60682	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:19.273793936 CEST	60683	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:19.278491020 CEST	443	60684	74.125.206.156	192.168.2.4
May 24, 2024 17:39:19.318670034 CEST	443	60682	172.217.23.110	192.168.2.4
May 24, 2024 17:39:19.319258928 CEST	60682	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:19.319305897 CEST	443	60682	172.217.23.110	192.168.2.4
May 24, 2024 17:39:19.319366932 CEST	60682	443	192.168.2.4	172.217.23.110
May 24, 2024 17:39:19.349560022 CEST	60684	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:19.349577904 CEST	443	60684	74.125.206.156	192.168.2.4
May 24, 2024 17:39:19.552546978 CEST	443	60683	216.58.206.68	192.168.2.4
May 24, 2024 17:39:19.552712917 CEST	60684	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:19.552721977 CEST	443	60684	74.125.206.156	192.168.2.4
May 24, 2024 17:39:19.553667068 CEST	60684	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:19.553778887 CEST	443	60684	74.125.206.156	192.168.2.4
May 24, 2024 17:39:19.553944111 CEST	60684	443	192.168.2.4	74.125.206.156
May 24, 2024 17:39:19.603842974 CEST	443	60683	216.58.206.68	192.168.2.4
May 24, 2024 17:39:19.603936911 CEST	60683	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:19.604386091 CEST	60683	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:19.604425907 CEST	443	60683	216.58.206.68	192.168.2.4
May 24, 2024 17:39:19.608654022 CEST	60687	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:19.608694077 CEST	443	60687	216.58.206.68	192.168.2.4
May 24, 2024 17:39:19.608910084 CEST	60687	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:19.609106064 CEST	60687	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:19.609117985 CEST	443	60687	216.58.206.68	192.168.2.4
May 24, 2024 17:39:19.786576986 CEST	443	60686	18.244.140.117	192.168.2.4
May 24, 2024 17:39:19.786968946 CEST	60686	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:19.786992073 CEST	443	60686	18.244.140.117	192.168.2.4
May 24, 2024 17:39:19.787338972 CEST	443	60686	18.244.140.117	192.168.2.4
May 24, 2024 17:39:19.787647009 CEST	60686	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:19.787709951 CEST	443	60686	18.244.140.117	192.168.2.4
May 24, 2024 17:39:19.787854910 CEST	60686	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:19.834494114 CEST	443	60686	18.244.140.117	192.168.2.4
May 24, 2024 17:39:20.065449953 CEST	443	60686	18.244.140.117	192.168.2.4
May 24, 2024 17:39:20.070189953 CEST	443	60686	18.244.140.117	192.168.2.4
May 24, 2024 17:39:20.070288897 CEST	60686	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:20.070518970 CEST	60686	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:20.070554972 CEST	443	60686	18.244.140.117	192.168.2.4
May 24, 2024 17:39:20.312990904 CEST	443	60687	216.58.206.68	192.168.2.4
May 24, 2024 17:39:20.313297987 CEST	60687	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:20.313327074 CEST	443	60687	216.58.206.68	192.168.2.4
May 24, 2024 17:39:20.314332008 CEST	443	60687	216.58.206.68	192.168.2.4
May 24, 2024 17:39:20.314399004 CEST	60687	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:20.314707994 CEST	60687	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:20.314774990 CEST	443	60687	216.58.206.68	192.168.2.4
May 24, 2024 17:39:20.314861059 CEST	60687	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:20.358535051 CEST	443	60687	216.58.206.68	192.168.2.4
May 24, 2024 17:39:20.453243971 CEST	60687	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:20.453255892 CEST	443	60687	216.58.206.68	192.168.2.4
May 24, 2024 17:39:20.649008036 CEST	443	60687	216.58.206.68	192.168.2.4
May 24, 2024 17:39:20.649085045 CEST	60687	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:20.650243044 CEST	60687	443	192.168.2.4	216.58.206.68
May 24, 2024 17:39:20.650264978 CEST	443	60687	216.58.206.68	192.168.2.4
May 24, 2024 17:39:21.419364929 CEST	60598	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:21.419379950 CEST	443	60598	173.222.162.32	192.168.2.4
May 24, 2024 17:39:21.420159101 CEST	60691	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:21.420254946 CEST	443	60691	173.222.162.32	192.168.2.4
May 24, 2024 17:39:21.420351982 CEST	60691	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:21.420608044 CEST	60691	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:21.420646906 CEST	443	60691	173.222.162.32	192.168.2.4
May 24, 2024 17:39:22.051050901 CEST	443	60691	173.222.162.32	192.168.2.4
May 24, 2024 17:39:22.051193953 CEST	60691	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:22.199866056 CEST	60691	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:22.199944019 CEST	443	60691	173.222.162.32	192.168.2.4
May 24, 2024 17:39:22.201054096 CEST	443	60691	173.222.162.32	192.168.2.4
May 24, 2024 17:39:22.201155901 CEST	60691	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:22.205924034 CEST	60691	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:22.206001043 CEST	443	60691	173.222.162.32	192.168.2.4
May 24, 2024 17:39:22.228252888 CEST	60691	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:22.228312016 CEST	443	60691	173.222.162.32	192.168.2.4
May 24, 2024 17:39:22.598784924 CEST	443	60691	173.222.162.32	192.168.2.4
May 24, 2024 17:39:22.598963976 CEST	443	60691	173.222.162.32	192.168.2.4
May 24, 2024 17:39:22.599001884 CEST	60691	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:22.599081039 CEST	60691	443	192.168.2.4	173.222.162.32
May 24, 2024 17:39:33.663706064 CEST	80	60604	18.244.140.117	192.168.2.4
May 24, 2024 17:39:33.663768053 CEST	60604	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:33.668462992 CEST	80	60603	18.244.140.117	192.168.2.4
May 24, 2024 17:39:33.668651104 CEST	60603	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:35.520368099 CEST	60604	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:35.520390034 CEST	60603	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:35.525896072 CEST	80	60604	18.244.140.117	192.168.2.4
May 24, 2024 17:39:35.543874025 CEST	80	60603	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.899566889 CEST	60694	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.899641991 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.899768114 CEST	60694	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.900151968 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.900175095 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.900283098 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.900476933 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.900517941 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.900576115 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.900783062 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.900794983 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.900850058 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.901211977 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.901218891 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.901264906 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.901495934 CEST	60694	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.901535034 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.901865005 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.901871920 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.902049065 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.902071953 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.902081966 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.902220011 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.902232885 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.902334929 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.902343988 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.902466059 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.902475119 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.902610064 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.902618885 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.905741930 CEST	60700	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.905781031 CEST	443	60700	18.244.140.117	192.168.2.4
May 24, 2024 17:39:37.905908108 CEST	60700	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.906095028 CEST	60700	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:37.906119108 CEST	443	60700	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.640774012 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.641354084 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.641375065 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.642548084 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.642697096 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.643243074 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.643373013 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.643403053 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.646282911 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.646644115 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.646652937 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.647778988 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.647902012 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.648154020 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.648426056 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.648509979 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.648598909 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.648606062 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.648730993 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.648739100 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.650064945 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.650103092 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.650145054 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.650206089 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.650340080 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.650418997 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.650612116 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.650701046 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.650923967 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.650932074 CEST	60694	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.650952101 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.651086092 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.651096106 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.651277065 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.651372910 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.651382923 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.651472092 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.651822090 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.652024984 CEST	60694	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.652118921 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.652129889 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.652139902 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.652942896 CEST	60694	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.653629065 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.653677940 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.661026955 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.661129951 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.661703110 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.661715031 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.666034937 CEST	443	60700	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.666270018 CEST	60700	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.666285038 CEST	443	60700	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.666775942 CEST	443	60700	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.667371988 CEST	60700	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.667455912 CEST	443	60700	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.667521954 CEST	60700	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.690499067 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.693154097 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.693154097 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.693169117 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.693206072 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.693272114 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.693351984 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.698502064 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.708743095 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.708744049 CEST	60700	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.708756924 CEST	443	60700	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.740187883 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.961680889 CEST	443	60700	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.961818933 CEST	443	60700	18.244.140.117	192.168.2.4
May 24, 2024 17:39:38.961872101 CEST	60700	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.963561058 CEST	60700	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:38.963588953 CEST	443	60700	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.022116899 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.022142887 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.022152901 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.022169113 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.022219896 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.022293091 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.022294044 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.022305012 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.022428989 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.076103926 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.105158091 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.107121944 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.107142925 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.107197046 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.107219934 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.107228994 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.107238054 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.107260942 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.107274055 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.107289076 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.107316971 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.107316971 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.117552996 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.117580891 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.117607117 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.117650986 CEST	60694	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.117672920 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.117690086 CEST	60694	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.117691040 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.117732048 CEST	60694	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.118773937 CEST	60694	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.118787050 CEST	443	60694	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.124994993 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.125071049 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.125082016 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.125102043 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.125114918 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.125179052 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.125179052 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.125560045 CEST	60699	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.125576973 CEST	443	60699	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.126382113 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.126405001 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.126413107 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.126445055 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.126486063 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.126488924 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.126499891 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.126523972 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.126523972 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.126565933 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.126569986 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.126600027 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.126821041 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.129029036 CEST	60698	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.129036903 CEST	443	60698	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.129163027 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.129175901 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.129194021 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.129242897 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.129265070 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.129281998 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.129323959 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.161900043 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.458389997 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.458422899 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.458432913 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.458451986 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.458486080 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.458502054 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.458528996 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.458542109 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.458542109 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.458645105 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.464021921 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.464104891 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.464114904 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.464129925 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.464265108 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.464700937 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.464715004 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.464737892 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.464749098 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.464773893 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.464776039 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.464786053 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.464818954 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.464818954 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.471672058 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.471705914 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.471719027 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.471741915 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.471745968 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.471760035 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.471780062 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.471904993 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.475066900 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.475155115 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.475167036 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.475279093 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.476130962 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.476232052 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.476272106 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.476272106 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.484466076 CEST	60696	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.484486103 CEST	443	60696	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.493457079 CEST	60695	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.493490934 CEST	443	60695	18.244.140.117	192.168.2.4
May 24, 2024 17:39:39.498714924 CEST	60697	443	192.168.2.4	18.244.140.117
May 24, 2024 17:39:39.498725891 CEST	443	60697	18.244.140.117	192.168.2.4
May 24, 2024 17:39:48.772816896 CEST	60602	80	192.168.2.4	18.244.140.117
May 24, 2024 17:39:48.777920961 CEST	80	60602	18.244.140.117	192.168.2.4
May 24, 2024 17:40:06.914323092 CEST	60706	443	192.168.2.4	216.58.206.68
May 24, 2024 17:40:06.914359093 CEST	443	60706	216.58.206.68	192.168.2.4
May 24, 2024 17:40:06.914439917 CEST	60706	443	192.168.2.4	216.58.206.68
May 24, 2024 17:40:06.914666891 CEST	60706	443	192.168.2.4	216.58.206.68
May 24, 2024 17:40:06.914685011 CEST	443	60706	216.58.206.68	192.168.2.4
May 24, 2024 17:40:07.578099012 CEST	443	60706	216.58.206.68	192.168.2.4
May 24, 2024 17:40:07.579549074 CEST	60706	443	192.168.2.4	216.58.206.68
May 24, 2024 17:40:07.579562902 CEST	443	60706	216.58.206.68	192.168.2.4
May 24, 2024 17:40:07.579936028 CEST	443	60706	216.58.206.68	192.168.2.4
May 24, 2024 17:40:07.630739927 CEST	60706	443	192.168.2.4	216.58.206.68
May 24, 2024 17:40:08.079205990 CEST	60706	443	192.168.2.4	216.58.206.68
May 24, 2024 17:40:08.079410076 CEST	443	60706	216.58.206.68	192.168.2.4
May 24, 2024 17:40:08.123090982 CEST	60706	443	192.168.2.4	216.58.206.68

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 17:38:27.391843081 CEST	138	138	192.168.2.4	192.168.2.255
May 24, 2024 17:38:28.725557089 CEST	53	57776	1.1.1.1	192.168.2.4
May 24, 2024 17:38:42.422986031 CEST	53	65368	162.159.36.2	192.168.2.4
May 24, 2024 17:38:42.956368923 CEST	55479	53	192.168.2.4	1.1.1.1
May 24, 2024 17:38:42.970185995 CEST	53	55479	1.1.1.1	192.168.2.4
May 24, 2024 17:39:02.842504978 CEST	54760	53	192.168.2.4	1.1.1.1
May 24, 2024 17:39:03.057924032 CEST	53	54760	1.1.1.1	192.168.2.4
May 24, 2024 17:39:06.095153093 CEST	53349	53	192.168.2.4	1.1.1.1
May 24, 2024 17:39:06.101382971 CEST	55288	53	192.168.2.4	1.1.1.1
May 24, 2024 17:39:06.122400999 CEST	53	55288	1.1.1.1	192.168.2.4
May 24, 2024 17:39:06.122432947 CEST	53	53349	1.1.1.1	192.168.2.4
May 24, 2024 17:39:06.852062941 CEST	51245	53	192.168.2.4	1.1.1.1
May 24, 2024 17:39:06.861552954 CEST	53	51245	1.1.1.1	192.168.2.4
May 24, 2024 17:39:09.953030109 CEST	60790	53	192.168.2.4	1.1.1.1
May 24, 2024 17:39:09.968775988 CEST	53	60790	1.1.1.1	192.168.2.4
May 24, 2024 17:39:12.430042028 CEST	56807	53	192.168.2.4	1.1.1.1
May 24, 2024 17:39:13.281378031 CEST	63596	53	192.168.2.4	1.1.1.1
May 24, 2024 17:39:13.282255888 CEST	51828	53	192.168.2.4	1.1.1.1
May 24, 2024 17:39:13.313889027 CEST	53	51828	1.1.1.1	192.168.2.4
May 24, 2024 17:39:13.313909054 CEST	53	63596	1.1.1.1	192.168.2.4
May 24, 2024 17:39:13.342262983 CEST	64318	53	192.168.2.4	1.1.1.1
May 24, 2024 17:39:13.353101969 CEST	53	64318	1.1.1.1	192.168.2.4
May 24, 2024 17:39:14.680025101 CEST	61955	53	192.168.2.4	1.1.1.1
May 24, 2024 17:39:17.930257082 CEST	53561	53	192.168.2.4	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 24, 2024 17:38:42.956368923 CEST	192.168.2.4	1.1.1.1	0x8cd0	Standard query (0)	15.164.165.52.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
May 24, 2024 17:39:02.842504978 CEST	192.168.2.4	1.1.1.1	0x16e0	Standard query (0)	www.avs4you.com	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:06.095153093 CEST	192.168.2.4	1.1.1.1	0x36b3	Standard query (0)	secure.avangate.com	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:06.101382971 CEST	192.168.2.4	1.1.1.1	0x322f	Standard query (0)	secure.2checkout.com	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:06.852062941 CEST	192.168.2.4	1.1.1.1	0xfb8e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:09.953030109 CEST	192.168.2.4	1.1.1.1	0xf697	Standard query (0)	dev.visualwebsiteoptimizer.com	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:12.430042028 CEST	192.168.2.4	1.1.1.1	0xbc8a	Standard query (0)	www.clarity.ms	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:13.281378031 CEST	192.168.2.4	1.1.1.1	0xb1e3	Standard query (0)	analytics.google.com	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:13.282255888 CEST	192.168.2.4	1.1.1.1	0xfa73	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:13.342262983 CEST	192.168.2.4	1.1.1.1	0x8cfa	Standard query (0)	td.doubleclick.net	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:14.680025101 CEST	192.168.2.4	1.1.1.1	0x8108	Standard query (0)	s.clarity.ms	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:17.930257082 CEST	192.168.2.4	1.1.1.1	0x2b79	Standard query (0)	c.clarity.ms	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 24, 2024 17:38:42.970185995 CEST	1.1.1.1	192.168.2.4	0x8cd0	Name error (3)	15.164.165.52.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
May 24, 2024 17:39:03.057924032 CEST	1.1.1.1	192.168.2.4	0x16e0	No error (0)	www.avs4you.com		18.244.140.117	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:03.057924032 CEST	1.1.1.1	192.168.2.4	0x16e0	No error (0)	www.avs4you.com		18.244.140.20	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:03.057924032 CEST	1.1.1.1	192.168.2.4	0x16e0	No error (0)	www.avs4you.com		18.244.140.33	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:03.057924032 CEST	1.1.1.1	192.168.2.4	0x16e0	No error (0)	www.avs4you.com		18.244.140.79	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:06.122400999 CEST	1.1.1.1	192.168.2.4	0x322f	No error (0)	secure.2checkout.com	sab84n7.x.incapdns.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 17:39:06.122400999 CEST	1.1.1.1	192.168.2.4	0x322f	No error (0)	sab84n7.x.incapdns.net		45.60.14.94	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:06.122432947 CEST	1.1.1.1	192.168.2.4	0x36b3	No error (0)	secure.avangate.com	mdig4.x.incapdns.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 17:39:06.122432947 CEST	1.1.1.1	192.168.2.4	0x36b3	No error (0)	mdig4.x.incapdns.net		45.60.14.94	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:06.861552954 CEST	1.1.1.1	192.168.2.4	0xfb8e	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:09.968775988 CEST	1.1.1.1	192.168.2.4	0xf697	No error (0)	dev.visualwebsiteoptimizer.com		34.96.102.137	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:12.438745022 CEST	1.1.1.1	192.168.2.4	0xbc8a	No error (0)	www.clarity.ms	clarity.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 17:39:12.438745022 CEST	1.1.1.1	192.168.2.4	0xbc8a	No error (0)	clarity.azurefd.net	azurefd-t-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 17:39:12.438745022 CEST	1.1.1.1	192.168.2.4	0xbc8a	No error (0)	shed.dual-low.part-0039.t-0009.t-msedge.net	azurefd-t-fb-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 17:39:12.438745022 CEST	1.1.1.1	192.168.2.4	0xbc8a	No error (0)	dual.s-part-0039.t-0009.fb-t-msedge.net	s-part-0039.t-0009.fb-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 17:39:12.438745022 CEST	1.1.1.1	192.168.2.4	0xbc8a	No error (0)	s-part-0039.t-0009.fb-t-msedge.net		13.107.253.67	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:13.313889027 CEST	1.1.1.1	192.168.2.4	0xfa73	No error (0)	stats.g.doubleclick.net		74.125.206.156	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:13.313889027 CEST	1.1.1.1	192.168.2.4	0xfa73	No error (0)	stats.g.doubleclick.net		74.125.206.155	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:13.313889027 CEST	1.1.1.1	192.168.2.4	0xfa73	No error (0)	stats.g.doubleclick.net		74.125.206.157	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:13.313889027 CEST	1.1.1.1	192.168.2.4	0xfa73	No error (0)	stats.g.doubleclick.net		74.125.206.154	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:13.313909054 CEST	1.1.1.1	192.168.2.4	0xb1e3	No error (0)	analytics.google.com		172.217.23.110	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:13.353101969 CEST	1.1.1.1	192.168.2.4	0x8cfa	No error (0)	td.doubleclick.net		142.250.186.66	A (IP address)	IN (0x0001)	false
May 24, 2024 17:39:14.691744089 CEST	1.1.1.1	192.168.2.4	0x8108	No error (0)	s.clarity.ms	clarity-ingest-eus-c-sc.eastus.cloudapp.azure.com		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 17:39:17.937921047 CEST	1.1.1.1	192.168.2.4	0x2b79	No error (0)	c.clarity.ms	c.msn.com		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 17:39:17.937921047 CEST	1.1.1.1	192.168.2.4	0x2b79	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

fe3cr.delivery.mp.microsoft.com

www.avs4you.com

https:

secure.avangate.com

secure.2checkout.com

dev.visualwebsiteoptimizer.com

www.clarity.ms

stats.g.doubleclick.net

analytics.google.com

td.doubleclick.net

www.google.com

www.bing.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	60602	18.244.140.117	80	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 24, 2024 17:39:03.109997988 CEST	479	OUT	GET /Register.aspx?Type=Install&ProgID=72&URL=Register HTTP/1.1 Host: www.avs4you.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 24, 2024 17:39:03.764439106 CEST	614	IN	HTTP/1.1 301 Moved Permanently Server: CloudFront Date: Fri, 24 May 2024 15:39:03 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Location: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register X-Cache: Redirect from cloudfront Via: 1.1 e9b7f6a49ef1905c7ce18301f0e01a9c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: 5m4V9MHaDCOkltMfrIsd0VwOCCv0UeJxXG9PGhae7X2q9VCkJreMjg== Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>
May 24, 2024 17:39:48.772816896 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:38:24 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rU+HBvaC1yu2Tc9&MD=p3aPXsTG HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-24 15:38:25 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 4b14614b-854e-4c12-ba4c-daa1403b6471 MS-RequestId: 1f21a127-4151-400a-80f5-2d4a1705d804 MS-CV: VMPL/GeXDEyd7Koe.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 24 May 2024 15:38:24 GMT Connection: close Content-Length: 24490
2024-05-24 15:38:25 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-05-24 15:38:25 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	60594	52.165.164.15	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:38:43 UTC	142	OUT	GET /clientwebservice/ping HTTP/1.1 Connection: Keep-Alive User-Agent: DNS resiliency checker/1.0 Host: fe3cr.delivery.mp.microsoft.com
2024-05-24 15:38:43 UTC	234	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Expires: -1 Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Content-Type-Options: nosniff Date: Fri, 24 May 2024 15:38:43 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	60595	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:38:45 UTC	124	OUT	GET /sls/ping HTTP/1.1 Connection: Keep-Alive User-Agent: DNS resiliency checker/1.0 Host: slscr.update.microsoft.com
2024-05-24 15:38:45 UTC	318	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Expires: -1 MS-CV: hb5T1fhWPUGYmaUd.0 MS-RequestId: f0e724eb-1cf5-469f-bf2e-a6636150f293 MS-CorrelationId: 64b05445-5678-46a0-a553-3ba586dd1782 X-Content-Type-Options: nosniff Date: Fri, 24 May 2024 15:38:44 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	60596	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:38:47 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rU+HBvaC1yu2Tc9&MD=p3aPXsTG HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-24 15:38:48 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 6e51983a-4927-4341-a338-69feaba5076c MS-RequestId: bc782525-f045-439a-bd0c-e56e3b9df1b2 MS-CV: ILwVsxZHREOlz/iW.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 24 May 2024 15:38:46 GMT Connection: close Content-Length: 24490
2024-05-24 15:38:48 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-05-24 15:38:48 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	60597	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:38:49 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rU+HBvaC1yu2Tc9&MD=p3aPXsTG HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-24 15:38:49 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_1440" MS-CorrelationId: 4c1b1795-4c97-4cd0-b381-460f7f148adc MS-RequestId: db18e20c-fe62-43df-884e-7b3f539ae6a6 MS-CV: 6/4Hdu7OG0S7+jyD.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 24 May 2024 15:38:48 GMT Connection: close Content-Length: 25457
2024-05-24 15:38:49 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-05-24 15:38:49 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	60607	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:04 UTC	707	OUT	GET /Register.aspx?Type=Install&ProgID=72&URL=Register HTTP/1.1 Host: www.avs4you.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:05 UTC	428	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 1081546 Connection: close Date: Fri, 24 May 2024 15:39:06 GMT Last-Modified: Tue, 16 Apr 2024 09:59:04 GMT ETag: "66757af97a72f7163bcc8791ff9d6f3e" Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 0d91f1c2cefbfd11a7d7ddeb4916a46a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: 1WfwNWXAXOS-strCgvcRi5Q_6W50rLb2kfguTWuhi3ZGjbjMFoVKhA==
2024-05-24 15:39:05 UTC	896	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 2f 3e 3c 73 74 79 6c 65 20 64 61 74 61 2d 68 72 65 66 3d 22 2f 73 74 79 6c 65 73 2e 30 66 66 63 31 39 63 35 34 36 39 38 34 36 35 39 64 38 36 38 2e 63 73 73 22 20 69 64 3d 22 67 61 74 73 62 79 2d 67 Data Ascii: <!DOCTYPE html><html><head><meta charSet="utf-8"/><meta http-equiv="x-ua-compatible" content="ie=edge"/><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/><style data-href="/styles.0ffc19c546984659d868.css" id="gatsby-g
2024-05-24 15:39:05 UTC	8949	IN	Data Raw: 3a 72 65 6c 61 74 69 76 65 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 76 65 6c 5f 68 65 61 64 65 72 5f 70 6f 77 65 72 66 75 6c 20 76 69 64 65 6f 2c 2e 76 65 6c 5f 68 65 61 64 65 72 20 76 69 64 65 6f 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 68 65 61 64 65 72 5f 69 6d 61 67 65 7b 7a 2d 69 6e 64 65 78 3a 2d 31 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 62 34 61 35 38 7d 2e 68 65 61 64 65 72 5f 69 6d 61 67 65 2c 2e 72 6f 74 61 74 69 6e 67 5f 69 6d 61 67 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 Data Ascii: :relative;z-index:100;overflow:hidden}.vel_header_powerful video,.vel_header video{position:absolute;top:0;left:0;width:100%;height:auto;z-index:-1}.header_image{z-index:-1;background-color:#4b4a58}.header_image,.rotating_image{position:absolute;top:0;lef
2024-05-24 15:39:05 UTC	675	IN	Data Raw: 30 41 56 6c 41 34 49 46 77 49 41 41 42 77 4a 51 43 64 41 53 70 75 41 47 34 41 50 6f 45 34 6c 55 65 6c 49 36 49 68 4d 76 57 50 4d 4b 41 51 43 57 49 74 43 48 61 45 69 37 38 57 33 77 63 50 76 42 7a 39 4d 42 37 58 57 58 43 4c 4f 5a 62 63 6a 7a 41 65 63 7a 36 56 66 39 6e 36 54 50 55 56 37 7a 44 2f 6a 4d 42 75 37 54 76 38 76 2f 56 2b 6f 46 39 45 48 31 58 35 4c 68 66 34 41 58 72 62 2f 47 37 34 75 41 44 36 6b 2f 37 58 77 77 64 54 57 36 56 39 51 76 39 6c 34 68 50 32 4c 2f 61 65 6f 68 2f 56 50 50 6c 2b 6f 50 50 70 39 54 65 77 62 2b 74 48 56 4a 2f 64 66 32 46 76 32 75 5a 4c 73 73 71 6b 65 39 49 41 31 33 48 37 4b 56 61 72 72 78 68 32 53 64 6d 31 38 46 70 4c 43 4e 47 5a 6d 5a 6c 58 31 34 76 61 67 39 61 2f 63 7a 68 62 38 63 35 35 61 53 5a 45 30 79 48 58 6d 79 71 78 44 Data Ascii: 0AVlA4IFwIAABwJQCdASpuAG4APoE4lUelI6IhMvWPMKAQCWItCHaEi78W3wcPvBz9MB7XWXCLOZbcjzAecz6Vf9n6TPUV7zD/jMBu7Tv8v/V+oF9EH1X5Lhf4AXrb/G74uAD6k/7XwwdTW6V9Qv9l4hP2L/aeoh/VPPl+oPPp9Tewb+tHVJ/df2Fv2uZLssqke9IA13H7KVarrxh2Sdm18FpLCNGZmZlX14vag9a/czhb8c55aSZE0yHXmyqxD
2024-05-24 15:39:05 UTC	1432	IN	Data Raw: 4f 58 58 32 30 55 36 6d 48 43 56 43 63 6f 39 6a 45 47 31 74 50 30 37 36 54 35 63 50 42 42 51 72 79 4d 61 70 75 74 4c 50 31 35 49 4e 74 6f 71 68 5a 61 42 6b 36 43 32 51 76 47 32 69 51 63 37 75 4a 6a 44 61 72 37 42 6d 7a 6e 78 4d 6d 45 76 71 6e 34 49 32 6d 46 42 63 4f 76 6f 66 66 63 4e 65 50 4e 73 52 54 76 61 75 66 4b 58 58 39 59 74 47 42 79 77 55 31 39 36 77 6a 49 66 69 36 45 66 63 59 31 63 37 50 46 51 78 70 43 32 2f 49 4b 77 73 65 6a 42 6a 75 68 48 41 5a 48 48 79 46 53 4d 77 71 6c 57 49 52 4b 6a 52 33 6e 6e 2f 41 55 6a 55 6e 6b 79 2f 64 46 4a 39 51 6b 51 49 4e 70 41 32 7a 33 75 74 37 68 6d 67 39 66 68 6f 74 52 38 6f 75 4e 55 4d 37 46 39 35 6f 63 30 56 71 57 4a 72 6d 33 6a 71 45 38 35 4d 42 2f 7a 53 56 4d 43 42 74 71 58 49 47 55 6e 71 5a 4e 79 78 65 36 73 Data Ascii: OXX20U6mHCVCco9jEG1tP076T5cPBBQryMaputLP15INtoqhZaBk6C2QvG2iQc7uJjDar7BmznxMmEvqn4I2mFBcOvoffcNePNsRTvaufKXX9YtGBywU196wjIfi6EfcY1c7PFQxpC2/IKwsejBjuhHAZHHyFSMwqlWIRKjR3nn/AUjUnky/dFJ9QkQINpA2z3ut7hmg9fhotR8ouNUM7F95oc0VqWJrm3jqE85MB/zSVMCBtqXIGUnqZNyxe6s
2024-05-24 15:39:05 UTC	1432	IN	Data Raw: 32 62 49 7a 6e 39 6a 4b 45 32 6b 38 47 69 35 6d 7a 31 31 75 48 51 4f 2b 72 6f 62 61 79 58 68 68 74 6e 68 71 37 58 68 2b 79 56 38 75 5a 38 66 57 67 59 45 6b 63 33 70 42 49 4c 44 36 67 56 72 73 56 30 4c 36 32 79 66 31 5a 51 61 34 50 57 77 33 2f 66 4d 43 33 6e 7a 35 61 71 75 54 6a 4a 52 39 31 4e 65 72 69 4a 46 38 72 72 55 53 2f 32 45 61 5a 42 4b 5a 5a 66 54 52 4c 76 2b 4f 79 41 38 4e 2f 69 59 36 6c 48 71 55 76 6c 57 51 70 48 49 41 55 45 70 61 79 4b 42 4c 72 73 6b 50 59 69 69 64 63 74 4f 78 51 76 57 45 66 68 50 4c 6f 52 37 33 64 43 6c 62 42 5a 5a 6d 2b 77 2b 66 72 44 45 75 33 59 63 77 78 2b 6d 38 69 61 76 52 49 75 77 6c 64 4f 54 48 4f 52 36 79 36 42 34 6b 4d 39 35 67 78 5a 52 6c 75 53 4c 48 42 2f 41 37 72 31 69 36 30 79 56 37 56 5a 35 44 36 38 61 79 6f 53 45 Data Ascii: 2bIzn9jKE2k8Gi5mz11uHQO+robayXhhtnhq7Xh+yV8uZ8fWgYEkc3pBILD6gVrsV0L62yf1ZQa4PWw3/fMC3nz5aquTjJR91NeriJF8rrUS/2EaZBKZZfTRLv+OyA8N/iY6lHqUvlWQpHIAUEpayKBLrskPYiidctOxQvWEfhPLoR73dClbBZZm+w+frDEu3Ycwx+m8iavRIuwldOTHOR6y6B4kM95gxZRluSLHB/A7r1i60yV7VZ5D68ayoSE
2024-05-24 15:39:05 UTC	8949	IN	Data Raw: 30 36 53 79 61 53 4e 6c 63 4a 4e 57 33 74 64 64 77 53 30 69 36 36 50 4c 4b 6c 67 5a 4e 30 6b 6a 37 41 75 62 39 57 2f 6d 57 5a 56 4e 65 35 6a 4c 66 62 75 45 68 68 77 77 53 54 2b 4e 45 4e 70 66 67 6b 69 4f 7a 7a 6c 58 69 6d 33 6f 63 53 6b 69 39 43 49 39 76 35 6a 53 54 53 4c 37 4d 36 55 31 45 6f 43 43 37 50 47 35 34 6f 31 2b 59 51 76 70 54 2f 4c 6a 42 58 55 31 30 2b 65 6b 30 37 6c 7a 76 41 43 73 74 2b 62 56 57 32 4c 75 65 54 68 6f 46 58 69 43 31 7a 6a 61 58 73 67 6f 6d 63 45 4e 72 33 73 5a 77 56 65 41 75 38 73 61 61 46 42 70 4b 31 44 67 76 68 4c 6a 4e 5a 6c 77 4e 42 65 7a 62 68 49 6a 52 61 71 68 68 31 57 5a 59 69 4d 2b 59 52 4a 46 6c 50 68 51 69 68 36 59 4b 6a 59 77 59 61 46 4a 51 52 59 46 47 2f 7a 61 6f 71 61 49 47 6f 52 67 4e 56 78 56 4f 67 39 67 78 72 71 Data Ascii: 06SyaSNlcJNW3tddwS0i66PLKlgZN0kj7Aub9W/mWZVNe5jLfbuEhhwwST+NENpfgkiOzzlXim3ocSki9CI9v5jSTSL7M6U1EoCC7PG54o1+YQvpT/LjBXU10+ek07lzvACst+bVW2LueThoFXiC1zjaXsgomcENr3sZwVeAu8saaFBpK1DgvhLjNZlwNBezbhIjRaqhh1WZYiM+YRJFlPhQih6YKjYwYaFJQRYFG/zaoqaIGoRgNVxVOg9gxrq
2024-05-24 15:39:05 UTC	11099	IN	Data Raw: 36 79 36 72 6c 30 66 37 70 53 77 55 53 34 4f 44 70 57 4a 42 53 6e 4e 30 6d 64 57 4e 33 50 6b 64 79 6e 67 75 66 54 30 41 56 69 78 5a 6d 51 6e 59 64 44 42 54 6b 64 59 4b 34 46 39 50 50 36 75 43 2f 56 64 64 59 43 6f 2f 36 4e 42 43 5a 7a 41 2f 42 62 68 58 4f 2b 50 57 59 77 43 50 38 68 4e 45 63 43 4c 2f 43 44 42 53 63 65 72 4f 41 61 4f 47 53 30 52 64 59 77 7a 49 64 73 56 6c 36 36 55 51 79 68 61 52 74 73 6f 51 58 74 6f 61 68 79 30 6e 46 73 41 61 4a 76 4a 44 4e 36 46 36 6f 69 31 79 53 52 4d 65 6a 78 44 4c 67 63 64 67 4a 43 4e 32 76 49 48 66 74 30 68 4d 46 2f 74 38 36 73 65 6a 6c 50 67 32 5a 48 36 45 47 41 38 2f 4a 50 77 32 45 5a 6b 64 4a 6f 7a 38 54 36 78 72 49 32 42 75 6a 63 68 2b 6d 78 55 5a 45 76 4e 51 72 6d 44 76 6a 30 52 33 6c 61 56 42 46 44 69 77 52 50 56 Data Ascii: 6y6rl0f7pSwUS4ODpWJBSnN0mdWN3PkdyngufT0AVixZmQnYdDBTkdYK4F9PP6uC/VddYCo/6NBCZzA/BbhXO+PWYwCP8hNEcCL/CDBScerOAaOGS0RdYwzIdsVl66UQyhaRtsoQXtoahy0nFsAaJvJDN6F6oi1ySRMejxDLgcdgJCN2vIHft0hMF/t86sejlPg2ZH6EGA8/JPw2EZkdJoz8T6xrI2Bujch+mxUZEvNQrmDvj0R3laVBFDiwRPV
2024-05-24 15:39:05 UTC	5728	IN	Data Raw: 41 71 42 41 41 41 63 42 59 41 6e 51 45 71 59 51 42 68 41 44 36 4e 50 4a 6c 48 70 53 4f 69 6f 53 76 56 58 65 69 67 45 59 6c 6a 41 4e 48 74 77 50 73 45 70 69 39 50 74 44 2b 69 33 62 66 63 37 68 2f 72 74 52 53 33 6f 44 2f 4d 32 41 44 2b 41 36 4d 62 31 4d 66 56 66 6a 71 2b 58 52 49 37 30 50 55 70 56 59 34 36 66 51 53 7a 32 2f 55 66 41 71 54 66 36 2b 76 34 48 36 51 71 6a 58 51 2f 68 58 72 2b 69 6c 61 73 6f 7a 2b 45 30 69 6c 71 53 65 6c 76 47 62 6e 7a 48 4c 4f 62 76 78 48 65 42 50 4f 31 71 4f 2f 42 6a 38 38 2b 43 4a 6f 47 69 6a 64 6e 4c 55 76 73 4b 58 42 76 6a 35 34 41 52 6b 6a 6c 45 57 71 2f 79 72 39 4b 52 42 62 70 4f 51 46 69 44 6d 50 50 65 77 68 54 64 6f 6b 62 64 74 43 6c 64 30 6b 6e 35 65 4d 33 78 51 61 58 6b 2f 53 47 6e 56 46 6d 71 4f 4f 68 47 6b 62 63 34 Data Ascii: AqBAAAcBYAnQEqYQBhAD6NPJlHpSOioSvVXeigEYljANHtwPsEpi9PtD+i3bfc7h/rtRS3oD/M2AD+A6Mb1MfVfjq+XRI70PUpVY46fQSz2/UfAqTf6+v4H6QqjXQ/hXr+ilasoz+E0ilqSelvGbnzHLObvxHeBPO1qO/Bj88+CJoGijdnLUvsKXBvj54ARkjlEWq/yr9KRBbpOQFiDmPPewhTdokbdtCld0kn5eM3xQaXk/SGnVFmqOOhGkbc4
2024-05-24 15:39:05 UTC	2864	IN	Data Raw: 6a 34 5a 76 7a 62 50 50 42 6f 74 4d 65 2f 2f 46 33 73 42 33 39 4f 39 73 4e 4e 62 2b 51 74 49 43 6d 6c 69 39 51 4d 63 74 63 2b 51 32 30 44 30 32 73 43 65 61 41 58 77 4c 37 39 6c 2f 38 4e 56 46 4a 48 4f 6b 66 37 73 61 32 4c 78 74 42 61 2f 38 6e 43 41 71 79 4f 72 62 67 6c 70 63 4a 6e 31 61 68 55 4c 58 6d 47 74 67 56 46 48 64 67 76 37 62 2b 77 4e 66 6e 43 34 48 6a 72 38 73 76 48 50 4f 51 61 5a 6d 72 61 6f 74 35 4d 2f 4d 44 2f 56 4d 6d 42 48 67 39 76 50 38 6b 66 47 69 76 6a 33 4d 4b 72 75 50 4a 57 63 62 4e 46 45 51 49 2b 76 54 71 64 36 53 2b 76 41 46 34 6e 37 56 69 6d 6a 78 2f 59 2f 67 4f 56 41 57 32 37 42 55 58 61 35 65 5a 6c 35 73 6d 76 56 6c 67 76 70 58 58 64 4b 6c 6f 59 71 62 6d 63 71 45 46 32 4e 33 78 43 64 6a 4e 4c 4b 52 50 43 64 59 48 57 4b 72 66 65 59 Data Ascii: j4ZvzbPPBotMe//F3sB39O9sNNb+QtICmli9QMctc+Q20D02sCeaAXwL79l/8NVFJHOkf7sa2LxtBa/8nCAqyOrbglpcJn1ahULXmGtgVFHdgv7b+wNfnC4Hjr8svHPOQaZmraot5M/MD/VMmBHg9vP8kfGivj3MKruPJWcbNFEQI+vTqd6S+vAF4n7Vimjx/Y/gOVAW27BUXa5eZl5smvVlgvpXXdKloYqbmcqEF2N3xCdjNLKRPCdYHWKrfeY
2024-05-24 15:39:05 UTC	8592	IN	Data Raw: 6f 63 6b 73 7b 70 61 64 64 69 6e 67 3a 30 20 30 20 38 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 7d 2e 76 65 6c 5f 66 6f 6f 74 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 34 36 37 3b 70 61 64 64 69 6e 67 3a 35 30 70 78 20 30 20 31 35 70 78 3b 68 65 69 67 68 74 3a 38 30 70 78 7d 2e 76 65 6c 5f 70 61 67 65 5f 66 6f 6f 74 65 72 7b 77 69 64 74 68 3a 31 30 39 30 70 78 7d 2e 76 70 68 5f 63 6f 70 79 72 69 67 68 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 30 7d 2e 6c 66 6e 2d 73 6f 63 69 61 6c 7b 77 69 64 74 68 3a 31 35 33 70 78 3b 70 61 64 64 69 6e 67 3a 34 70 78 20 30 20 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 7d 2e 6c 66 6e 73 2d 62 75 74 74 6f 6e 2d 66 6f 6f Data Ascii: ocks{padding:0 0 80px;margin:0 auto}.vel_footer{background-color:#444467;padding:50px 0 15px;height:80px}.vel_page_footer{width:1090px}.vph_copyright{font-size:12px;padding:30px 0 0}.lfn-social{width:153px;padding:4px 0 0;text-align:right}.lfns-button-foo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	60617	45.60.14.94	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:06 UTC	547	OUT	GET /content/check_affiliate_v2.js HTTP/1.1 Host: secure.avangate.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:06 UTC	829	IN	HTTP/1.1 200 OK Etag: "87b-596c7bfcd2f41" Last-Modified: Thu, 07 Nov 2019 20:45:44 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 2171 Date: Fri, 24 May 2024 15:39:06 GMT Set-Cookie: visid_incap_848850=wKG2Ixs9TESGiCW526fBeZq0UGYAAAAAQUIPAAAAAABA6vrm7WY+bAe5DdTtSUur; expires=Sat, 24 May 2025 08:23:08 GMT; HttpOnly; path=/; Domain=.avangate.com; Secure; SameSite=None x-incap-sess-cookie-hdr: akZdPEmqyg6ZYUybx8GaGZq0UGYAAAAAKEEB7ID2ag/BMAapZDGGHw== Set-Cookie: incap_ses_1845_848850=NO/IbTI3C0uZYUybx8GaGZq0UGYAAAAAs28lPB5YhE+Wl1Qs+Uwcww==; path=/; Domain=.avangate.com; Secure; SameSite=None Strict-Transport-Security: max-age=31536000 X-CDN: Imperva X-Content-Type-Options: nosniff Access-Control-Allow-Origin: * X-Iinfo: 50-24665817-0 0CNN RT(1716565146186 296) q(0 -1 -1 0) r(0 -1)
2024-05-24 15:39:06 UTC	623	IN	Data Raw: 76 61 72 20 41 56 47 5f 43 48 45 43 4b 5f 41 46 46 5f 55 52 4c 5f 48 54 54 50 20 3d 20 22 68 74 74 70 3a 2f 2f 63 6f 6e 74 65 6e 74 2e 61 76 61 6e 67 61 74 65 2e 63 6f 6d 2f 63 68 65 63 6b 5f 61 66 66 69 6c 69 61 74 65 5f 6a 73 2f 69 6e 64 65 78 2e 70 68 70 3f 22 3b 0a 76 61 72 20 41 56 47 5f 43 48 45 43 4b 5f 41 46 46 5f 55 52 4c 5f 48 54 54 50 53 20 3d 20 22 68 74 74 70 73 3a 2f 2f 73 65 63 75 72 65 2e 61 76 61 6e 67 61 74 65 2e 63 6f 6d 2f 63 6f 6e 74 65 6e 74 2f 63 68 65 63 6b 5f 61 66 66 69 6c 69 61 74 65 5f 6a 73 2f 69 6e 64 65 78 2e 70 68 70 3f 22 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 5f 41 56 47 53 65 74 43 6f 6f 6b 69 65 20 28 6e 61 6d 65 2c 20 76 61 6c 75 65 29 20 7b 0a 09 69 66 20 28 76 61 6c 75 65 20 3d 3d 20 22 22 29 20 76 61 6c 75 65 20 3d 20 Data Ascii: var AVG_CHECK_AFF_URL_HTTP = "http://content.avangate.com/check_affiliate_js/index.php?";var AVG_CHECK_AFF_URL_HTTPS = "https://secure.avangate.com/content/check_affiliate_js/index.php?";function _AVGSetCookie (name, value) {if (value == "") value =
2024-05-24 15:39:06 UTC	1452	IN	Data Raw: 56 47 47 65 74 43 6f 6f 6b 69 65 28 6e 61 6d 65 29 20 7b 0a 20 20 20 20 76 61 72 20 64 63 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 3b 0a 20 20 20 20 76 61 72 20 70 72 65 66 69 78 20 3d 20 6e 61 6d 65 20 2b 20 22 3d 22 3b 0a 20 20 20 20 76 61 72 20 62 65 67 69 6e 20 3d 20 64 63 2e 69 6e 64 65 78 4f 66 28 22 3b 20 22 20 2b 20 70 72 65 66 69 78 29 3b 0a 20 20 20 20 69 66 20 28 62 65 67 69 6e 20 3d 3d 20 2d 31 29 20 7b 0a 20 20 20 20 20 20 20 20 62 65 67 69 6e 20 3d 20 64 63 2e 69 6e 64 65 78 4f 66 28 70 72 65 66 69 78 29 3b 0a 20 20 20 20 20 20 20 20 69 66 20 28 62 65 67 69 6e 20 21 3d 20 30 29 20 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 0a 20 20 20 20 7d 0a 20 20 20 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 62 65 67 69 6e 20 2b 3d 20 32 3b 0a Data Ascii: VGGetCookie(name) { var dc = document.cookie; var prefix = name + "="; var begin = dc.indexOf("; " + prefix); if (begin == -1) { begin = dc.indexOf(prefix); if (begin != 0) return null; } else { begin += 2;
2024-05-24 15:39:06 UTC	96	IN	Data Raw: 61 74 69 6f 6e 2e 68 72 65 66 20 29 3b 0a 20 20 69 66 28 20 72 65 73 75 6c 74 73 20 3d 3d 20 6e 75 6c 6c 20 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 22 22 3b 0a 20 20 7d 0a 20 20 65 6c 73 65 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 72 65 73 75 6c 74 73 5b 31 5d 3b 0a 20 20 7d 0a 7d Data Ascii: ation.href ); if( results == null ) { return ""; } else { return results[1]; }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	60616	45.60.14.94	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:06 UTC	553	OUT	GET /checkout/client/twoCoInlineCart.js HTTP/1.1 Host: secure.2checkout.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:07 UTC	914	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 24 May 2024 15:39:07 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 249182 Connection: close Last-Modified: Thu, 23 May 2024 06:59:48 GMT ETag: "3cd5e-6191998c53e6a" Accept-Ranges: bytes Strict-Transport-Security: max-age=15552000 X-Robots-Tag: noindex, nofollow Set-Cookie: visid_incap_1635453=Gd04SEVpSOGOxmDy+VCOsJq0UGYAAAAAQUIPAAAAAAD2rRVWRAFvLkT7GHO5szGV; expires=Sat, 24 May 2025 08:23:10 GMT; HttpOnly; path=/; Domain=.2checkout.com; Secure; SameSite=None x-incap-sess-cookie-hdr: q6AMQlnYYw2jYUybx8GaGZq0UGYAAAAAMIWEPAoX6Gt/jmFng9hdnA== Set-Cookie: incap_ses_1845_1635453=igEkRFOetGejYUybx8GaGZq0UGYAAAAAqAExO93dBhwWQtk7qFgquQ==; path=/; Domain=.2checkout.com; Secure; SameSite=None X-CDN: Imperva X-Content-Type-Options: nosniff X-Iinfo: 43-11120713-11120770 NNNN CT(95 190 0) RT(1716565146189 299) q(0 0 3 0) r(4 5) U9
2024-05-24 15:39:07 UTC	538	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 65 29 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 65 78 70 6f 72 74 73 2e 54 77 6f 43 6f 49 6e 6c 69 6e 65 43 61 72 74 3d 65 28 29 3a 74 2e 54 77 6f 43 6f 49 6e 6c 69 6e 65 43 61 72 74 3d 65 28 29 7d 28 77 69 6e 64 6f 77 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 7b Data Ascii: !function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.TwoCoInlineCart=e():t.TwoCoInlineCart=e()}(window,function(){return function(t){var e={
2024-05-24 15:39:07 UTC	1452	IN	Data Raw: 6f 6c 2e 74 6f 53 74 72 69 6e 67 54 61 67 26 26 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 53 79 6d 62 6f 6c 2e 74 6f 53 74 72 69 6e 67 54 61 67 2c 7b 76 61 6c 75 65 3a 22 4d 6f 64 75 6c 65 22 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 7d 2c 6e 2e 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 69 66 28 31 26 65 26 26 28 74 3d 6e 28 74 29 29 2c 38 26 65 29 72 65 74 75 72 6e 20 74 3b 69 66 28 34 26 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 74 26 26 74 2e 5f 5f 65 73 4d 6f 64 75 6c 65 29 72 65 74 75 72 6e 20 74 3b 76 61 72 20 72 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 3b 69 Data Ascii: ol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);i
2024-05-24 15:39:07 UTC	1452	IN	Data Raw: 72 65 74 75 72 6e 20 6e 2e 64 28 65 2c 22 61 22 2c 65 29 2c 65 7d 2c 6e 2e 6f 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 74 2c 65 29 7d 2c 6e 2e 70 3d 22 22 2c 6e 28 6e 2e 73 3d 30 29 7d 28 5b 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 74 2c 65 2c 6e 29 7b 72 65 74 75 72 6e 28 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 52 65 66 6c 65 63 74 7c 7c 21 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 29 72 65 74 75 72 6e 21 31 3b 69 66 28 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 Data Ascii: return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s=0)}([function(t,e,n){"use strict";function r(t,e,n){return(r=function(){if("undefined"==typeof Reflect\|\|!Reflect.construct)return!1;if(Reflect.construc
2024-05-24 15:39:07 UTC	1452	IN	Data Raw: 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 28 2f 5e 63 6c 61 73 73 5c 73 2f 2e 74 65 73 74 28 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 74 29 29 7c 7c 2f 5f 63 6c 61 73 73 43 61 6c 6c 43 68 65 63 6b 2f 67 69 6d 2e 74 65 73 74 28 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 74 29 29 29 7d 7d 2c 7b 6b 65 79 3a 22 69 73 46 75 6e 63 74 69 6f 6e 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 7d 7d 5d 2c 28 6e 3d 5b 7b 6b 65 79 3a 22 72 65 67 69 73 74 65 72 22 2c 76 61 6c Data Ascii: alue:function(t){return"function"==typeof t&&(/^class\s/.test(Function.prototype.toString.call(t))\|\|/_classCallCheck/gim.test(Function.prototype.toString.call(t)))}},{key:"isFunction",value:function(t){return"function"==typeof t}}],(n=[{key:"register",val
2024-05-24 15:39:07 UTC	1452	IN	Data Raw: 29 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 74 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 65 2e 63 61 6c 6c 28 6e 75 6c 6c 2c 74 5b 6e 5d 2c 6e 2c 74 29 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 6f 20 69 6e 20 74 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 74 2c 6f 29 26 26 65 2e 63 61 6c 6c 28 6e 75 6c 6c 2c 74 5b 6f 5d 2c 6f 2c 74 29 7d 74 2e 65 78 70 6f 72 74 73 3d 7b 69 73 41 72 72 61 79 3a 69 2c 69 73 41 72 72 61 79 42 75 66 66 65 72 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 22 5b 6f 62 6a 65 63 74 20 41 72 72 61 79 42 75 66 66 65 72 5d 22 3d 3d 3d 6f 2e 63 61 6c 6c 28 74 29 7d 2c 69 73 42 75 66 66 65 72 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e Data Ascii: )for(var n=0,r=t.length;n<r;n++)e.call(null,t[n],n,t);else for(var o in t)Object.prototype.hasOwnProperty.call(t,o)&&e.call(null,t[o],o,t)}t.exports={isArray:i,isArrayBuffer:function(t){return"[object ArrayBuffer]"===o.call(t)},isBuffer:function(t){return
2024-05-24 15:39:07 UTC	1452	IN	Data Raw: 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 72 3c 6f 3b 72 2b 2b 29 66 28 61 72 67 75 6d 65 6e 74 73 5b 72 5d 2c 6e 29 3b 72 65 74 75 72 6e 20 65 7d 2c 65 78 74 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 72 65 74 75 72 6e 20 66 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 6f 29 7b 74 5b 6f 5d 3d 6e 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 3f 72 28 65 2c 6e 29 3a 65 7d 29 2c 74 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 2e 72 65 70 6c 61 63 65 28 2f 5e 5c 73 2a 2f 2c 22 22 29 2e 72 65 70 6c 61 63 65 28 2f 5c 73 2a 24 2f 2c 22 22 29 7d 2c 73 74 72 69 70 42 4f 4d 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 36 35 32 37 39 3d 3d 3d 74 2e 63 68 61 72 43 6f 64 65 41 74 28 30 Data Ascii: ments.length;r<o;r++)f(arguments[r],n);return e},extend:function(t,e,n){return f(e,function(e,o){t[o]=n&&"function"==typeof e?r(e,n):e}),t},trim:function(t){return t.replace(/^\s/,"").replace(/\s$/,"")},stripBOM:function(t){return 65279===t.charCodeAt(0
2024-05-24 15:39:07 UTC	1452	IN	Data Raw: 20 42 6f 6f 6c 65 61 6e 5d 22 2c 48 3d 22 5b 6f 62 6a 65 63 74 20 44 61 74 65 5d 22 2c 56 3d 22 5b 6f 62 6a 65 63 74 20 44 4f 4d 45 78 63 65 70 74 69 6f 6e 5d 22 2c 4a 3d 22 5b 6f 62 6a 65 63 74 20 45 72 72 6f 72 5d 22 2c 5a 3d 22 5b 6f 62 6a 65 63 74 20 46 75 6e 63 74 69 6f 6e 5d 22 2c 47 3d 22 5b 6f 62 6a 65 63 74 20 47 65 6e 65 72 61 74 6f 72 46 75 6e 63 74 69 6f 6e 5d 22 2c 4b 3d 22 5b 6f 62 6a 65 63 74 20 4d 61 70 5d 22 2c 58 3d 22 5b 6f 62 6a 65 63 74 20 4e 75 6d 62 65 72 5d 22 2c 51 3d 22 5b 6f 62 6a 65 63 74 20 4e 75 6c 6c 5d 22 2c 74 74 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 2c 65 74 3d 22 5b 6f 62 6a 65 63 74 20 50 72 6f 78 79 5d 22 2c 6e 74 3d 22 5b 6f 62 6a 65 63 74 20 52 65 67 45 78 70 5d 22 2c 72 74 3d 22 5b 6f 62 6a 65 63 74 Data Ascii: Boolean]",H="[object Date]",V="[object DOMException]",J="[object Error]",Z="[object Function]",G="[object GeneratorFunction]",K="[object Map]",X="[object Number]",Q="[object Null]",tt="[object Object]",et="[object Proxy]",nt="[object RegExp]",rt="[object
2024-05-24 15:39:07 UTC	1452	IN	Data Raw: 5c 64 2a 29 24 2f 2c 47 74 3d 2f 5b 5c 78 63 30 2d 5c 78 64 36 5c 78 64 38 2d 5c 78 66 36 5c 78 66 38 2d 5c 78 66 66 5c 75 30 31 30 30 2d 5c 75 30 31 37 66 5d 2f 67 2c 4b 74 3d 2f 28 24 5e 29 2f 2c 58 74 3d 2f 5b 27 5c 6e 5c 72 5c 75 32 30 32 38 5c 75 32 30 32 39 5c 5c 5d 2f 67 2c 51 74 3d 22 5c 5c 75 30 33 30 30 2d 5c 5c 75 30 33 36 66 5c 5c 75 66 65 32 30 2d 5c 5c 75 66 65 32 66 5c 5c 75 32 30 64 30 2d 5c 5c 75 32 30 66 66 22 2c 74 65 3d 22 5c 5c 78 61 63 5c 5c 78 62 31 5c 5c 78 64 37 5c 5c 78 66 37 5c 5c 78 30 30 2d 5c 5c 78 32 66 5c 5c 78 33 61 2d 5c 5c 78 34 30 5c 5c 78 35 62 2d 5c 5c 78 36 30 5c 5c 78 37 62 2d 5c 5c 78 62 66 5c 5c 75 32 30 30 30 2d 5c 5c 75 32 30 36 66 20 5c 5c 74 5c 5c 78 30 62 5c 5c 66 5c 5c 78 61 30 5c 5c 75 66 65 66 66 5c 5c 6e Data Ascii: \d*)$/,Gt=/[\xc0-\xd6\xd8-\xf6\xf8-\xff\u0100-\u017f]/g,Kt=/($^)/,Xt=/['\n\r\u2028\u2029\\]/g,Qt="\\u0300-\\u036f\\ufe20-\\ufe2f\\u20d0-\\u20ff",te="\\xac\\xb1\\xd7\\xf7\\x00-\\x2f\\x3a-\\x40\\x5b-\\x60\\x7b-\\xbf\\u2000-\\u206f \\t\\x0b\\f\\xa0\\ufeff\\n
2024-05-24 15:39:07 UTC	1452	IN	Data Raw: 2c 22 67 22 29 2c 53 65 3d 52 65 67 45 78 70 28 22 5b 5c 5c 75 32 30 30 64 5c 5c 75 64 38 30 30 2d 5c 5c 75 64 66 66 66 22 2b 51 74 2b 22 5c 5c 75 66 65 30 65 5c 5c 75 66 65 30 66 5d 22 29 2c 4f 65 3d 2f 5b 61 2d 7a 5d 5b 41 2d 5a 5d 7c 5b 41 2d 5a 5d 7b 32 7d 5b 61 2d 7a 5d 7c 5b 30 2d 39 5d 5b 61 2d 7a 41 2d 5a 5d 7c 5b 61 2d 7a 41 2d 5a 5d 5b 30 2d 39 5d 7c 5b 5e 61 2d 7a 41 2d 5a 30 2d 39 20 5d 2f 2c 6a 65 3d 5b 22 41 72 72 61 79 22 2c 22 42 75 66 66 65 72 22 2c 22 44 61 74 61 56 69 65 77 22 2c 22 44 61 74 65 22 2c 22 45 72 72 6f 72 22 2c 22 46 6c 6f 61 74 33 32 41 72 72 61 79 22 2c 22 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2c 22 46 75 6e 63 74 69 6f 6e 22 2c 22 49 6e 74 38 41 72 72 61 79 22 2c 22 49 6e 74 31 36 41 72 72 61 79 22 2c 22 49 6e 74 33 32 Data Ascii: ,"g"),Se=RegExp("[\\u200d\\ud800-\\udfff"+Qt+"\\ufe0e\\ufe0f]"),Oe=/[a-z][A-Z]\|[A-Z]{2}[a-z]\|[0-9][a-zA-Z]\|[a-zA-Z][0-9]\|[^a-zA-Z0-9 ]/,je=["Array","Buffer","DataView","Date","Error","Float32Array","Float64Array","Function","Int8Array","Int16Array","Int32
2024-05-24 15:39:07 UTC	1452	IN	Data Raw: 74 2c 65 2c 6e 29 7b 73 77 69 74 63 68 28 6e 2e 6c 65 6e 67 74 68 29 7b 63 61 73 65 20 30 3a 72 65 74 75 72 6e 20 74 2e 63 61 6c 6c 28 65 29 3b 63 61 73 65 20 31 3a 72 65 74 75 72 6e 20 74 2e 63 61 6c 6c 28 65 2c 6e 5b 30 5d 29 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 20 74 2e 63 61 6c 6c 28 65 2c 6e 5b 30 5d 2c 6e 5b 31 5d 29 3b 63 61 73 65 20 33 3a 72 65 74 75 72 6e 20 74 2e 63 61 6c 6c 28 65 2c 6e 5b 30 5d 2c 6e 5b 31 5d 2c 6e 5b 32 5d 29 7d 72 65 74 75 72 6e 20 74 2e 61 70 70 6c 79 28 65 2c 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 56 65 28 74 2c 65 2c 6e 2c 72 29 7b 66 6f 72 28 76 61 72 20 6f 3d 2d 31 2c 69 3d 6e 75 6c 6c 3d 3d 74 3f 30 3a 74 2e 6c 65 6e 67 74 68 3b 2b 2b 6f 3c 69 3b 29 7b 76 61 72 20 75 3d 74 5b 6f 5d 3b 65 28 72 2c 75 2c 6e 28 75 29 2c Data Ascii: t,e,n){switch(n.length){case 0:return t.call(e);case 1:return t.call(e,n[0]);case 2:return t.call(e,n[0],n[1]);case 3:return t.call(e,n[0],n[1],n[2])}return t.apply(e,n)}function Ve(t,e,n,r){for(var o=-1,i=null==t?0:t.length;++o<i;){var u=t[o];e(r,u,n(u),

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	60611	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:06 UTC	586	OUT	GET /impact-write-cookie.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:07 UTC	444	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 1181 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:37 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:08 GMT ETag: "a8e762dbcffb7242bab8f909d36a77e8" X-Cache: RefreshHit from cloudfront Via: 1.1 0c3ff1188116f3c79635d58603a60208.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: C8LmGvsnMdeKr8w9Kqz8YQqUn2-VhGx1ceIGzGUn4BVGhEYG3c_ogg==
2024-05-24 15:39:07 UTC	1181	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 2f 2f 20 64 65 66 69 6e 65 20 74 68 65 20 70 61 72 61 6d 65 74 65 72 73 20 6f 66 20 49 6d 70 61 63 74 20 52 61 64 69 75 73 20 41 66 66 69 6c 69 61 74 65 0a 20 20 20 20 76 61 72 20 61 66 66 4b 65 79 41 72 72 61 72 79 20 3d 20 5b 27 63 61 6d 70 61 69 67 6e 5f 69 64 27 2c 20 27 6d 65 64 69 61 5f 70 61 72 74 6e 65 72 5f 69 64 27 2c 20 27 74 72 61 63 6b 65 72 5f 69 64 27 5d 3b 0a 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 65 74 50 61 72 61 6d 65 74 65 72 42 79 4e 61 6d 65 28 6e 61 6d 65 2c 20 75 72 6c 29 20 7b 0a 20 20 20 20 20 20 20 20 69 66 20 28 21 75 72 6c 29 20 75 72 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3b 0a 20 20 20 20 20 20 20 20 6e 61 6d 65 20 3d 20 6e 61 6d Data Ascii: (function () { // define the parameters of Impact Radius Affiliate var affKeyArrary = ['campaign_id', 'media_partner_id', 'tracker_id']; function getParameterByName(name, url) { if (!url) url = window.location.href; name = nam

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	60615	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:06 UTC	603	OUT	GET /webpack-runtime-c3e566b68af78f5a1881.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:07 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 14986 Connection: close Last-Modified: Tue, 16 Apr 2024 10:00:12 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:08 GMT ETag: "d9fe819e699b6566581e226eb9cfb2d7" X-Cache: RefreshHit from cloudfront Via: 1.1 8653e800fd3431dca2b495f1b3493626.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: zVtQwOP0kbymXZVSfa8nTEz6Jg3W4jET5a1tbgCvvQ3MCmFwjKftkw==
2024-05-24 15:39:07 UTC	12792	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 66 6f 72 28 76 61 72 20 73 2c 64 2c 70 3d 61 5b 30 5d 2c 72 3d 61 5b 31 5d 2c 66 3d 61 5b 32 5d 2c 74 3d 30 2c 69 3d 5b 5d 3b 74 3c 70 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 64 3d 70 5b 74 5d 2c 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 6f 2c 64 29 26 26 6f 5b 64 5d 26 26 69 2e 70 75 73 68 28 6f 5b 64 5d 5b 30 5d 29 2c 6f 5b 64 5d 3d 30 3b 66 6f 72 28 73 20 69 6e 20 72 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 72 2c 73 29 26 26 28 65 5b 73 5d 3d 72 5b 73 5d 29 3b 66 6f 72 28 62 26 26 62 28 61 29 3b 69 2e 6c 65 6e 67 74 68 3b 29 69 2e 73 68 Data Ascii: !function(e){function a(a){for(var s,d,p=a[0],r=a[1],f=a[2],t=0,i=[];t<p.length;t++)d=p[t],Object.prototype.hasOwnProperty.call(o,d)&&o[d]&&i.push(o[d][0]),o[d]=0;for(s in r)Object.prototype.hasOwnProperty.call(r,s)&&(e[s]=r[s]);for(b&&b(a);i.length;)i.sh
2024-05-24 15:39:07 UTC	2194	IN	Data Raw: 2c 35 31 3a 22 61 35 63 37 64 65 35 66 61 38 65 38 63 34 31 37 61 35 65 62 22 2c 35 32 3a 22 36 31 63 31 66 63 66 65 37 30 31 34 34 61 35 66 30 62 66 61 22 2c 35 33 3a 22 64 37 38 62 30 38 37 35 31 63 33 37 36 38 30 33 66 66 31 61 22 2c 35 34 3a 22 35 32 30 62 66 32 37 31 64 32 32 35 35 64 64 37 32 39 36 37 22 2c 35 35 3a 22 38 34 34 37 38 34 30 62 34 63 62 39 35 65 37 30 62 30 61 32 22 2c 35 36 3a 22 63 63 65 34 61 33 39 62 39 32 32 64 33 39 30 66 37 65 33 63 22 2c 35 37 3a 22 39 32 35 32 38 37 35 61 64 30 63 38 39 61 34 38 38 38 36 33 22 2c 35 38 3a 22 34 36 35 64 62 65 37 32 30 33 64 39 63 37 64 33 64 62 37 31 22 2c 35 39 3a 22 33 35 62 36 64 64 38 34 38 63 32 38 35 63 61 38 36 63 33 34 22 2c 36 30 3a 22 33 33 38 38 36 30 63 62 66 31 31 66 36 66 61 35 Data Ascii: ,51:"a5c7de5fa8e8c417a5eb",52:"61c1fcfe70144a5f0bfa",53:"d78b08751c376803ff1a",54:"520bf271d2255dd72967",55:"8447840b4cb95e70b0a2",56:"cce4a39b922d390f7e3c",57:"9252875ad0c89a488863",58:"465dbe7203d9c7d3db71",59:"35b6dd848c285ca86c34",60:"338860cbf11f6fa5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	60613	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:06 UTC	597	OUT	GET /framework-4cf5ecd37f9363b1291b.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:07 UTC	446	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 128878 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:36 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:08 GMT ETag: "0548f82976d9763eeb6d7c61bb9b9918" X-Cache: RefreshHit from cloudfront Via: 1.1 e33d8864a771b755e3623e8d7ade73ec.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: 2eiRoKYCMUu3Rr8iHdhT0rHAn1HMoWdzCs12XDLSsZK2SrJugeVmSQ==
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 66 72 61 6d 65 77 6f 72 6b 2d 34 63 66 35 65 63 64 33 37 66 39 33 36 33 62 31 32 39 31 62 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 38 30 5d 2c 7b 22 2b 77 64 63 22 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 2c 6c 2c 69 2c 61 2c 6f 3b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 4d 65 73 73 61 67 65 43 68 Data Ascii: /! For license information please see framework-4cf5ecd37f9363b1291b.js.LICENSE.txt /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[80],{"+wdc":function(e,t,n){"use strict";var r,l,i,a,o;if("undefined"==typeof window\|\|"function"!=typeof MessageCh
2024-05-24 15:39:07 UTC	1514	IN	Data Raw: 6e 74 65 72 70 6f 6c 61 74 69 6f 6e 2d 66 69 6c 74 65 72 73 20 63 6f 6c 6f 72 2d 70 72 6f 66 69 6c 65 20 63 6f 6c 6f 72 2d 72 65 6e 64 65 72 69 6e 67 20 64 6f 6d 69 6e 61 6e 74 2d 62 61 73 65 6c 69 6e 65 20 65 6e 61 62 6c 65 2d 62 61 63 6b 67 72 6f 75 6e 64 20 66 69 6c 6c 2d 6f 70 61 63 69 74 79 20 66 69 6c 6c 2d 72 75 6c 65 20 66 6c 6f 6f 64 2d 63 6f 6c 6f 72 20 66 6c 6f 6f 64 2d 6f 70 61 63 69 74 79 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 20 66 6f 6e 74 2d 73 69 7a 65 20 66 6f 6e 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 20 66 6f 6e 74 2d 73 74 72 65 74 63 68 20 66 6f 6e 74 2d 73 74 79 6c 65 20 66 6f 6e 74 2d 76 61 72 69 61 6e 74 20 66 6f 6e 74 2d 77 65 69 67 68 74 20 67 6c 79 70 68 2d 6e 61 6d 65 20 67 6c 79 70 68 2d 6f 72 69 65 6e 74 61 74 69 6f 6e 2d 68 6f Data Ascii: nterpolation-filters color-profile color-rendering dominant-baseline enable-background fill-opacity fill-rule flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-name glyph-orientation-ho
2024-05-24 15:39:07 UTC	6396	IN	Data Raw: 68 72 65 66 22 2c 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 2c 21 30 29 2c 5b 22 73 72 63 22 2c 22 68 72 65 66 22 2c 22 61 63 74 69 6f 6e 22 2c 22 66 6f 72 6d 41 63 74 69 6f 6e 22 5d 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 4b 5b 65 5d 3d 6e 65 77 20 48 28 65 2c 31 2c 21 31 2c 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 75 6c 6c 2c 21 30 29 7d 29 29 3b 76 61 72 20 58 3d 72 2e 5f 5f 53 45 43 52 45 54 5f 49 4e 54 45 52 4e 41 4c 53 5f 44 4f 5f 4e 4f 54 5f 55 53 45 5f 4f 52 5f 59 4f 55 5f 57 49 4c 4c 5f 42 45 5f 46 49 52 45 44 3b 66 75 6e 63 74 69 6f 6e 20 47 28 65 2c 74 2c 6e 2c 72 29 7b 76 61 72 20 6c 3d 4b 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 74 29 3f 4b 5b 74 5d 3a Data Ascii: href","http://www.w3.org/1999/xlink",!0),["src","href","action","formAction"].forEach((function(e){K[e]=new H(e,1,!1,e.toLowerCase(),null,!0)}));var X=r.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED;function G(e,t,n,r){var l=K.hasOwnProperty(t)?K[t]:
2024-05-24 15:39:07 UTC	12792	IN	Data Raw: 29 29 3b 6e 3d 6e 5b 30 5d 7d 74 3d 6e 7d 6e 75 6c 6c 3d 3d 74 26 26 28 74 3d 22 22 29 2c 6e 3d 74 7d 65 2e 5f 77 72 61 70 70 65 72 53 74 61 74 65 3d 7b 69 6e 69 74 69 61 6c 56 61 6c 75 65 3a 79 65 28 6e 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 52 65 28 65 2c 74 29 7b 76 61 72 20 6e 3d 79 65 28 74 2e 76 61 6c 75 65 29 2c 72 3d 79 65 28 74 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 29 3b 6e 75 6c 6c 21 3d 6e 26 26 28 28 6e 3d 22 22 2b 6e 29 21 3d 3d 65 2e 76 61 6c 75 65 26 26 28 65 2e 76 61 6c 75 65 3d 6e 29 2c 6e 75 6c 6c 3d 3d 74 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 26 26 65 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 21 3d 3d 6e 26 26 28 65 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 3d 6e 29 29 2c 6e 75 6c 6c 21 3d 72 26 26 28 65 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 Data Ascii: ));n=n[0]}t=n}null==t&&(t=""),n=t}e._wrapperState={initialValue:ye(n)}}function Re(e,t){var n=ye(t.value),r=ye(t.defaultValue);null!=n&&((n=""+n)!==e.value&&(e.value=n),null==t.defaultValue&&e.defaultValue!==n&&(e.defaultValue=n)),null!=r&&(e.defaultValue
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 21 30 2c 6c 69 6e 6b 3a 21 30 2c 6d 65 74 61 3a 21 30 2c 70 61 72 61 6d 3a 21 30 2c 73 6f 75 72 63 65 3a 21 30 2c 74 72 61 63 6b 3a 21 30 2c 77 62 72 3a 21 30 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 6c 6e 28 65 2c 74 29 7b 69 66 28 74 29 7b 69 66 28 72 6e 5b 65 5d 26 26 28 6e 75 6c 6c 21 3d 74 2e 63 68 69 6c 64 72 65 6e 7c 7c 6e 75 6c 6c 21 3d 74 2e 64 61 6e 67 65 72 6f 75 73 6c 79 53 65 74 49 6e 6e 65 72 48 54 4d 4c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 61 28 31 33 37 2c 65 2c 22 22 29 29 3b 69 66 28 6e 75 6c 6c 21 3d 74 2e 64 61 6e 67 65 72 6f 75 73 6c 79 53 65 74 49 6e 6e 65 72 48 54 4d 4c 29 7b 69 66 28 6e 75 6c 6c 21 3d 74 2e 63 68 69 6c 64 72 65 6e 29 74 68 72 6f 77 20 45 72 72 6f 72 28 61 28 36 30 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 74 Data Ascii: !0,link:!0,meta:!0,param:!0,source:!0,track:!0,wbr:!0});function ln(e,t){if(t){if(rn[e]&&(null!=t.children\|\|null!=t.dangerouslySetInnerHTML))throw Error(a(137,e,""));if(null!=t.dangerouslySetInnerHTML){if(null!=t.children)throw Error(a(60));if("object"!=t
2024-05-24 15:39:07 UTC	2804	IN	Data Raw: 2e 6b 65 79 43 6f 64 65 3a 30 7d 7d 29 2c 74 6c 3d 49 72 2e 65 78 74 65 6e 64 28 7b 64 61 74 61 54 72 61 6e 73 66 65 72 3a 6e 75 6c 6c 7d 29 2c 6e 6c 3d 53 72 2e 65 78 74 65 6e 64 28 7b 74 6f 75 63 68 65 73 3a 6e 75 6c 6c 2c 74 61 72 67 65 74 54 6f 75 63 68 65 73 3a 6e 75 6c 6c 2c 63 68 61 6e 67 65 64 54 6f 75 63 68 65 73 3a 6e 75 6c 6c 2c 61 6c 74 4b 65 79 3a 6e 75 6c 6c 2c 6d 65 74 61 4b 65 79 3a 6e 75 6c 6c 2c 63 74 72 6c 4b 65 79 3a 6e 75 6c 6c 2c 73 68 69 66 74 4b 65 79 3a 6e 75 6c 6c 2c 67 65 74 4d 6f 64 69 66 69 65 72 53 74 61 74 65 3a 50 72 7d 29 2c 72 6c 3d 24 6e 2e 65 78 74 65 6e 64 28 7b 70 72 6f 70 65 72 74 79 4e 61 6d 65 3a 6e 75 6c 6c 2c 65 6c 61 70 73 65 64 54 69 6d 65 3a 6e 75 6c 6c 2c 70 73 65 75 64 6f 45 6c 65 6d 65 6e 74 3a 6e 75 6c 6c Data Ascii: .keyCode:0}}),tl=Ir.extend({dataTransfer:null}),nl=Sr.extend({touches:null,targetTouches:null,changedTouches:null,altKey:null,metaKey:null,ctrlKey:null,shiftKey:null,getModifierState:Pr}),rl=$n.extend({propertyName:null,elapsedTime:null,pseudoElement:null
2024-05-24 15:39:07 UTC	12792	IN	Data Raw: 61 72 20 72 3d 65 2e 73 74 61 74 65 4e 6f 64 65 3b 69 66 28 21 72 29 74 68 72 6f 77 20 45 72 72 6f 72 28 61 28 31 36 39 29 29 3b 6e 3f 28 65 3d 79 6c 28 65 2c 74 2c 70 6c 29 2c 72 2e 5f 5f 72 65 61 63 74 49 6e 74 65 72 6e 61 6c 4d 65 6d 6f 69 7a 65 64 4d 65 72 67 65 64 43 68 69 6c 64 43 6f 6e 74 65 78 74 3d 65 2c 75 6c 28 64 6c 29 2c 75 6c 28 66 6c 29 2c 63 6c 28 66 6c 2c 65 29 29 3a 75 6c 28 64 6c 29 2c 63 6c 28 64 6c 2c 6e 29 7d 76 61 72 20 6b 6c 3d 69 2e 75 6e 73 74 61 62 6c 65 5f 72 75 6e 57 69 74 68 50 72 69 6f 72 69 74 79 2c 78 6c 3d 69 2e 75 6e 73 74 61 62 6c 65 5f 73 63 68 65 64 75 6c 65 43 61 6c 6c 62 61 63 6b 2c 54 6c 3d 69 2e 75 6e 73 74 61 62 6c 65 5f 63 61 6e 63 65 6c 43 61 6c 6c 62 61 63 6b 2c 45 6c 3d 69 2e 75 6e 73 74 61 62 6c 65 5f 72 65 Data Ascii: ar r=e.stateNode;if(!r)throw Error(a(169));n?(e=yl(e,t,pl),r.__reactInternalMemoizedMergedChildContext=e,ul(dl),ul(fl),cl(fl,e)):ul(dl),cl(dl,n)}var kl=i.unstable_runWithPriority,xl=i.unstable_scheduleCallback,Tl=i.unstable_cancelCallback,El=i.unstable_re
2024-05-24 15:39:07 UTC	6396	IN	Data Raw: 63 74 69 6f 6e 20 49 69 28 65 29 7b 7a 69 28 4e 69 2e 63 75 72 72 65 6e 74 29 3b 76 61 72 20 74 3d 7a 69 28 5f 69 2e 63 75 72 72 65 6e 74 29 2c 6e 3d 4c 65 28 74 2c 65 2e 74 79 70 65 29 3b 74 21 3d 3d 6e 26 26 28 63 6c 28 50 69 2c 65 29 2c 63 6c 28 5f 69 2c 6e 29 29 7d 66 75 6e 63 74 69 6f 6e 20 4d 69 28 65 29 7b 50 69 2e 63 75 72 72 65 6e 74 3d 3d 3d 65 26 26 28 75 6c 28 5f 69 29 2c 75 6c 28 50 69 29 29 7d 76 61 72 20 46 69 3d 7b 63 75 72 72 65 6e 74 3a 30 7d 3b 66 75 6e 63 74 69 6f 6e 20 44 69 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 65 3b 6e 75 6c 6c 21 3d 3d 74 3b 29 7b 69 66 28 31 33 3d 3d 3d 74 2e 74 61 67 29 7b 76 61 72 20 6e 3d 74 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 3b 69 66 28 6e 75 6c 6c 21 3d 3d 6e 26 26 28 6e 75 6c 6c 3d 3d 3d 28 6e 3d Data Ascii: ction Ii(e){zi(Ni.current);var t=zi(_i.current),n=Le(t,e.type);t!==n&&(cl(Pi,e),cl(_i,n))}function Mi(e){Pi.current===e&&(ul(_i),ul(Pi))}var Fi={current:0};function Di(e){for(var t=e;null!==t;){if(13===t.tag){var n=t.memoizedState;if(null!==n&&(null===(n=
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 6e 61 6c 6c 79 7b 55 69 2e 73 75 73 70 65 6e 73 65 3d 6e 7d 7d 29 2c 5b 65 2c 74 5d 29 2c 72 7d 2c 75 73 65 54 72 61 6e 73 69 74 69 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 5a 69 28 21 31 29 2c 6e 3d 74 5b 30 5d 3b 72 65 74 75 72 6e 20 74 3d 74 5b 31 5d 2c 5b 73 61 28 70 61 2e 62 69 6e 64 28 6e 75 6c 6c 2c 74 2c 65 29 2c 5b 74 2c 65 5d 29 2c 6e 5d 7d 7d 2c 67 61 3d 7b 72 65 61 64 43 6f 6e 74 65 78 74 3a 72 69 2c 75 73 65 43 61 6c 6c 62 61 63 6b 3a 66 61 2c 75 73 65 43 6f 6e 74 65 78 74 3a 72 69 2c 75 73 65 45 66 66 65 63 74 3a 69 61 2c 75 73 65 49 6d 70 65 72 61 74 69 76 65 48 61 6e 64 6c 65 3a 75 61 2c 75 73 65 4c 61 79 6f 75 74 45 66 66 65 63 74 3a 61 61 2c 75 73 65 4d 65 6d 6f 3a 64 61 2c 75 73 65 52 65 64 75 63 65 72 3a 47 69 2c Data Ascii: nally{Ui.suspense=n}}),[e,t]),r},useTransition:function(e){var t=Zi(!1),n=t[0];return t=t[1],[sa(pa.bind(null,t,e),[t,e]),n]}},ga={readContext:ri,useCallback:fa,useContext:ri,useEffect:ia,useImperativeHandle:ua,useLayoutEffect:aa,useMemo:da,useReducer:Gi,
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 3d 72 2e 74 61 69 6c 3f 28 30 3d 3d 3d 72 2e 74 61 69 6c 45 78 70 69 72 61 74 69 6f 6e 26 26 28 72 2e 74 61 69 6c 45 78 70 69 72 61 74 69 6f 6e 3d 55 6c 28 29 2b 35 30 30 29 2c 6e 3d 72 2e 74 61 69 6c 2c 72 2e 72 65 6e 64 65 72 69 6e 67 3d 6e 2c 72 2e 74 61 69 6c 3d 6e 2e 73 69 62 6c 69 6e 67 2c 72 2e 6c 61 73 74 45 66 66 65 63 74 3d 74 2e 6c 61 73 74 45 66 66 65 63 74 2c 72 2e 72 65 6e 64 65 72 69 6e 67 53 74 61 72 74 54 69 6d 65 3d 55 6c 28 29 2c 6e 2e 73 69 62 6c 69 6e 67 3d 6e 75 6c 6c 2c 74 3d 46 69 2e 63 75 72 72 65 6e 74 2c 63 6c 28 46 69 2c 69 3f 31 26 74 7c 32 3a 31 26 74 29 2c 6e 29 3a 6e 75 6c 6c 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 61 28 31 35 36 2c 74 2e 74 61 67 29 29 7d 66 75 6e 63 74 69 6f 6e 20 Data Ascii: }return null!==r.tail?(0===r.tailExpiration&&(r.tailExpiration=Ul()+500),n=r.tail,r.rendering=n,r.tail=n.sibling,r.lastEffect=t.lastEffect,r.renderingStartTime=Ul(),n.sibling=null,t=Fi.current,cl(Fi,i?1&t\|2:1&t),n):null}throw Error(a(156,t.tag))}function

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	60610	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:06 UTC	591	OUT	GET /app-ec6a9b7fc501dcfa2bce.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:07 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 60712 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:26 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:08 GMT ETag: "d39686e29b02a3cf092e8c3c606fb714" X-Cache: RefreshHit from cloudfront Via: 1.1 36ebde0b08ea3144d51a5c4ebe210c20.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: 4ycafQiq9YipCYC6Oh8OOkWzOACGvcc2Hw8m1sC6MBWL5Q0MnZE6WQ==
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 61 70 70 2d 65 63 36 61 39 62 37 66 63 35 30 31 64 63 66 61 32 62 63 65 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 32 31 5d 2c 7b 22 2b 5a 44 72 22 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 6e 28 22 35 4e 4b 73 22 29 3b 74 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3d 21 30 2c 74 2e 77 69 74 68 50 72 65 66 69 78 3d 68 2c 74 2e 77 69 74 68 41 73 73 65 74 50 72 65 66 69 78 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 Data Ascii: /! For license information please see app-ec6a9b7fc501dcfa2bce.js.LICENSE.txt /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[21],{"+ZDr":function(e,t,n){"use strict";var r=n("5NKs");t.__esModule=!0,t.withPrefix=h,t.withAssetPrefix=function(e){re
2024-05-24 15:39:07 UTC	15571	IN	Data Raw: 20 75 70 64 61 74 65 64 20 2d 20 72 65 6c 6f 61 64 69 6e 67 22 29 2c 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 29 29 3a 28 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 43 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 77 20 61 76 61 69 6c 61 62 6c 65 20 6f 66 66 6c 69 6e 65 21 22 29 2c 4f 62 6a 65 63 74 28 72 2e 61 70 69 52 75 6e 6e 65 72 29 28 22 6f 6e 53 65 72 76 69 63 65 57 6f 72 6b 65 72 49 6e 73 74 61 6c 6c 65 64 22 2c 7b 73 65 72 76 69 63 65 57 6f 72 6b 65 72 3a 65 7d 29 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 72 65 64 75 6e 64 61 6e 74 22 3a 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 22 54 68 65 20 69 6e 73 74 61 6c 6c 69 6e 67 20 73 65 72 76 69 63 65 20 77 6f 72 6b 65 72 20 62 65 63 61 6d 65 20 72 65 64 75 6e 64 61 6e 74 2e 22 29 2c 4f Data Ascii: updated - reloading"),window.location.reload())):(console.log("Content is now available offline!"),Object(r.apiRunner)("onServiceWorkerInstalled",{serviceWorker:e}));break;case"redundant":console.error("The installing service worker became redundant."),O
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4f 28 65 2c 7b 72 65 70 6c 61 63 65 3a 21 31 7d 29 7d 2c 77 69 6e 64 6f 77 2e 5f 5f 5f 72 65 70 6c 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4f 28 65 2c 7b 72 65 70 6c 61 63 65 3a 21 30 7d 29 7d 2c 77 69 6e 64 6f 77 2e 5f 5f 5f 6e 61 76 69 67 61 74 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 4f 28 65 2c 74 29 7d 2c 6a 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 29 2c 4f 62 6a 65 63 74 28 6f 2e 61 70 69 52 75 6e 6e 65 72 41 73 79 6e 63 29 28 22 6f 6e 43 6c 69 65 6e 74 45 6e 74 72 79 22 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4f 62 6a 65 63 74 28 6f 2e 61 70 69 52 75 6e 6e 65 72 29 28 22 72 65 67 69 73 74 Data Ascii: unction(e){return O(e,{replace:!1})},window.___replace=function(e){return O(e,{replace:!0})},window.___navigate=function(e,t){return O(e,t)},j(window.location.pathname),Object(o.apiRunnerAsync)("onClientEntry").then((function(){Object(o.apiRunner)("regist
2024-05-24 15:39:07 UTC	12373	IN	Data Raw: 2e 64 28 74 2c 22 42 61 73 65 4c 6f 61 64 65 72 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 76 7d 29 29 2c 6e 2e 64 28 74 2c 22 50 72 6f 64 4c 6f 61 64 65 72 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 7d 29 29 2c 6e 2e 64 28 74 2c 22 73 65 74 4c 6f 61 64 65 72 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 79 7d 29 29 2c 6e 2e 64 28 74 2c 22 70 75 62 6c 69 63 4c 6f 61 64 65 72 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 7d 29 29 2c 6e 2e 64 28 74 2c 22 67 65 74 53 74 61 74 69 63 51 75 65 72 79 52 65 73 75 6c 74 73 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 50 7d 29 29 3b 76 61 72 20 72 3d 6e 28 22 39 48 72 78 22 29 2c 6f 3d 6e 28 22 74 38 5a 6a 22 29 2c 61 Data Ascii: .d(t,"BaseLoader",(function(){return v})),n.d(t,"ProdLoader",(function(){return b})),n.d(t,"setLoader",(function(){return y})),n.d(t,"publicLoader",(function(){return w})),n.d(t,"getStaticQueryResults",(function(){return P}));var r=n("9Hrx"),o=n("t8Zj"),a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	60612	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:06 UTC	594	OUT	GET /styles-e9d24b1846c7d6eb9685.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:07 UTC	437	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 117 Connection: close Date: Fri, 24 May 2024 15:39:08 GMT Last-Modified: Tue, 16 Apr 2024 10:00:12 GMT ETag: "f367d62f97c2d05f875986401342cb1f" Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 8929678ebb25525520ff2b11bf7ddd4a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: NA3fjZedqvEDWAaj8YKAnyNrVIsTzm-pxvS0jJQqXy2LDctDz9PJkg==
2024-05-24 15:39:07 UTC	117	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 31 5d 2c 5b 5d 5d 29 3b 0a 2f 2f 23 20 73 6f 75 72 63 65 4d 61 70 70 69 6e 67 55 52 4c 3d 73 74 79 6c 65 73 2d 65 39 64 32 34 62 31 38 34 36 63 37 64 36 65 62 39 36 38 35 2e 6a 73 2e 6d 61 70 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[1],[]]);//# sourceMappingURL=styles-e9d24b1846c7d6eb9685.js.map

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	60618	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:06 UTC	595	OUT	GET /commons-6d24d96f29bfebe3476c.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:07 UTC	446	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 226334 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:27 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:08 GMT ETag: "bfafe7614371a7f1a3ffccf2dab995c0" X-Cache: RefreshHit from cloudfront Via: 1.1 aab20351af296bb2764f6565b8a589f6.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: wg9g7gpvx5ngaBlZJYlnumEs1EwNBHKT-yqGcvot6D8F649bZWy3zg==
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 63 6f 6d 6d 6f 6e 73 2d 36 64 32 34 64 39 36 66 32 39 62 66 65 62 65 33 34 37 36 63 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 30 5d 2c 7b 22 2b 34 6d 35 22 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 2c 74 2e 69 73 42 72 6f 77 73 65 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 Data Ascii: /! For license information please see commons-6d24d96f29bfebe3476c.js.LICENSE.txt /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[0],{"+4m5":function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.isBrowser=function(){retu
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 5f 75 70 64 61 74 65 42 72 6f 77 73 65 72 56 61 6c 75 65 73 28 6e 29 2c 69 28 74 68 69 73 2e 63 6f 6f 6b 69 65 73 5b 65 5d 2c 74 29 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 41 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 7b 7d 29 2c 74 68 69 73 2e 5f 75 70 64 61 74 65 42 72 6f 77 73 65 72 56 61 6c 75 65 73 28 74 29 3b 76 61 72 20 6e 3d 7b 7d 3b 66 6f 72 28 76 61 72 20 72 20 69 6e 20 74 68 69 73 2e 63 6f 6f 6b 69 65 73 29 6e 5b 72 5d 3d 69 28 74 68 69 73 2e 63 6f 6f 6b 69 65 73 5b 72 5d 2c 65 29 3b 72 65 74 75 72 6e 20 6e 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 69 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 74 26 Data Ascii: _updateBrowserValues(n),i(this.cookies[e],t)},e.prototype.getAll=function(e,t){void 0===e&&(e={}),this._updateBrowserValues(t);var n={};for(var r in this.cookies)n[r]=i(this.cookies[r],e);return n},e.prototype.set=function(e,t,n){var i;"object"==typeof t&
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 61 74 65 45 6c 65 6d 65 6e 74 28 63 2e 61 2c 7b 69 64 3a 22 61 76 73 2d 66 72 65 65 2d 76 63 32 5f 68 65 61 64 65 72 22 2c 70 61 74 68 3a 22 2f 61 76 73 2d 66 72 65 65 2d 76 69 64 65 6f 2d 63 6f 6e 76 65 72 74 65 72 2e 61 73 70 78 22 2c 68 65 61 64 65 72 54 65 78 74 3a 22 41 56 53 20 56 69 64 65 6f 20 43 6f 6e 76 65 72 74 65 72 22 2c 64 65 73 63 72 69 70 74 69 6f 6e 54 65 78 74 3a 72 28 22 43 6f 6e 76 65 72 74 20 61 6c 6c 20 6b 65 79 20 76 69 64 65 6f 20 66 6f 72 6d 61 74 73 22 29 7d 29 2c 73 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 63 2e 61 2c 7b 69 64 3a 22 61 76 73 2d 66 72 65 65 2d 61 63 32 5f 68 65 61 64 65 72 22 2c 70 61 74 68 3a 22 2f 61 76 73 2d 66 72 65 65 2d 61 75 64 69 6f 2d 63 6f 6e 76 65 72 74 65 72 2e 61 73 70 78 22 2c 68 65 61 64 Data Ascii: ateElement(c.a,{id:"avs-free-vc2_header",path:"/avs-free-video-converter.aspx",headerText:"AVS Video Converter",descriptionText:r("Convert all key video formats")}),s.a.createElement(c.a,{id:"avs-free-ac2_header",path:"/avs-free-audio-converter.aspx",head
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 22 5d 29 2c 4d 65 3d 6c 2e 63 2e 64 69 76 2e 77 69 74 68 43 6f 6e 66 69 67 28 7b 64 69 73 70 6c 61 79 4e 61 6d 65 3a 22 6c 61 79 6f 75 74 5f 5f 42 61 6e 6e 65 72 50 61 64 64 69 6e 67 42 6f 78 22 2c 63 6f 6d 70 6f 6e 65 6e 74 49 64 3a 22 73 63 2d 39 6f 69 31 75 6c 2d 33 22 7d 29 28 5b 22 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 31 33 70 78 20 32 30 70 78 20 32 34 70 78 20 32 30 70 78 3b 22 5d 29 2c 68 65 3d 6c 2e 63 2e 64 69 76 2e 77 69 74 68 43 6f 6e 66 69 67 28 7b 64 69 73 70 6c 61 79 4e 61 6d 65 3a 22 6c 61 79 6f 75 74 5f 5f 42 61 6e 6e 65 72 57 72 61 70 70 65 72 43 6f 6e Data Ascii: ntent:center;"]),Me=l.c.div.withConfig({displayName:"layout__BannerPaddingBox",componentId:"sc-9oi1ul-3"})(["display:flex;flex-direction:column;align-items:center;padding:13px 20px 24px 20px;"]),he=l.c.div.withConfig({displayName:"layout__BannerWrapperCon
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 70 65 72 2c 72 3d 65 2e 63 68 69 6c 64 72 65 6e 3b 72 65 74 75 72 6e 20 74 3f 6e 28 72 29 3a 72 7d 2c 6a 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 74 26 26 6e 75 6c 6c 21 3d 3d 74 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 65 2e 70 72 6f 74 6f 74 79 70 65 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 74 26 26 74 2e 70 72 6f 74 6f 74 79 70 65 2c 7b 63 6f 6e 73 74 72 75 63 74 6f 72 3a 7b 76 61 6c 75 65 3a 65 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 Data Ascii: per,r=e.children;return t?n(r):r},j=function(e){!function(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Super expression must either be null or a function");e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,writable:!0,configura
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 6e 29 7b 76 61 72 20 72 3d 6e 28 22 71 48 77 73 22 29 2c 69 3d 6e 28 22 67 43 32 75 22 29 2c 6f 3d 6e 28 22 64 51 63 51 22 29 2c 61 3d 6e 28 22 6d 37 42 56 22 29 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 72 28 65 29 7c 7c 69 28 65 29 7c 7c 6f 28 65 29 7c 7c 61 28 29 7d 2c 65 2e 65 78 70 6f 72 74 73 2e 64 65 66 61 75 6c 74 3d 65 2e 65 78 70 6f 72 74 73 2c 65 2e 65 78 70 6f 72 74 73 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3d 21 30 7d 2c 52 70 34 37 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 22 61 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 7d 29 29 3b 76 61 72 20 72 3d 6e 28 22 71 31 74 49 22 29 2c 69 3d 6e 2e 6e 28 72 29 2c 6f 3d Data Ascii: n){var r=n("qHws"),i=n("gC2u"),o=n("dQcQ"),a=n("m7BV");e.exports=function(e){return r(e)\|\|i(e)\|\|o(e)\|\|a()},e.exports.default=e.exports,e.exports.__esModule=!0},Rp47:function(e,t,n){"use strict";n.d(t,"a",(function(){return o}));var r=n("q1tI"),i=n.n(r),o=
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 73 2e 6c 6f 67 67 65 72 5b 74 5d 28 65 29 29 7d 7d 2c 7b 6b 65 79 3a 22 63 72 65 61 74 65 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 74 68 69 73 2e 6c 6f 67 67 65 72 2c 70 28 29 28 7b 7d 2c 7b 70 72 65 66 69 78 3a 22 22 2e 63 6f 6e 63 61 74 28 74 68 69 73 2e 70 72 65 66 69 78 2c 22 3a 22 29 2e 63 6f 6e 63 61 74 28 74 2c 22 3a 22 29 7d 2c 74 68 69 73 2e 6f 70 74 69 6f 6e 73 29 29 7d 7d 5d 29 2c 65 7d 28 29 29 2c 76 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 67 28 29 28 74 68 69 73 2c 65 29 2c 74 68 69 73 2e 6f 62 73 65 72 76 65 72 73 3d 7b 7d 7d 72 65 74 75 72 6e 20 4d 28 29 28 65 2c 5b 7b 6b 65 79 3a 22 6f 6e 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 Data Ascii: s.logger[t](e))}},{key:"create",value:function(t){return new e(this.logger,p()({},{prefix:"".concat(this.prefix,":").concat(t,":")},this.options))}}]),e}()),v=function(){function e(){g()(this,e),this.observers={}}return M()(e,[{key:"on",value:function(e,t
2024-05-24 15:39:07 UTC	13994	IN	Data Raw: 6d 73 4f 66 4b 65 79 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 68 69 73 2c 72 3d 5b 5d 2c 69 3d 74 68 69 73 2e 67 65 74 52 75 6c 65 28 65 29 3b 72 65 74 75 72 6e 20 69 3f 28 69 2e 6e 75 6d 62 65 72 73 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 69 29 7b 76 61 72 20 6f 3d 6e 2e 67 65 74 53 75 66 66 69 78 28 65 2c 69 29 3b 72 2e 70 75 73 68 28 22 22 2e 63 6f 6e 63 61 74 28 74 29 2e 63 6f 6e 63 61 74 28 6f 29 29 7d 29 29 2c 72 29 3a 72 7d 7d 2c 7b 6b 65 79 3a 22 67 65 74 53 75 66 66 69 78 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 68 69 73 2c 72 3d 74 68 69 73 2e 67 65 74 52 75 6c 65 28 65 29 3b 69 66 28 72 29 7b 76 61 72 20 69 3d 72 2e 6e 6f 41 62 73 3f 72 Data Ascii: msOfKey",value:function(e,t){var n=this,r=[],i=this.getRule(e);return i?(i.numbers.forEach((function(i){var o=n.getSuffix(e,i);r.push("".concat(t).concat(o))})),r):r}},{key:"getSuffix",value:function(e,t){var n=this,r=this.getRule(e);if(r){var i=r.noAbs?r
2024-05-24 15:39:07 UTC	16384	IN	Data Raw: 74 6f 72 29 2e 74 72 61 6e 73 6c 61 74 65 2e 61 70 70 6c 79 28 65 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 2c 7b 6b 65 79 3a 22 65 78 69 73 74 73 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 72 61 6e 73 6c 61 74 6f 72 26 26 28 65 3d 74 68 69 73 2e 74 72 61 6e 73 6c 61 74 6f 72 29 2e 65 78 69 73 74 73 2e 61 70 70 6c 79 28 65 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 2c 7b 6b 65 79 3a 22 73 65 74 44 65 66 61 75 6c 74 4e 61 6d 65 73 70 61 63 65 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 64 65 66 61 75 6c 74 4e 53 3d 65 7d 7d 2c 7b 6b 65 79 3a 22 6c 6f 61 64 4e 61 6d 65 73 70 61 63 65 73 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 Data Ascii: tor).translate.apply(e,arguments)}},{key:"exists",value:function(){var e;return this.translator&&(e=this.translator).exists.apply(e,arguments)}},{key:"setDefaultNamespace",value:function(e){this.options.defaultNS=e}},{key:"loadNamespaces",value:function(e
2024-05-24 15:39:07 UTC	1518	IN	Data Raw: 69 66 28 31 31 30 21 3d 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 31 30 29 29 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 76 61 72 20 6f 3d 69 2e 73 70 6c 69 74 28 28 69 3d 22 22 2c 73 29 29 2c 61 3d 30 3b 66 6f 72 28 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 61 3c 74 3b 6e 3d 30 2c 2b 2b 61 29 7b 66 6f 72 28 76 61 72 20 75 3d 6f 5b 61 5d 2c 6c 3d 75 2e 73 70 6c 69 74 28 63 29 3b 75 3d 6c 5b 6e 5d 3b 29 7b 76 61 72 20 70 3d 75 2e 63 68 61 72 43 6f 64 65 41 74 28 30 29 3b 69 66 28 31 3d 3d 3d 6f 65 26 26 28 70 3e 36 34 26 26 70 3c 39 30 7c 7c 70 3e 39 36 26 26 70 3c 31 32 33 7c 7c 39 35 3d 3d 3d 70 7c 7c 70 3d 3d 3d 55 26 26 75 2e 63 68 61 72 43 6f 64 65 41 74 28 31 29 21 3d 3d 55 29 29 73 77 69 74 63 68 28 69 73 4e 61 4e 28 70 61 72 73 65 46 6c 6f 61 74 Data Ascii: if(110!==e.charCodeAt(10))break;default:var o=i.split((i="",s)),a=0;for(n=0,t=o.length;a<t;n=0,++a){for(var u=o[a],l=u.split(c);u=l[n];){var p=u.charCodeAt(0);if(1===oe&&(p>64&&p<90\|\|p>96&&p<123\|\|95===p\|\|p===U&&u.charCodeAt(1)!==U))switch(isNaN(parseFloat

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	60621	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:07 UTC	628	OUT	GET /fc36456533b5c3f455badd7fedf67d455632ae09-d47c18182f1ea88950d1.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:08 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 10942 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:35 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:09 GMT ETag: "84bf2331ea04fd98ca6c5e86e3326a89" X-Cache: RefreshHit from cloudfront Via: 1.1 36ebde0b08ea3144d51a5c4ebe210c20.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: EwXSy9Ih09JKQpLZvlw2EGFfWGSHTR1g-JEMzdgpPR-ffZSXC_xSKA==
2024-05-24 15:39:08 UTC	10942	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 32 5d 2c 7b 22 39 65 53 7a 22 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 61 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 61 28 22 35 4e 4b 73 22 29 3b 74 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3d 21 30 2c 74 2e 64 65 66 61 75 6c 74 3d 76 6f 69 64 20 30 3b 76 61 72 20 69 2c 6e 3d 72 28 61 28 22 76 30 36 58 22 29 29 2c 73 3d 72 28 61 28 22 58 45 45 4c 22 29 29 2c 64 3d 72 28 61 28 22 75 44 50 32 22 29 29 2c 6f 3d 72 28 61 28 22 6a 38 42 58 22 29 29 2c 6c 3d 72 28 61 28 22 71 31 74 49 22 29 29 2c 75 3d 72 28 61 28 22 31 37 78 39 22 29 29 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[2],{"9eSz":function(e,t,a){"use strict";var r=a("5NKs");t.__esModule=!0,t.default=void 0;var i,n=r(a("v06X")),s=r(a("XEEL")),d=r(a("uDP2")),o=r(a("j8BX")),l=r(a("q1tI")),u=r(a("17x9")),c=function(e){var

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	60623	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:08 UTC	628	OUT	GET /065285d60ba513d3bcbdfb63a33fa8101bb0b358-4821f749d7a07c3e7df2.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:08 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 29286 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:25 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:09 GMT ETag: "6ee3d27c6e4efa868bb46af148270f67" X-Cache: RefreshHit from cloudfront Via: 1.1 36ebde0b08ea3144d51a5c4ebe210c20.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: 3XiftxakAkVRcu-4ZuvIQVWH9zmOZVdXWBm26Gz9BcSdASDFR6FKRA==
2024-05-24 15:39:08 UTC	16384	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 33 5d 2c 7b 22 2f 50 5a 4c 22 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 2c 65 2e 64 65 66 61 75 6c 74 3d 7b 64 65 66 61 75 6c 74 45 61 73 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 3c 2e 35 3f 4d 61 74 68 2e 70 6f 77 28 32 2a 74 2c 32 29 2f 32 3a 31 2d 4d 61 74 68 2e 70 6f 77 28 32 2a 28 31 2d 74 29 2c 32 29 2f 32 7d 2c 6c 69 6e 65 61 72 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[3],{"/PZL":function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0}),e.default={defaultEasing:function(t){return t<.5?Math.pow(2t,2)/2:1-Math.pow(2(1-t),2)/2},linear:function(t){re
2024-05-24 15:39:08 UTC	12902	IN	Data Raw: 7d 3b 66 75 6e 63 74 69 6f 6e 20 68 28 74 2c 65 2c 6e 29 7b 76 61 72 20 6f 2c 72 2c 69 2c 61 2c 75 2c 73 2c 6c 3d 30 2c 63 3d 21 31 2c 68 3d 21 31 2c 6d 3d 21 30 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 74 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 45 78 70 65 63 74 65 64 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 66 75 6e 63 74 69 6f 6e 20 67 28 65 29 7b 76 61 72 20 6e 3d 6f 2c 69 3d 72 3b 72 65 74 75 72 6e 20 6f 3d 72 3d 76 6f 69 64 20 30 2c 6c 3d 65 2c 61 3d 74 2e 61 70 70 6c 79 28 69 2c 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 74 29 7b 72 65 74 75 72 6e 20 6c 3d 74 2c 75 3d 73 65 74 54 69 6d 65 6f 75 74 28 4f 2c 65 29 2c 63 3f 67 28 74 29 3a 61 7d 66 75 6e 63 74 69 6f 6e 20 77 28 74 29 7b 76 61 72 20 Data Ascii: };function h(t,e,n){var o,r,i,a,u,s,l=0,c=!1,h=!1,m=!0;if("function"!=typeof t)throw new TypeError("Expected a function");function g(e){var n=o,i=r;return o=r=void 0,l=e,a=t.apply(i,n)}function b(t){return l=t,u=setTimeout(O,e),c?g(t):a}function w(t){var

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	60622	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:08 UTC	628	OUT	GET /2065217a474d4a3fd54097f75f88115fcb365010-adda0b8e31f45949fb70.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:08 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 34244 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:25 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:09 GMT ETag: "68a0190568888eb159931bfbe76c740a" X-Cache: RefreshHit from cloudfront Via: 1.1 f64124e7852b3c2ecb7a2c8c2f2f678c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: O5RXjlyH5xnMu4DZvZpnGRDa5RN2FqpKvY8Ldo5FvWzruDeWk2aROw==
2024-05-24 15:39:08 UTC	16384	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 32 30 36 35 32 31 37 61 34 37 34 64 34 61 33 66 64 35 34 30 39 37 66 37 35 66 38 38 31 31 35 66 63 62 33 36 35 30 31 30 2d 61 64 64 61 30 62 38 65 33 31 66 34 35 39 34 39 66 62 37 30 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 35 5d 2c 7b 5a 62 4b 6d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 22 61 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 7d 29 29 2c 6e 2e 64 28 74 2c 22 62 22 2c 28 Data Ascii: /! For license information please see 2065217a474d4a3fd54097f75f88115fcb365010-adda0b8e31f45949fb70.js.LICENSE.txt /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[5],{ZbKm:function(e,t,n){"use strict";n.d(t,"a",(function(){return g})),n.d(t,"b",(
2024-05-24 15:39:08 UTC	16384	IN	Data Raw: 69 6c 64 3b 69 66 28 6e 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 73 63 72 6f 6c 6c 6d 61 67 69 63 2d 70 69 6e 2d 73 70 61 63 65 72 22 29 29 7b 76 61 72 20 72 3d 77 2e 73 70 61 63 65 72 2e 73 74 79 6c 65 2c 6f 3d 7b 7d 3b 5b 22 6d 61 72 67 69 6e 22 2c 22 6d 61 72 67 69 6e 4c 65 66 74 22 2c 22 6d 61 72 67 69 6e 52 69 67 68 74 22 2c 22 6d 61 72 67 69 6e 54 6f 70 22 2c 22 6d 61 72 67 69 6e 42 6f 74 74 6f 6d 22 5d 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6f 5b 65 5d 3d 72 5b 65 5d 7c 7c 22 22 7d 29 29 2c 73 2e 63 73 73 28 6e 2c 6f 29 7d 77 2e 73 70 61 63 65 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 6e 2c 77 2e 73 70 61 63 65 72 29 2c 77 2e 73 70 61 63 65 72 2e 70 61 72 65 6e 74 4e Data Ascii: ild;if(n.hasAttribute("data-scrollmagic-pin-spacer")){var r=w.spacer.style,o={};["margin","marginLeft","marginRight","marginTop","marginBottom"].forEach((function(e){o[e]=r[e]\|\|""})),s.css(n,o)}w.spacer.parentNode.insertBefore(n,w.spacer),w.spacer.parentN
2024-05-24 15:39:08 UTC	1476	IN	Data Raw: 7d 7d 2c 7b 6b 65 79 3a 22 63 6f 6d 70 6f 6e 65 6e 74 57 69 6c 6c 55 6e 6d 6f 75 6e 74 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 73 63 65 6e 65 2e 64 65 73 74 72 6f 79 28 29 7d 7d 2c 7b 6b 65 79 3a 22 73 65 74 43 6c 61 73 73 54 6f 67 67 6c 65 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6e 29 26 26 32 3d 3d 3d 6e 2e 6c 65 6e 67 74 68 3f 65 2e 73 65 74 43 6c 61 73 73 54 6f 67 67 6c 65 28 6e 5b 30 5d 2c 6e 5b 31 5d 29 3a 65 2e 73 65 74 43 6c 61 73 73 54 6f 67 67 6c 65 28 74 2c 6e 29 7d 7d 2c 7b 6b 65 79 3a 22 73 65 74 50 69 6e 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 Data Ascii: }},{key:"componentWillUnmount",value:function(){this.scene.destroy()}},{key:"setClassToggle",value:function(e,t,n){Array.isArray(n)&&2===n.length?e.setClassToggle(n[0],n[1]):e.setClassToggle(t,n)}},{key:"setPin",value:function(e,t,n,r){t=function(e){retur

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	60625	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:08 UTC	628	OUT	GET /33e6b7bb568ff42f71b848c5df167b4296d898c4-ac14a9bffec845baa13f.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:08 UTC	439	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 25828 Connection: close Date: Fri, 24 May 2024 15:39:09 GMT Last-Modified: Tue, 16 Apr 2024 09:58:25 GMT ETag: "774d4540e8024bb660ece029c5edd7d0" Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 7f1ff02ff9f33e872e2d07dd88a77f78.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: 6tcABGLCJg7NHlwklbpWYuVKsXVXGu-gj562HOhZi6BpF3AI0-w0tA==
2024-05-24 15:39:08 UTC	11725	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 31 36 5d 2c 7b 22 32 7a 42 75 22 3a 66 75 6e 63 74 69 6f 6e 28 4d 2c 44 29 7b 4d 2e 65 78 70 6f 72 74 73 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 34 4e 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 34 4e 69 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 67 32 49 44 67 32 49 6a 34 38 5a 47 56 6d 63 7a 34 38 63 33 52 35 62 47 55 2b 4c 6d 45 73 4c 6d 5a 37 5a 6d 6c Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[16],{"2zBu":function(M,D){M.exports="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI4NiIgaGVpZ2h0PSI4NiIgdmlld0JveD0iMCAwIDg2IDg2Ij48ZGVmcz48c3R5bGU+LmEsLmZ7Zml
2024-05-24 15:39:08 UTC	1432	IN	Data Raw: 2c 22 6e 6f 76 65 6d 62 72 65 22 2c 22 64 69 63 65 6d 62 72 65 22 5d 5b 54 5d 2b 22 20 22 2b 73 2c 65 3d 22 e4 be a1 e6 a0 bc e3 81 af 22 2b 73 2b 22 e5 b9 b4 22 2b 5b 22 31 e6 9c 88 22 2c 22 32 e6 9c 88 22 2c 22 33 e6 9c 88 22 2c 22 34 e6 9c 88 22 2c 22 35 e6 9c 88 22 2c 22 36 e6 9c 88 22 2c 22 37 e6 9c 88 22 2c 22 38 e6 9c 88 22 2c 22 39 e6 9c 88 22 2c 22 31 30 e6 9c 88 22 2c 22 31 31 e6 9c 88 22 2c 22 31 32 e6 9c 88 22 5d 5b 54 5d 2b 49 28 73 2c 54 29 2b 22 e6 97 a5 e3 81 be e3 81 a7 e3 81 ab e6 9c 89 e5 8a b9 e3 81 a7 e3 81 99 22 2c 67 3d 22 76 c3 a1 6c 69 64 61 20 68 61 73 74 61 20 65 6c 20 22 2b 49 28 73 2c 54 29 2b 22 20 64 65 20 22 2b 5b 22 65 6e 65 72 6f 22 2c 22 66 65 62 72 65 72 6f 22 2c 22 6d 61 72 7a 6f 22 2c 22 61 62 72 69 6c 22 2c 22 6d 61 Data Ascii: ,"novembre","dicembre"][T]+" "+s,e=""+s+""+["1","2","3","4","5","6","7","8","9","10","11","12"][T]+I(s,T)+"",g="vlida hasta el "+I(s,T)+" de "+["enero","febrero","marzo","abril","ma
2024-05-24 15:39:08 UTC	1432	IN	Data Raw: 22 e5 85 ab e6 9c 88 22 2c 22 e4 b9 9d e6 9c 88 22 2c 22 e5 8d 81 e6 9c 88 22 2c 22 e5 8d 81 e4 b8 80 e6 9c 88 22 2c 22 e5 8d 81 e4 ba 8c e6 9c 88 22 5d 5b 54 5d 2b 49 28 73 2c 54 29 2b 22 e6 97 a5 22 3b 44 2e 61 3d 66 75 6e 63 74 69 6f 6e 28 4d 29 7b 72 65 74 75 72 6e 20 6a 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 77 2e 61 2e 43 6f 6e 73 75 6d 65 72 2c 6e 75 6c 6c 2c 28 66 75 6e 63 74 69 6f 6e 28 44 29 7b 72 65 74 75 72 6e 20 6a 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 69 2e 61 2c 7b 63 6c 61 73 73 4e 61 6d 65 3a 22 6c 69 6d 69 74 65 64 2d 6f 66 66 65 72 2d 74 65 78 74 20 6c 61 73 74 22 7d 2c 22 65 6e 22 3d 3d 3d 44 2e 6c 6f 63 61 6c 65 3f 4d 2e 4d 54 65 78 74 3a 22 64 65 22 3d 3d 3d 44 2e 6c 6f 63 61 6c 65 3f 7a 3a 22 66 72 22 3d 3d Data Ascii: "","","","",""][T]+I(s,T)+"";D.a=function(M){return j.a.createElement(w.a.Consumer,null,(function(D){return j.a.createElement(i.a,{className:"limited-offer-text last"},"en"===D.locale?M.MText:"de"===D.locale?z:"fr"==
2024-05-24 15:39:08 UTC	11239	IN	Data Raw: 6a 41 31 4f 53 6b 69 50 6a 78 30 63 33 42 68 62 69 42 34 50 53 49 74 4d 54 4d 75 4e 6a 6b 35 49 69 42 35 50 53 49 77 49 6a 34 7a 4d 44 77 76 64 48 4e 77 59 57 34 2b 50 43 39 30 5a 58 68 30 50 6a 78 6e 49 48 52 79 59 57 35 7a 5a 6d 39 79 62 54 30 69 64 48 4a 68 62 6e 4e 73 59 58 52 6c 4b 44 59 75 4d 7a 55 34 49 44 55 75 4f 44 6b 30 4b 53 49 2b 50 48 42 68 64 47 67 67 59 32 78 68 63 33 4d 39 49 6d 55 69 49 47 51 39 49 6b 30 7a 4f 44 6b 75 4e 54 45 35 4c 44 59 31 4c 6a 45 78 4f 57 45 79 4c 6a 67 79 4f 53 77 79 4c 6a 67 79 4f 53 77 77 4c 44 45 73 4d 53 30 79 4c 6a 67 7a 4c 54 49 75 4f 44 4d 78 4c 44 49 75 4f 44 4d 73 4d 69 34 34 4d 79 77 77 4c 44 41 73 4d 53 77 79 4c 6a 67 7a 4c 44 49 75 4f 44 4d 78 49 69 42 30 63 6d 46 75 63 32 5a 76 63 6d 30 39 49 6e 52 79 Data Ascii: jA1OSkiPjx0c3BhbiB4PSItMTMuNjk5IiB5PSIwIj4zMDwvdHNwYW4+PC90ZXh0PjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKDYuMzU4IDUuODk0KSI+PHBhdGggY2xhc3M9ImUiIGQ9Ik0zODkuNTE5LDY1LjExOWEyLjgyOSwyLjgyOSwwLDEsMS0yLjgzLTIuODMxLDIuODMsMi44MywwLDAsMSwyLjgzLDIuODMxIiB0cmFuc2Zvcm09InRy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	60624	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:08 UTC	626	OUT	GET /component---src-pages-register-aspx-js-6f46d8866c51b1dcd83a.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:08 UTC	439	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 19749 Connection: close Date: Fri, 24 May 2024 15:39:09 GMT Last-Modified: Tue, 16 Apr 2024 09:58:29 GMT ETag: "ef6e0b3b7125bc98ad310eaa59816112" Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 643f3a19739b50ef1fffa170c9395e24.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: _UGGPIFhloxTFVenks4rWre8PyMSWfyFhmri2xMt_Y5R1XlkLBn-AA==
2024-05-24 15:39:08 UTC	5359	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 36 39 5d 2c 7b 65 54 32 50 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 61 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 2e 72 28 61 29 3b 76 61 72 20 6e 3d 74 28 22 39 48 72 78 22 29 2c 73 3d 74 28 22 71 31 74 49 22 29 2c 72 3d 74 2e 6e 28 73 29 2c 6f 3d 74 28 22 59 4a 72 47 22 29 2c 69 3d 74 28 22 35 56 79 30 22 29 2c 6c 3d 74 28 22 42 6c 37 4a 22 29 2c 63 3d 74 28 22 36 39 52 32 22 29 2c 70 3d 28 74 28 22 75 6a 72 71 22 29 2c 74 28 22 46 54 34 34 22 29 29 2c 6d 3d 74 28 22 4e 48 61 76 22 29 2c 64 3d 74 28 22 39 4f 4e 51 22 29 2c 68 3d 74 28 22 54 4a 70 6b 22 29 2c 66 3d 74 28 22 57 62 7a 7a 22 29 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[69],{eT2P:function(e,a,t){"use strict";t.r(a);var n=t("9Hrx"),s=t("q1tI"),r=t.n(s),o=t("YJrG"),i=t("5Vy0"),l=t("Bl7J"),c=t("69R2"),p=(t("ujrq"),t("FT44")),m=t("NHav"),d=t("9ONQ"),h=t("TJpk"),f=t("Wbzz")
2024-05-24 15:39:08 UTC	6046	IN	Data Raw: 65 3a 68 6f 76 65 72 20 7b 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 6f 70 61 63 69 74 79 3a 20 31 3b 5c 6e 20 20 20 20 20 20 20 20 20 20 7d 5c 6e 20 20 20 20 20 20 20 20 20 20 2e 4d 6f 64 61 6c 53 68 61 65 72 43 6c 6f 73 65 3a 62 65 66 6f 72 65 2c 20 2e 4d 6f 64 61 6c 53 68 61 65 72 43 6c 6f 73 65 3a 61 66 74 65 72 20 7b 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 31 35 70 78 3b 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 27 20 27 3b 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 32 30 70 78 3b 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 32 70 78 3b 5c 6e 20 20 20 20 20 20 20 20 Data Ascii: e:hover {\n opacity: 1;\n }\n .ModalShaerClose:before, .ModalShaerClose:after {\n position: absolute;\n left: 15px;\n content: ' ';\n height: 20px;\n width: 2px;\n
2024-05-24 15:39:08 UTC	1432	IN	Data Raw: 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 4e 61 6d 65 3a 22 75 6e 6c 69 6d 69 74 65 64 2d 62 6c 6f 63 6b 2d 63 6f 6e 74 65 6e 74 22 7d 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 69 2e 61 2c 7b 63 6c 61 73 73 4e 61 6d 65 3a 22 73 75 62 73 63 72 69 70 74 69 6f 6e 2d 74 69 6d 65 2d 74 65 78 74 22 2c 61 73 3a 22 68 33 22 7d 2c 74 68 69 73 2e 70 72 6f 70 73 2e 74 28 22 55 6e 6c 69 6d 69 74 65 64 5f 72 63 22 29 29 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 69 2e 61 2c 7b 63 6c 61 73 73 4e 61 6d 65 3a 22 61 63 63 65 73 73 2d 73 75 62 2d 74 65 78 74 22 7d 2c 74 68 69 73 2e 70 72 6f 70 73 2e 74 28 22 73 75 62 73 63 72 69 70 74 69 6f 6e 5f 72 63 22 29 29 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e Data Ascii: reateElement("div",{className:"unlimited-block-content"},r.a.createElement(i.a,{className:"subscription-time-text",as:"h3"},this.props.t("Unlimited_rc")),r.a.createElement(i.a,{className:"access-sub-text"},this.props.t("subscription_rc")),r.a.createElemen
2024-05-24 15:39:08 UTC	1432	IN	Data Raw: 6d 65 3a 22 66 69 72 73 74 2d 74 72 22 7d 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 4e 61 6d 65 3a 22 77 68 79 2d 63 68 6f 6f 73 65 2d 69 74 65 6d 22 7d 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6d 67 22 2c 7b 73 72 63 3a 45 2e 61 2c 63 6c 61 73 73 4e 61 6d 65 3a 22 69 63 6f 6e 22 2c 61 6c 74 3a 22 56 69 64 65 6f 20 49 63 6f 6e 22 7d 29 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 69 2e 61 2c 7b 63 6c 61 73 73 4e 61 6d 65 3a 22 74 65 78 74 22 7d 2c 74 68 69 73 2e 70 72 6f 70 73 2e 74 28 22 35 20 6d 75 6c 74 69 6d 65 64 69 61 20 70 72 6f 67 72 61 6d 73 20 69 6e 20 31 20 70 61 63 6b 61 67 65 22 29 29 29 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 Data Ascii: me:"first-tr"},r.a.createElement("div",{className:"why-choose-item"},r.a.createElement("img",{src:E.a,className:"icon",alt:"Video Icon"}),r.a.createElement(i.a,{className:"text"},this.props.t("5 multimedia programs in 1 package"))),r.a.createElement("div"
2024-05-24 15:39:08 UTC	5480	IN	Data Raw: 69 2e 61 2c 7b 63 6c 61 73 73 4e 61 6d 65 3a 22 74 65 78 74 22 7d 2c 74 68 69 73 2e 70 72 6f 70 73 2e 74 28 22 32 30 4d 20 68 61 70 70 79 20 75 73 65 72 73 20 77 6f 72 6c 64 77 69 64 65 73 22 29 29 29 29 29 29 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 2c 6e 75 6c 6c 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 4e 61 6d 65 3a 22 71 75 65 73 74 69 6f 6e 73 2d 77 72 61 70 70 65 72 22 7d 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 69 2e 61 2c 7b 61 73 3a 22 68 32 22 2c 63 6c 61 73 73 4e 61 6d 65 3a 22 63 6f 6d 6d 6f 6e 5f 5f 68 65 61 64 69 6e 67 22 7d 2c 74 68 69 73 2e 70 72 6f 70 73 2e 74 28 22 46 72 65 71 75 65 6e 74 6c 79 20 61 73 6b 65 64 20 71 75 65 73 74 69 6f 6e Data Ascii: i.a,{className:"text"},this.props.t("20M happy users worldwides")))))),r.a.createElement("div",null,r.a.createElement("div",{className:"questions-wrapper"},r.a.createElement(i.a,{as:"h2",className:"common__heading"},this.props.t("Frequently asked question

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	60627	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:08 UTC	631	OUT	GET /page-data/register.aspx/page-data.json HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.avs4you.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:09 UTC	434	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 214547 Connection: close Date: Fri, 24 May 2024 15:39:09 GMT Last-Modified: Tue, 16 Apr 2024 09:58:58 GMT ETag: "3ce4986d0fb14a75999b9651d5d58baa" Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 2e78e1b185135b5f6c2e98b348bcc8de.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: ncu5V6-zdbx5tRMalY5VZ8bT6DKKM_xIXbK3PbwIVb7Oz2_o9SfQRw==
2024-05-24 15:39:09 UTC	12888	IN	Data Raw: 7b 22 63 6f 6d 70 6f 6e 65 6e 74 43 68 75 6e 6b 4e 61 6d 65 22 3a 22 63 6f 6d 70 6f 6e 65 6e 74 2d 2d 2d 73 72 63 2d 70 61 67 65 73 2d 72 65 67 69 73 74 65 72 2d 61 73 70 78 2d 6a 73 22 2c 22 70 61 74 68 22 3a 22 2f 72 65 67 69 73 74 65 72 2e 61 73 70 78 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 70 61 67 65 43 6f 6e 74 65 78 74 22 3a 7b 22 61 76 61 69 6c 61 62 6c 65 4c 6f 63 61 6c 65 73 22 3a 5b 7b 22 76 61 6c 75 65 22 3a 22 65 6e 22 2c 22 74 65 78 74 22 3a 22 45 6e 67 6c 69 73 68 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 64 65 22 2c 22 74 65 78 74 22 3a 22 44 65 75 74 73 63 68 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 69 74 22 2c 22 74 65 78 74 22 3a 22 49 74 61 6c 69 61 6e 6f 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 66 72 22 2c 22 74 65 78 74 22 3a 22 46 72 61 6e Data Ascii: {"componentChunkName":"component---src-pages-register-aspx-js","path":"/register.aspx","result":{"pageContext":{"availableLocales":[{"value":"en","text":"English"},{"value":"de","text":"Deutsch"},{"value":"it","text":"Italiano"},{"value":"fr","text":"Fran
2024-05-24 15:39:09 UTC	1432	IN	Data Raw: 48 7a 20 6f 72 20 68 69 67 68 65 72 5c 22 2c 5c 6e 5c 74 5c 22 44 75 61 6c 20 63 6f 72 65 20 28 49 6e 74 65 6c 20 43 6f 72 65 20 69 33 20 73 65 72 69 65 73 20 6f 72 20 41 4d 44 20 65 71 75 69 76 61 6c 65 6e 74 29 5c 22 20 3a 20 5c 22 44 75 61 6c 20 63 6f 72 65 20 28 49 6e 74 65 6c 20 43 6f 72 65 20 69 33 20 73 65 72 69 65 73 20 6f 72 20 41 4d 44 20 65 71 75 69 76 61 6c 65 6e 74 29 5c 22 2c 5c 6e 5c 74 5c 22 57 69 6e 64 6f 77 73 20 31 30 2f 57 69 6e 64 6f 77 73 20 38 78 2f 57 69 6e 64 6f 77 73 20 37 20 63 6f 6d 70 61 74 69 62 6c 65 20 76 69 64 65 6f 20 63 61 72 64 5c 22 20 3a 20 5c 22 57 69 6e 64 6f 77 73 20 31 31 2f 57 69 6e 64 6f 77 73 20 31 30 2f 57 69 6e 64 6f 77 73 20 38 2e 78 2f 57 69 6e 64 6f 77 73 20 37 20 63 6f 6d 70 61 74 69 62 6c 65 20 76 69 64 Data Ascii: Hz or higher\",\n\t\"Dual core (Intel Core i3 series or AMD equivalent)\" : \"Dual core (Intel Core i3 series or AMD equivalent)\",\n\t\"Windows 10/Windows 8x/Windows 7 compatible video card\" : \"Windows 11/Windows 10/Windows 8.x/Windows 7 compatible vid
2024-05-24 15:39:09 UTC	8949	IN	Data Raw: 6f 20 65 64 69 74 69 6e 67 20 74 69 70 73 2c 20 20 77 69 6e 64 6f 77 73 20 6d 6f 76 69 65 20 6d 61 6b 65 72 2c 20 76 69 64 65 6f 20 65 64 69 74 6f 72 20 61 70 70 2c 20 65 64 69 74 20 76 69 64 65 6f 2c 20 65 64 69 74 20 76 69 64 65 6f 20 6f 6e 20 69 70 68 6f 6e 65 2c 20 63 75 74 20 76 69 64 65 6f 2c 20 64 6f 77 6e 6c 6f 61 64 20 65 64 69 74 20 76 69 64 65 6f 2c 20 76 69 64 65 6f 20 65 64 69 74 20 73 6f 66 74 77 61 72 65 2c 20 6d 70 34 20 65 64 69 74 6f 72 2c 20 6d 6f 76 69 65 20 6d 61 6b 65 72 20 73 6f 66 74 77 61 72 65 2c 20 63 72 65 61 74 65 20 76 69 64 65 6f 20 73 6c 69 64 65 73 68 6f 77 5c 22 2c 5c 6e 5c 74 5c 22 50 6f 77 65 72 66 75 6c 20 76 69 64 65 6f 20 65 64 69 74 69 6e 67 20 73 6f 66 74 77 61 72 65 20 66 6f 72 20 57 69 6e 64 6f 77 73 5c 22 20 3a Data Ascii: o editing tips, windows movie maker, video editor app, edit video, edit video on iphone, cut video, download edit video, video edit software, mp4 editor, movie maker software, create video slideshow\",\n\t\"Powerful video editing software for Windows\" :
2024-05-24 15:39:09 UTC	16384	IN	Data Raw: 74 73 20 79 6f 75 72 20 70 72 6f 6a 65 63 74 2e 20 54 68 65 20 64 65 66 61 75 6c 74 20 65 78 70 6f 72 74 69 6e 67 20 6f 70 74 69 6f 6e 20 69 73 20 31 32 38 30 70 20 6f 66 66 65 72 69 6e 67 20 74 68 65 20 62 65 73 74 20 71 75 61 6c 69 74 79 20 70 6f 73 73 69 62 6c 65 2e 5c 22 2c 5c 6e 5c 74 5c 22 48 6f 77 20 64 6f 20 49 20 65 64 69 74 20 61 20 59 6f 75 54 75 62 65 20 76 69 64 65 6f 5c 22 20 3a 20 5c 22 36 2e 20 48 6f 77 20 64 6f 20 49 20 65 64 69 74 20 61 20 59 6f 75 54 75 62 65 20 76 69 64 65 6f 3f 5c 22 2c 5c 6e 5c 74 5c 22 59 6f 75 20 6d 61 79 20 73 61 76 65 20 76 69 64 65 6f 20 69 6e 20 4d 50 34 20 66 6f 72 6d 61 74 20 66 72 6f 6d 20 61 20 59 6f 75 54 75 62 65 20 63 68 61 6e 6e 65 6c 20 77 69 74 68 20 66 72 65 65 20 64 6f 77 6e 6c 6f 61 64 69 6e 67 20 Data Ascii: ts your project. The default exporting option is 1280p offering the best quality possible.\",\n\t\"How do I edit a YouTube video\" : \"6. How do I edit a YouTube video?\",\n\t\"You may save video in MP4 format from a YouTube channel with free downloading
2024-05-24 15:39:09 UTC	4739	IN	Data Raw: 72 61 73 20 61 6e 64 20 44 56 20 63 61 6d 65 72 61 73 2e 5c 22 2c 5c 6e 5c 74 5c 22 43 68 6f 6f 73 65 20 74 68 65 20 64 65 73 69 72 65 64 20 66 6f 72 6d 61 74 20 6f 66 20 63 61 70 74 75 72 65 64 20 66 69 6c 65 20 28 46 4c 56 2c 20 57 4d 56 2c 20 41 56 49 29 2c 20 53 6f 75 6e 64 20 73 6f 75 72 63 65 2c 20 4d 6f 75 73 65 20 63 75 72 73 6f 72 20 65 66 66 65 63 74 73 5c 22 3a 20 5c 22 43 68 6f 6f 73 65 20 74 68 65 20 64 65 73 69 72 65 64 20 66 6f 72 6d 61 74 20 6f 66 20 63 61 70 74 75 72 65 64 20 66 69 6c 65 20 28 57 4d 56 2c 20 41 56 49 29 2c 20 53 6f 75 6e 64 20 73 6f 75 72 63 65 2c 20 4d 6f 75 73 65 20 63 75 72 73 6f 72 20 65 66 66 65 63 74 73 2e 5c 22 2c 5c 6e 5c 74 5c 22 55 73 65 20 53 63 72 65 65 6e 20 43 61 70 74 75 72 65 20 66 75 6e 63 74 69 6f 6e 20 Data Ascii: ras and DV cameras.\",\n\t\"Choose the desired format of captured file (FLV, WMV, AVI), Sound source, Mouse cursor effects\": \"Choose the desired format of captured file (WMV, AVI), Sound source, Mouse cursor effects.\",\n\t\"Use Screen Capture function
2024-05-24 15:39:09 UTC	5728	IN	Data Raw: 20 64 61 74 61 20 66 72 6f 6d 20 76 61 72 69 6f 75 73 20 69 6e 70 75 74 73 20 6c 69 6b 65 20 6d 69 63 72 6f 70 68 6f 6e 65 2c 20 76 69 6e 79 6c 20 72 65 63 6f 72 64 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 69 6e 70 75 74 20 6c 69 6e 65 73 20 6f 6e 20 61 20 73 6f 75 6e 64 20 63 61 72 64 5c 22 3a 20 5c 22 52 65 63 6f 72 64 20 61 75 64 69 6f 20 64 61 74 61 20 66 72 6f 6d 20 76 61 72 69 6f 75 73 20 69 6e 70 75 74 73 20 6c 69 6b 65 20 6d 69 63 72 6f 70 68 6f 6e 65 2c 20 76 69 6e 79 6c 20 72 65 63 6f 72 64 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 69 6e 70 75 74 20 6c 69 6e 65 73 20 6f 6e 20 61 20 73 6f 75 6e 64 20 63 61 72 64 2e 5c 22 2c 5c 6e 5c 74 5c 22 45 78 74 72 61 63 74 20 61 6e 64 20 65 64 69 74 20 61 75 64 69 6f 20 66 72 6f 6d 20 79 6f 75 72 20 76 69 64 65 Data Ascii: data from various inputs like microphone, vinyl records, and other input lines on a sound card\": \"Record audio data from various inputs like microphone, vinyl records, and other input lines on a sound card.\",\n\t\"Extract and edit audio from your vide
2024-05-24 15:39:09 UTC	11813	IN	Data Raw: 20 6d 6f 64 65 20 74 6f 20 63 6f 6e 76 65 72 74 20 6f 72 20 63 6f 6d 70 72 65 73 73 20 61 20 6c 61 72 67 65 20 6e 75 6d 62 65 72 20 6f 66 20 61 75 64 69 6f 20 66 69 6c 65 73 20 61 74 20 6f 6e 63 65 2e 5c 22 2c 5c 6e 5c 74 5c 22 43 72 65 61 74 65 20 79 6f 75 72 20 6f 77 6e 20 63 6f 6e 76 65 72 73 69 6f 6e 20 70 61 74 74 65 72 6e 73 2c 20 73 65 74 20 66 61 76 6f 72 69 74 65 20 70 72 65 73 65 74 73 20 61 6e 64 20 73 63 68 65 64 75 6c 65 20 61 6e 20 61 75 74 6f 6d 61 74 69 63 20 63 6f 6e 76 65 72 73 69 6f 6e 20 70 72 6f 63 65 73 73 20 75 73 69 6e 67 20 61 20 63 6f 6d 6d 61 6e 64 2d 6c 69 6e 65 20 6d 6f 64 65 5c 22 3a 20 5c 22 43 72 65 61 74 65 20 79 6f 75 72 20 6f 77 6e 20 63 6f 6e 76 65 72 73 69 6f 6e 20 70 61 74 74 65 72 6e 73 2c 20 73 65 74 20 66 61 76 6f Data Ascii: mode to convert or compress a large number of audio files at once.\",\n\t\"Create your own conversion patterns, set favorite presets and schedule an automatic conversion process using a command-line mode\": \"Create your own conversion patterns, set favo
2024-05-24 15:39:09 UTC	16384	IN	Data Raw: 6e 73 65 20 6b 65 79 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 61 63 74 69 76 61 74 65 20 74 68 65 20 73 6f 66 74 77 61 72 65 20 6f 6e 20 61 20 73 69 6e 67 6c 65 20 63 6f 6d 70 75 74 65 72 20 49 66 20 79 6f 75 20 77 61 6e 74 20 74 6f 20 75 73 65 20 74 68 65 20 73 6f 66 74 77 61 72 65 20 6f 6e 20 6d 75 6c 74 69 70 6c 65 20 63 6f 6d 70 75 74 65 72 73 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 62 75 79 20 74 68 65 20 61 70 70 72 6f 70 72 69 61 74 65 20 6e 75 6d 62 65 72 20 6f 66 20 73 75 62 73 63 72 69 70 74 69 6f 6e 73 5c 22 3a 20 5c 22 4f 6e 65 20 6c 69 63 65 6e 73 65 20 6b 65 79 20 63 61 6e 20 62 65 20 75 73 65 64 20 74 6f 20 61 63 74 69 76 61 74 65 20 74 68 65 20 73 6f 66 74 77 61 72 65 20 6f 6e 20 61 20 73 69 6e 67 6c 65 20 63 6f 6d 70 75 74 65 72 2e Data Ascii: nse key can be used to activate the software on a single computer If you want to use the software on multiple computers you need to buy the appropriate number of subscriptions\": \"One license key can be used to activate the software on a single computer.
2024-05-24 15:39:09 UTC	12792	IN	Data Raw: 6f 5c 22 20 3a 20 5c 22 55 70 6f 6e 20 72 65 71 75 65 73 74 20 74 6f 20 5c 22 2c 5c 6e 20 20 20 20 5c 22 77 65 20 63 61 6e 20 6d 61 6b 65 20 63 75 73 74 6f 6d 20 62 75 69 6c 64 73 20 66 6f 72 20 79 6f 75 20 49 6e 20 74 68 69 73 20 63 61 73 65 20 74 68 65 20 6c 69 6e 6b 20 66 72 6f 6d 20 73 6f 66 74 77 61 72 65 20 77 69 6c 6c 20 63 6f 6e 74 61 69 6e 20 79 6f 75 72 20 61 66 66 69 6c 69 61 74 65 20 49 44 20 48 6f 77 65 76 65 72 2c 20 77 65 20 64 6f 20 72 65 63 6f 6d 6d 65 6e 64 20 74 6f 20 75 73 65 20 63 6f 6f 6b 69 65 73 20 61 64 64 69 74 69 6f 6e 61 6c 6c 79 5c 22 20 3a 20 5c 22 77 65 20 63 61 6e 20 6d 61 6b 65 20 63 75 73 74 6f 6d 20 62 75 69 6c 64 73 20 66 6f 72 20 79 6f 75 20 49 6e 20 74 68 69 73 20 63 61 73 65 20 74 68 65 20 6c 69 6e 6b 20 66 72 6f 6d Data Ascii: o\" : \"Upon request to \",\n \"we can make custom builds for you In this case the link from software will contain your affiliate ID However, we do recommend to use cookies additionally\" : \"we can make custom builds for you In this case the link from
2024-05-24 15:39:09 UTC	1971	IN	Data Raw: 20 74 6f 20 4a 50 47 20 4a 50 45 47 5c 22 20 3a 20 5c 22 4f 70 65 6e 20 61 6e 64 20 63 6f 6e 76 65 72 74 20 6e 65 77 20 66 6f 72 6d 61 74 73 20 48 45 49 46 20 28 48 45 49 43 29 20 61 6e 64 20 57 65 62 50 20 74 6f 20 4a 50 47 20 2f 20 4a 50 45 47 2e 5c 22 2c 5c 6e 5c 74 5c 22 50 6c 61 79 20 77 69 74 68 20 62 72 61 6e 64 20 6e 65 77 20 66 69 6c 74 65 72 73 20 41 64 6f 72 61 62 6c 65 5c 22 20 3a 20 5c 22 50 6c 61 79 20 77 69 74 68 20 62 72 61 6e 64 20 6e 65 77 20 66 69 6c 74 65 72 73 20 41 64 6f 72 61 62 6c 65 2c 20 4f 72 61 6e 67 65 2d 42 6c 75 65 2c 20 52 65 64 2d 42 6c 75 65 2c 20 45 6d 65 72 61 6c 64 2c 20 4e 6f 69 72 2c 20 44 61 72 6b 2c 20 45 71 75 69 6c 69 62 72 69 75 6d 2c 20 4d 69 6c 64 2c 20 59 65 6c 6c 6f 77 2d 4d 61 67 65 6e 74 61 20 74 6f 20 61 Data Ascii: to JPG JPEG\" : \"Open and convert new formats HEIF (HEIC) and WebP to JPG / JPEG.\",\n\t\"Play with brand new filters Adorable\" : \"Play with brand new filters Adorable, Orange-Blue, Red-Blue, Emerald, Noir, Dark, Equilibrium, Mild, Yellow-Magenta to a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	60628	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:09 UTC	623	OUT	GET /page-data/sq/d/1818369706.json HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.avs4you.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:09 UTC	440	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 479761 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:59 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:10 GMT ETag: "7bca8d9c8bd4bf68771a9e9d8fdc84f3" X-Cache: RefreshHit from cloudfront Via: 1.1 88d6646ed14bd90fdf5ea3462649e074.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: PkKzWu8YXejws6X54SKW7iRFmm713kMX8N-H2qqgqAAKSGii8ixqTg==
2024-05-24 15:39:09 UTC	15944	IN	Data Raw: 7b 22 64 61 74 61 22 3a 7b 22 61 6c 6c 49 6d 61 67 65 53 68 61 72 70 22 3a 7b 22 65 64 67 65 73 22 3a 5b 7b 22 6e 6f 64 65 22 3a 7b 22 66 6c 75 69 64 22 3a 7b 22 61 73 70 65 63 74 52 61 74 69 6f 22 3a 31 2e 34 31 32 33 37 31 31 33 34 30 32 30 36 31 38 36 2c 22 73 72 63 22 3a 22 2f 73 74 61 74 69 63 2f 34 39 36 64 61 38 36 31 65 61 34 33 37 35 31 32 38 65 33 65 65 33 65 30 37 37 34 62 33 65 38 37 2f 35 61 38 39 31 2f 43 55 54 5f 33 64 2e 70 6e 67 22 2c 22 73 72 63 53 65 74 22 3a 22 2f 73 74 61 74 69 63 2f 34 39 36 64 61 38 36 31 65 61 34 33 37 35 31 32 38 65 33 65 65 33 65 30 37 37 34 62 33 65 38 37 2f 35 61 38 39 31 2f 43 55 54 5f 33 64 2e 70 6e 67 20 32 37 34 77 22 2c 22 73 69 7a 65 73 22 3a 22 28 6d 61 78 2d 77 69 64 74 68 3a 20 32 37 34 70 78 29 20 31 Data Ascii: {"data":{"allImageSharp":{"edges":[{"node":{"fluid":{"aspectRatio":1.4123711340206186,"src":"/static/496da861ea4375128e3ee3e0774b3e87/5a891/CUT_3d.png","srcSet":"/static/496da861ea4375128e3ee3e0774b3e87/5a891/CUT_3d.png 274w","sizes":"(max-width: 274px) 1
2024-05-24 15:39:09 UTC	46	IN	Data Raw: 6b 2e 70 6e 67 22 2c 22 73 72 63 53 65 74 22 3a 22 2f 73 74 61 74 69 63 2f 33 33 64 33 34 35 65 65 62 38 66 63 62 61 32 36 36 36 61 61 39 Data Ascii: k.png","srcSet":"/static/33d345eeb8fcba2666aa9
2024-05-24 15:39:09 UTC	16384	IN	Data Raw: 37 63 66 62 65 34 35 64 31 30 61 2f 32 30 30 65 35 2f 6c 69 6e 65 2d 77 68 79 2d 63 68 6f 6f 73 65 2d 62 6c 6f 63 6b 2e 70 6e 67 20 34 38 30 77 2c 5c 6e 2f 73 74 61 74 69 63 2f 33 33 64 33 34 35 65 65 62 38 66 63 62 61 32 36 36 36 61 61 39 37 63 66 62 65 34 35 64 31 30 61 2f 32 61 64 61 33 2f 6c 69 6e 65 2d 77 68 79 2d 63 68 6f 6f 73 65 2d 62 6c 6f 63 6b 2e 70 6e 67 20 39 36 30 77 2c 5c 6e 2f 73 74 61 74 69 63 2f 33 33 64 33 34 35 65 65 62 38 66 63 62 61 32 36 36 36 61 61 39 37 63 66 62 65 34 35 64 31 30 61 2f 39 33 61 61 62 2f 6c 69 6e 65 2d 77 68 79 2d 63 68 6f 6f 73 65 2d 62 6c 6f 63 6b 2e 70 6e 67 20 31 35 32 34 77 22 2c 22 73 69 7a 65 73 22 3a 22 28 6d 61 78 2d 77 69 64 74 68 3a 20 31 35 32 34 70 78 29 20 31 30 30 76 77 2c 20 31 35 32 34 70 78 22 2c Data Ascii: 7cfbe45d10a/200e5/line-why-choose-block.png 480w,\n/static/33d345eeb8fcba2666aa97cfbe45d10a/2ada3/line-why-choose-block.png 960w,\n/static/33d345eeb8fcba2666aa97cfbe45d10a/93aab/line-why-choose-block.png 1524w","sizes":"(max-width: 1524px) 100vw, 1524px",
2024-05-24 15:39:09 UTC	16384	IN	Data Raw: 70 20 34 38 30 77 2c 5c 6e 2f 73 74 61 74 69 63 2f 63 34 61 64 39 35 38 62 65 62 66 33 34 65 65 36 30 61 31 36 34 63 37 36 65 31 64 62 61 66 35 62 2f 37 65 30 32 61 2f 35 2e 77 65 62 70 20 35 39 32 77 22 2c 22 73 69 7a 65 73 22 3a 22 28 6d 61 78 2d 77 69 64 74 68 3a 20 35 39 32 70 78 29 20 31 30 30 76 77 2c 20 35 39 32 70 78 22 2c 22 6f 72 69 67 69 6e 61 6c 4e 61 6d 65 22 3a 22 35 2e 77 65 62 70 22 7d 7d 7d 2c 7b 22 6e 6f 64 65 22 3a 7b 22 66 6c 75 69 64 22 3a 7b 22 61 73 70 65 63 74 52 61 74 69 6f 22 3a 30 2e 37 33 33 39 31 38 31 32 38 36 35 34 39 37 30 37 2c 22 73 72 63 22 3a 22 2f 73 74 61 74 69 63 2f 36 37 35 62 31 31 32 61 62 33 35 62 65 39 61 38 30 64 65 34 62 62 36 64 31 39 30 36 61 35 32 36 2f 66 37 34 34 66 2f 64 65 2e 77 65 62 70 22 2c 22 73 72 Data Ascii: p 480w,\n/static/c4ad958bebf34ee60a164c76e1dbaf5b/7e02a/5.webp 592w","sizes":"(max-width: 592px) 100vw, 592px","originalName":"5.webp"}}},{"node":{"fluid":{"aspectRatio":0.7339181286549707,"src":"/static/675b112ab35be9a80de4bb6d1906a526/f744f/de.webp","sr
2024-05-24 15:39:09 UTC	6002	IN	Data Raw: 36 32 2f 72 65 6d 6f 76 65 5f 64 65 66 65 63 74 73 2e 77 65 62 70 20 34 38 30 77 2c 5c 6e 2f 73 74 61 74 69 63 2f 31 30 61 62 33 63 32 39 34 66 66 37 64 31 38 34 65 39 61 35 32 33 32 36 33 62 31 63 63 66 32 31 2f 38 39 33 66 61 2f 72 65 6d 6f 76 65 5f 64 65 66 65 63 74 73 2e 77 65 62 70 20 39 30 32 77 22 2c 22 73 69 7a 65 73 22 3a 22 28 6d 61 78 2d 77 69 64 74 68 3a 20 39 30 32 70 78 29 20 31 30 30 76 77 2c 20 39 30 32 70 78 22 2c 22 6f 72 69 67 69 6e 61 6c 4e 61 6d 65 22 3a 22 72 65 6d 6f 76 65 5f 64 65 66 65 63 74 73 2e 77 65 62 70 22 7d 7d 7d 2c 7b 22 6e 6f 64 65 22 3a 7b 22 66 6c 75 69 64 22 3a 7b 22 61 73 70 65 63 74 52 61 74 69 6f 22 3a 31 2e 32 35 39 35 31 35 35 37 30 39 33 34 32 35 36 2c 22 73 72 63 22 3a 22 2f 73 74 61 74 69 63 2f 32 64 35 63 37 Data Ascii: 62/remove_defects.webp 480w,\n/static/10ab3c294ff7d184e9a523263b1ccf21/893fa/remove_defects.webp 902w","sizes":"(max-width: 902px) 100vw, 902px","originalName":"remove_defects.webp"}}},{"node":{"fluid":{"aspectRatio":1.259515570934256,"src":"/static/2d5c7
2024-05-24 15:39:09 UTC	16384	IN	Data Raw: 7a 65 73 22 3a 22 28 6d 61 78 2d 77 69 64 74 68 3a 20 38 35 32 70 78 29 20 31 30 30 76 77 2c 20 38 35 32 70 78 22 2c 22 6f 72 69 67 69 6e 61 6c 4e 61 6d 65 22 3a 22 73 74 61 62 2e 77 65 62 70 22 7d 7d 7d 2c 7b 22 6e 6f 64 65 22 3a 7b 22 66 6c 75 69 64 22 3a 7b 22 61 73 70 65 63 74 52 61 74 69 6f 22 3a 32 2e 30 39 36 30 36 39 38 36 38 39 39 35 36 33 33 2c 22 73 72 63 22 3a 22 2f 73 74 61 74 69 63 2f 35 32 35 37 63 65 36 34 65 63 34 35 65 63 36 35 63 38 33 65 31 34 32 61 64 63 66 39 63 62 62 64 2f 39 38 64 65 65 2f 74 65 78 74 2e 77 65 62 70 22 2c 22 73 72 63 53 65 74 22 3a 22 2f 73 74 61 74 69 63 2f 35 32 35 37 63 65 36 34 65 63 34 35 65 63 36 35 63 38 33 65 31 34 32 61 64 63 66 39 63 62 62 64 2f 36 31 31 36 32 2f 74 65 78 74 2e 77 65 62 70 20 34 38 30 77 Data Ascii: zes":"(max-width: 852px) 100vw, 852px","originalName":"stab.webp"}}},{"node":{"fluid":{"aspectRatio":2.096069868995633,"src":"/static/5257ce64ec45ec65c83e142adcf9cbbd/98dee/text.webp","srcSet":"/static/5257ce64ec45ec65c83e142adcf9cbbd/61162/text.webp 480w
2024-05-24 15:39:09 UTC	2804	IN	Data Raw: 73 70 65 63 74 52 61 74 69 6f 22 3a 30 2e 39 37 39 35 39 31 38 33 36 37 33 34 36 39 33 39 2c 22 73 72 63 22 3a 22 2f 73 74 61 74 69 63 2f 66 62 39 34 38 35 38 30 32 36 36 64 61 39 31 65 37 66 34 33 34 39 37 30 30 37 63 32 63 62 33 61 2f 36 31 66 34 37 2f 6a 70 5f 76 69 64 65 6f 5f 63 6f 6e 76 65 72 74 65 72 5f 73 6c 69 64 65 72 31 2e 6a 70 67 22 2c 22 73 72 63 53 65 74 22 3a 22 2f 73 74 61 74 69 63 2f 66 62 39 34 38 35 38 30 32 36 36 64 61 39 31 65 37 66 34 33 34 39 37 30 30 37 63 32 63 62 33 61 2f 65 33 39 30 33 2f 6a 70 5f 76 69 64 65 6f 5f 63 6f 6e 76 65 72 74 65 72 5f 73 6c 69 64 65 72 31 2e 6a 70 67 20 34 38 30 77 2c 5c 6e 2f 73 74 61 74 69 63 2f 66 62 39 34 38 35 38 30 32 36 36 64 61 39 31 65 37 66 34 33 34 39 37 30 30 37 63 32 63 62 33 61 2f 36 31 Data Ascii: spectRatio":0.9795918367346939,"src":"/static/fb948580266da91e7f43497007c2cb3a/61f47/jp_video_converter_slider1.jpg","srcSet":"/static/fb948580266da91e7f43497007c2cb3a/e3903/jp_video_converter_slider1.jpg 480w,\n/static/fb948580266da91e7f43497007c2cb3a/61
2024-05-24 15:39:09 UTC	7034	IN	Data Raw: 76 69 64 65 6f 5f 63 6f 6e 76 65 72 74 65 72 5f 73 6c 69 64 65 72 32 2e 70 6e 67 22 2c 22 73 72 63 53 65 74 22 3a 22 2f 73 74 61 74 69 63 2f 38 36 39 37 38 37 34 38 34 64 38 33 30 36 39 31 65 63 37 38 32 64 62 31 63 65 37 33 36 32 30 32 2f 32 30 30 65 35 2f 6b 6f 5f 76 69 64 65 6f 5f 63 6f 6e 76 65 72 74 65 72 5f 73 6c 69 64 65 72 32 2e 70 6e 67 20 34 38 30 77 2c 5c 6e 2f 73 74 61 74 69 63 2f 38 36 39 37 38 37 34 38 34 64 38 33 30 36 39 31 65 63 37 38 32 64 62 31 63 65 37 33 36 32 30 32 2f 37 36 61 37 37 2f 6b 6f 5f 76 69 64 65 6f 5f 63 6f 6e 76 65 72 74 65 72 5f 73 6c 69 64 65 72 32 2e 70 6e 67 20 37 33 34 77 22 2c 22 73 69 7a 65 73 22 3a 22 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 33 34 70 78 29 20 31 30 30 76 77 2c 20 37 33 34 70 78 22 2c 22 6f 72 69 67 Data Ascii: video_converter_slider2.png","srcSet":"/static/869787484d830691ec782db1ce736202/200e5/ko_video_converter_slider2.png 480w,\n/static/869787484d830691ec782db1ce736202/76a77/ko_video_converter_slider2.png 734w","sizes":"(max-width: 734px) 100vw, 734px","orig
2024-05-24 15:39:09 UTC	12792	IN	Data Raw: 22 73 72 63 22 3a 22 2f 73 74 61 74 69 63 2f 34 31 34 31 61 65 65 30 34 32 31 34 38 61 31 39 65 39 34 30 34 38 33 30 35 38 63 65 31 38 66 36 2f 62 33 64 39 30 2f 70 6c 5f 61 75 64 69 6f 5f 65 64 69 74 6f 72 5f 73 6c 69 64 65 72 34 2e 70 6e 67 22 2c 22 73 72 63 53 65 74 22 3a 22 2f 73 74 61 74 69 63 2f 34 31 34 31 61 65 65 30 34 32 31 34 38 61 31 39 65 39 34 30 34 38 33 30 35 38 63 65 31 38 66 36 2f 32 30 30 65 35 2f 70 6c 5f 61 75 64 69 6f 5f 65 64 69 74 6f 72 5f 73 6c 69 64 65 72 34 2e 70 6e 67 20 34 38 30 77 2c 5c 6e 2f 73 74 61 74 69 63 2f 34 31 34 31 61 65 65 30 34 32 31 34 38 61 31 39 65 39 34 30 34 38 33 30 35 38 63 65 31 38 66 36 2f 32 61 64 61 33 2f 70 6c 5f 61 75 64 69 6f 5f 65 64 69 74 6f 72 5f 73 6c 69 64 65 72 34 2e 70 6e 67 20 39 36 30 77 2c Data Ascii: "src":"/static/4141aee042148a19e940483058ce18f6/b3d90/pl_audio_editor_slider4.png","srcSet":"/static/4141aee042148a19e940483058ce18f6/200e5/pl_audio_editor_slider4.png 480w,\n/static/4141aee042148a19e940483058ce18f6/2ada3/pl_audio_editor_slider4.png 960w,
2024-05-24 15:39:09 UTC	12792	IN	Data Raw: 65 73 22 3a 22 28 6d 61 78 2d 77 69 64 74 68 3a 20 31 39 32 30 70 78 29 20 31 30 30 76 77 2c 20 31 39 32 30 70 78 22 2c 22 6f 72 69 67 69 6e 61 6c 4e 61 6d 65 22 3a 22 66 6f 6e 5f 6d 6f 62 69 6c 65 2e 77 65 62 70 22 7d 7d 7d 2c 7b 22 6e 6f 64 65 22 3a 7b 22 66 6c 75 69 64 22 3a 7b 22 61 73 70 65 63 74 52 61 74 69 6f 22 3a 31 2e 37 35 31 38 32 34 38 31 37 35 31 38 32 34 38 33 2c 22 73 72 63 22 3a 22 2f 73 74 61 74 69 63 2f 63 34 61 66 61 65 65 32 62 65 32 62 33 36 35 64 63 66 65 30 37 31 34 64 65 65 61 64 30 62 66 63 2f 38 39 61 66 61 2f 74 72 61 6e 73 69 74 69 6f 6e 73 2e 77 65 62 70 22 2c 22 73 72 63 53 65 74 22 3a 22 2f 73 74 61 74 69 63 2f 63 34 61 66 61 65 65 32 62 65 32 62 33 36 35 64 63 66 65 30 37 31 34 64 65 65 61 64 30 62 66 63 2f 36 31 31 36 32 Data Ascii: es":"(max-width: 1920px) 100vw, 1920px","originalName":"fon_mobile.webp"}}},{"node":{"fluid":{"aspectRatio":1.7518248175182483,"src":"/static/c4afaee2be2b365dcfe0714deead0bfc/89afa/transitions.webp","srcSet":"/static/c4afaee2be2b365dcfe0714deead0bfc/61162

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	60629	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:09 UTC	616	OUT	GET /page-data/app-data.json HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.avs4you.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:09 UTC	436	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 50 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:44 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:10 GMT ETag: "b961a03fe5bb8eb7d3324058193aa444" X-Cache: RefreshHit from cloudfront Via: 1.1 3d8e500d44b557879a1086daf1dc3aaa.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: VEvUQV-4DB9AQ-h1LLR7Bx4erLIc5WeYima0T0mH2_fIEFd9hn-KuQ==
2024-05-24 15:39:09 UTC	50	IN	Data Raw: 7b 22 77 65 62 70 61 63 6b 43 6f 6d 70 69 6c 61 74 69 6f 6e 48 61 73 68 22 3a 22 31 37 62 36 61 35 32 30 36 37 36 31 32 35 62 66 65 36 61 32 22 7d 0a Data Ascii: {"webpackCompilationHash":"17b6a520676125bfe6a2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	60632	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:09 UTC	678	OUT	GET /static/korea-flag-79791aa1b82ec319446a28648f789d47.svg HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:09 UTC	436	IN	HTTP/1.1 200 OK Content-Type: image/svg+xml Content-Length: 12982 Connection: close Last-Modified: Tue, 16 Apr 2024 10:00:06 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:10 GMT ETag: "79791aa1b82ec319446a28648f789d47" X-Cache: RefreshHit from cloudfront Via: 1.1 d71de6704e7765ee132e950c1dd97728.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: _F_6jF7ovOnh2b8fLDyU1TQe52berhp-BlPel1odAD1aPFKKYY88Bg==
2024-05-24 15:39:09 UTC	12982	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 61 7b 66 69 6c 6c 3a 6e 6f 6e 65 3b 7d 2e 62 7b 66 69 6c 6c 3a 23 66 30 66 30 66 30 3b 7d 2e 63 7b 66 69 6c 6c 3a 23 66 66 32 34 31 66 3b 7d 2e 64 7b 66 69 6c 6c 3a 23 30 30 32 32 64 34 3b 7d 2e 65 7b 66 69 6c 6c 3a 23 65 36 65 36 65 36 3b 7d 2e 66 7b 63 6c 69 70 2d 70 61 74 68 3a 75 72 6c 28 23 61 29 3b 7d 2e 67 7b 66 69 6c 6c 3a 75 72 6c 28 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="16" height="16" viewBox="0 0 16 16"><defs><style>.a{fill:none;}.b{fill:#f0f0f0;}.c{fill:#ff241f;}.d{fill:#0022d4;}.e{fill:#e6e6e6;}.f{clip-path:url(#a);}.g{fill:url(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	60630	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:09 UTC	681	OUT	GET /static/portugal-flag-fbf130c4cf651d793ef080714eb235d7.svg HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:09 UTC	436	IN	HTTP/1.1 200 OK Content-Type: image/svg+xml Content-Length: 12555 Connection: close Last-Modified: Tue, 16 Apr 2024 10:00:09 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:10 GMT ETag: "fbf130c4cf651d793ef080714eb235d7" X-Cache: RefreshHit from cloudfront Via: 1.1 cc2247fba5ef27d286a255150dad2710.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: UwCGR8BOMiYqTR8EQeRYAsobnn6nAE0mk5uuwqSwOaU5eHJRRH6-3g==
2024-05-24 15:39:09 UTC	12555	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 0a 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 63 6c 69 70 2d 70 61 74 68 22 3e 0a 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 69 64 3d 22 45 6c 6c 69 70 73 65 5f 37 37 31 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 45 6c 6c 69 70 73 65 20 37 37 31 22 20 63 78 3d 22 38 22 20 63 79 3d 22 38 22 20 72 3d 22 38 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="16" height="16" viewBox="0 0 16 16"> <defs> <clipPath id="clip-path"> <circle id="Ellipse_771" data-name="Ellipse 771" cx="8" cy="8" r="8" transform="tra

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	60638	34.96.102.137	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:10 UTC	665	OUT	GET /j.php?a=279977&u=https%3A%2F%2Fwww.avs4you.com%2FRegister.aspx%3FType%3DInstall%26ProgID%3D72%26URL%3DRegister&f=1&r=0.39962393127720364 HTTP/1.1 Host: dev.visualwebsiteoptimizer.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:10 UTC	451	IN	HTTP/1.1 200 OK Date: Fri, 24 May 2024 15:39:09 GMT Content-Type: application/javascript; charset=UTF-8 Transfer-Encoding: chunked Access-Control-Allow-Origin: * Vary: Accept-Encoding Cache-Control: public Cache-Control: max-age=0 Cache-Control: no-cache Cache-Control: must-revalidate ETag: W/"1716557981" server: gnv2 Timing-Allow-Origin: * Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-24 15:39:10 UTC	939	IN	Data Raw: 34 0d 0a 74 72 79 7b 0d 0a 32 61 64 64 0d 0a 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 43 3d 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 63 6f 64 65 3b 69 66 28 61 43 29 7b 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6a 5f 65 3d 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6a 5f 65 7c 7c 30 3b 69 66 28 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6a 5f 65 3d 3d 31 29 7b 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6d 74 3d 22 64 75 70 43 6f 64 65 22 3b 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 73 65 74 74 69 6e 67 73 5f 74 69 6d 65 72 29 3b 69 66 28 77 69 6e 64 6f 77 2e 56 57 4f 26 26 77 69 6e 64 6f 77 2e 56 57 4f 2e 5f 26 26 77 69 6e 64 6f 77 2e 56 57 4f 2e 5f 2e 62 49 45 29 7b 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 63 6f 64 65 2e 66 69 6e 69 73 68 28 29 Data Ascii: 4try{2add;(function(){var aC=window._vwo_code;if(aC){window._vwo_j_e=window._vwo_j_e\|\|0;if(window._vwo_j_e==1){window._vwo_mt="dupCode";clearTimeout(window._vwo_settings_timer);if(window.VWO&&window.VWO._&&window.VWO._.bIE){window._vwo_code.finish()
2024-05-24 15:39:10 UTC	1390	IN	Data Raw: 72 65 76 69 65 77 22 29 3e 2d 31 29 7b 74 72 79 7b 20 69 66 20 28 77 69 6e 64 6f 77 2e 6e 61 6d 65 20 26 26 20 4a 53 4f 4e 2e 70 61 72 73 65 28 77 69 6e 64 6f 77 2e 6e 61 6d 65 29 29 20 7b 20 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6d 74 20 3d 20 77 69 6e 64 6f 77 2e 6e 61 6d 65 7d 20 65 6c 73 65 20 69 66 28 63 63 4d 6f 64 65 29 20 7b 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6d 74 20 3d 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 77 4c 2e 73 65 61 72 63 68 2e 6d 61 74 63 68 28 22 5f 76 77 6f 5f 6d 3d 28 5b 5e 26 5d 2a 29 22 29 5b 31 5d 29 3b 7d 20 7d 63 61 74 63 68 28 65 29 7b 69 66 28 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 74 6d 29 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6d 74 3d 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 74 6d 7d 7d 65 6c 73 65 20 69 66 28 77 Data Ascii: review")>-1){try{ if (window.name && JSON.parse(window.name)) { window._vwo_mt = window.name} else if(ccMode) {window._vwo_mt = decodeURIComponent(wL.search.match("_vwo_m=([^&]*)")[1]);} }catch(e){if(window._vwo_tm)window._vwo_mt=window._vwo_tm}}else if(w
2024-05-24 15:39:10 UTC	1385	IN	Data Raw: 4f 20 3d 20 77 69 6e 64 6f 77 2e 56 57 4f 20 7c 7c 20 5b 5d 3b 20 77 69 6e 64 6f 77 2e 56 57 4f 2e 70 75 73 68 28 5b 27 6d 6f 64 69 66 79 43 6c 69 63 6b 50 61 75 73 65 54 69 6d 65 27 2c 20 7b 20 74 69 6d 65 3a 20 30 20 7d 5d 29 3b 5f 76 77 6f 5f 63 6f 64 65 2e 73 54 3d 5f 76 77 6f 5f 63 6f 64 65 2e 66 69 6e 69 73 68 65 64 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 63 2c 61 2c 65 2c 64 2c 62 2c 7a 2c 67 29 7b 66 75 6e 63 74 69 6f 6e 20 66 28 61 2c 62 2c 64 29 7b 65 2e 63 6f 6f 6b 69 65 3d 61 2b 22 3d 22 2b 62 2b 22 3b 20 65 78 70 69 72 65 73 3d 22 2b 6e 65 77 20 44 61 74 65 28 38 36 34 65 35 2a 64 2b 20 2b 6e 65 77 20 44 61 74 65 29 2e 74 6f 47 4d 54 53 74 72 69 6e 67 28 29 2b 22 3b 20 64 6f 6d 61 69 6e 3d 22 2b 67 2b 22 3b 20 70 61 74 68 3d 2f 22 7d 2d 31 3d Data Ascii: O = window.VWO \|\| []; window.VWO.push(['modifyClickPauseTime', { time: 0 }]);_vwo_code.sT=_vwo_code.finished();(function(c,a,e,d,b,z,g){function f(a,b,d){e.cookie=a+"="+b+"; expires="+new Date(864e5*d+ +new Date).toGMTString()+"; domain="+g+"; path=/"}-1=
2024-05-24 15:39:10 UTC	1390	IN	Data Raw: 73 69 62 6c 65 62 6f 64 79 2e 2a 24 7c 5e 2e 2a 6d 61 6e 79 63 61 6d 2e 2a 24 7c 5e 2e 2a 6c 75 6d 69 6f 6e 33 64 2e 2a 24 7c 5e 2e 2a 61 76 73 34 79 6f 75 2e 2a 24 7c 5e 2e 2a 61 62 73 6f 6c 75 74 65 2e 2a 24 7c 5e 2e 2a 69 6f 62 69 74 2e 2a 24 7c 5e 2e 2a 73 65 63 75 72 65 5c 5c 2e 61 76 61 6e 67 61 74 65 5c 5c 2e 63 6f 6d 2e 2a 24 7c 5e 2e 2a 6d 6f 76 61 76 69 2e 2a 24 22 2c 22 6d 75 6c 74 69 70 6c 65 5f 64 6f 6d 61 69 6e 73 22 3a 30 2c 22 73 65 63 74 69 6f 6e 73 22 3a 7b 22 31 22 3a 7b 22 70 61 74 68 22 3a 22 22 2c 22 76 61 72 69 61 74 69 6f 6e 73 22 3a 7b 22 31 22 3a 22 22 7d 7d 7d 2c 22 73 74 61 74 75 73 22 3a 22 52 55 4e 4e 49 4e 47 22 2c 22 67 6c 6f 62 61 6c 43 6f 64 65 22 3a 5b 5d 2c 22 74 79 70 65 22 3a 22 41 4e 41 4c 59 5a 45 5f 48 45 41 54 4d Data Ascii: siblebody.$\|^.manycam.$\|^.lumion3d.$\|^.avs4you.$\|^.absolute.$\|^.iobit.$\|^.secure\\.avangate\\.com.$\|^.movavi.*$","multiple_domains":0,"sections":{"1":{"path":"","variations":{"1":""}}},"status":"RUNNING","globalCode":[],"type":"ANALYZE_HEATM
2024-05-24 15:39:10 UTC	1390	IN	Data Raw: 3a 7b 22 31 22 3a 31 7d 2c 22 70 63 5f 74 72 61 66 66 69 63 22 3a 31 30 30 2c 22 63 6f 6d 62 5f 6e 22 3a 7b 22 31 22 3a 22 77 65 62 73 69 74 65 22 7d 2c 22 69 73 53 70 61 52 65 76 65 72 74 46 65 61 74 75 72 65 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 69 62 65 22 3a 31 2c 22 73 65 67 6d 65 6e 74 5f 63 6f 64 65 22 3a 22 74 72 75 65 22 2c 22 76 65 72 73 69 6f 6e 22 3a 32 7d 3b 76 61 72 20 76 77 6f 43 6f 64 65 20 3d 20 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 63 6f 64 65 3b 20 69 66 28 76 77 6f 43 6f 64 65 2e 66 69 6c 74 65 72 43 6f 6e 66 69 67 20 26 26 20 76 77 6f 43 6f 64 65 2e 66 69 6c 74 65 72 43 6f 6e 66 69 67 2e 66 69 6c 74 65 72 54 69 6d 65 3d 3d 3d 27 62 61 6c 61 6e 63 65 64 27 29 7b 20 76 77 6f 43 6f 64 65 2e 72 65 6d 6f 76 65 4c 6f 61 64 65 72 41 Data Ascii: :{"1":1},"pc_traffic":100,"comb_n":{"1":"website"},"isSpaRevertFeatureEnabled":false,"ibe":1,"segment_code":"true","version":2};var vwoCode = window._vwo_code; if(vwoCode.filterConfig && vwoCode.filterConfig.filterTime==='balanced'){ vwoCode.removeLoaderA
2024-05-24 15:39:10 UTC	1390	IN	Data Raw: 63 65 2e 6e 6f 77 28 29 3b 76 61 72 20 72 65 73 75 6c 74 3d 77 61 69 74 46 6f 72 41 6e 61 6c 79 74 69 63 73 56 61 72 69 61 62 6c 65 73 28 29 3b 69 66 28 72 65 73 75 6c 74 7c 7c 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 2d 63 75 72 72 65 6e 74 54 69 6d 65 3e 3d 74 69 6d 65 6f 75 74 29 7b 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 28 5f 69 6e 74 65 72 76 61 6c 29 7d 7d 29 2c 70 6f 6c 6c 49 6e 74 65 72 76 61 6c 29 7d 7d 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 75 73 68 42 61 73 65 64 43 6f 6d 6d 6f 6e 57 72 61 70 70 65 72 3d 66 75 6e 63 74 69 6f 6e 28 61 72 67 75 6d 65 6e 74 29 7b 69 66 28 21 61 72 67 75 6d 65 6e 74 29 7b 61 72 67 75 6d 65 6e 74 3d 7b 69 6e 74 65 67 72 61 74 69 6f 6e 4e 61 6d 65 3a 22 22 2c 67 65 74 45 78 70 65 72 69 6d 65 6e 74 4c Data Ascii: ce.now();var result=waitForAnalyticsVariables();if(result\|\|performance.now()-currentTime>=timeout){clearInterval(_interval)}}),pollInterval)}}; var pushBasedCommonWrapper=function(argument){if(!argument){argument={integrationName:"",getExperimentL
2024-05-24 15:39:10 UTC	1390	IN	Data Raw: 64 29 21 3d 3d 2d 31 29 7b 76 61 72 20 70 6f 6c 6c 49 6e 74 65 72 76 61 6c 3d 31 30 30 3b 76 61 72 20 63 75 72 72 65 6e 74 54 69 6d 65 3d 30 3b 76 61 72 20 74 69 6d 65 6f 75 74 3d 36 65 34 3b 76 61 72 20 69 6e 74 65 72 76 61 6c 3d 73 65 74 49 6e 74 65 72 76 61 6c 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 75 72 72 65 6e 74 54 69 6d 65 3d 63 75 72 72 65 6e 74 54 69 6d 65 7c 7c 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 3b 76 61 72 20 74 6f 43 6c 65 61 72 49 6e 74 65 72 76 61 6c 3d 61 72 67 75 6d 65 6e 74 2e 70 75 73 68 44 61 74 61 28 65 78 70 49 64 2c 76 61 72 69 61 74 69 6f 6e 49 64 29 3b 69 66 28 64 65 62 75 67 26 26 74 6f 43 6c 65 61 72 49 6e 74 65 72 76 61 6c 29 7b 73 65 6e 64 44 65 62 75 67 4c 6f 67 73 28 65 78 70 49 64 2c 76 61 72 69 61 74 69 Data Ascii: d)!==-1){var pollInterval=100;var currentTime=0;var timeout=6e4;var interval=setInterval((function(){currentTime=currentTime\|\|performance.now();var toClearInterval=argument.pushData(expId,variationId);if(debug&&toClearInterval){sendDebugLogs(expId,variati
2024-05-24 15:39:10 UTC	1390	IN	Data Raw: 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 64 27 29 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 3b 7d 0a 76 61 72 20 5f 76 77 6f 5f 63 6f 6f 6b 69 65 44 6f 6d 61 69 6e 20 3d 20 27 61 76 73 34 79 6f 75 2e 63 6f 6d 27 2c 20 5f 76 77 6f 5f 75 75 69 64 20 3d 20 27 44 37 30 38 39 43 38 37 45 44 39 39 38 35 44 45 43 44 46 45 32 30 44 34 37 34 42 45 35 33 39 39 34 27 3b 77 69 6e 64 6f 77 2e 56 57 4f 3d 77 69 6e 64 6f 77 2e 56 57 4f 7c 7c 5b 5d 3b 56 57 4f 2e 5f 3d 56 57 4f 2e 5f 7c 7c 7b 7d 3b 76 61 72 20 5f 76 69 73 5f 6f 70 74 5f 66 69 6c 65 20 3d 5f 76 77 6f 5f 63 6f 64 65 2e 75 73 65 5f 65 78 69 73 74 69 6e 67 5f 6a 71 75 65 72 79 20 26 26 20 74 79 70 65 6f 66 20 5f 76 77 6f 5f 63 6f 64 65 2e 75 73 65 5f 65 78 69 73 74 69 6e 67 5f 6a 71 75 65 Data Ascii: tsByTagName('head')[0].appendChild(b);}var _vwo_cookieDomain = 'avs4you.com', _vwo_uuid = 'D7089C87ED9985DECDFE20D474BE53994';window.VWO=window.VWO\|\|[];VWO._=VWO._\|\|{};var _vis_opt_file =_vwo_code.use_existing_jquery && typeof _vwo_code.use_existing_jque
2024-05-24 15:39:10 UTC	651	IN	Data Raw: 69 6e 64 6f 77 2e 56 57 4f 2e 5f 3d 77 69 6e 64 6f 77 2e 56 57 4f 2e 5f 7c 7c 7b 7d 3b 56 57 4f 2e 5f 2e 61 63 3d 56 57 4f 2e 5f 2e 61 63 7c 7c 7b 7d 3b 3b 20 0a 77 69 6e 64 6f 77 2e 56 57 4f 20 3d 20 77 69 6e 64 6f 77 2e 56 57 4f 20 7c 7c 20 5b 5d 3b 0a 77 69 6e 64 6f 77 2e 56 57 4f 2e 64 61 74 61 20 3d 20 77 69 6e 64 6f 77 2e 56 57 4f 2e 64 61 74 61 20 7c 7c 20 7b 7d 3b 0a 56 57 4f 2e 64 61 74 61 2e 63 6f 6e 74 65 6e 74 3d 7b 22 66 6e 73 22 3a 7b 22 6c 69 73 74 22 3a 7b 22 61 72 67 73 22 3a 7b 22 31 22 3a 7b 7d 7d 2c 22 76 6e 22 3a 31 7d 7d 7d 3b 3b 77 69 6e 64 6f 77 2e 56 57 4f 20 3d 20 77 69 6e 64 6f 77 2e 56 57 4f 7c 7c 5b 5d 3b 77 69 6e 64 6f 77 2e 56 57 4f 2e 5f 3d 77 69 6e 64 6f 77 2e 56 57 4f 2e 5f 7c 7c 7b 7d 3b 56 57 4f 2e 5f 2e 61 63 3d 56 57 Data Ascii: indow.VWO._=window.VWO._\|\|{};VWO._.ac=VWO._.ac\|\|{};; window.VWO = window.VWO \|\| [];window.VWO.data = window.VWO.data \|\| {};VWO.data.content={"fns":{"list":{"args":{"1":{}},"vn":1}}};;window.VWO = window.VWO\|\|[];window.VWO._=window.VWO._\|\|{};VWO._.ac=VW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	60633	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:10 UTC	393	OUT	GET /static/korea-flag-79791aa1b82ec319446a28648f789d47.svg HTTP/1.1 Host: www.avs4you.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:10 UTC	437	IN	HTTP/1.1 200 OK Content-Type: image/svg+xml Content-Length: 12982 Connection: close Last-Modified: Tue, 16 Apr 2024 10:00:06 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:10 GMT ETag: "79791aa1b82ec319446a28648f789d47" X-Cache: Hit from cloudfront Via: 1.1 6b044dd2ae76c466251b3be8f6ece716.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: TEVM5wv3xYU-sY4phexMaQuLi9-OHpaWAbXJpaV_H4WU-aRN1lTmoA== Age: 1
2024-05-24 15:39:10 UTC	12982	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 61 7b 66 69 6c 6c 3a 6e 6f 6e 65 3b 7d 2e 62 7b 66 69 6c 6c 3a 23 66 30 66 30 66 30 3b 7d 2e 63 7b 66 69 6c 6c 3a 23 66 66 32 34 31 66 3b 7d 2e 64 7b 66 69 6c 6c 3a 23 30 30 32 32 64 34 3b 7d 2e 65 7b 66 69 6c 6c 3a 23 65 36 65 36 65 36 3b 7d 2e 66 7b 63 6c 69 70 2d 70 61 74 68 3a 75 72 6c 28 23 61 29 3b 7d 2e 67 7b 66 69 6c 6c 3a 75 72 6c 28 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="16" height="16" viewBox="0 0 16 16"><defs><style>.a{fill:none;}.b{fill:#f0f0f0;}.c{fill:#ff241f;}.d{fill:#0022d4;}.e{fill:#e6e6e6;}.f{clip-path:url(#a);}.g{fill:url(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	60637	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:10 UTC	396	OUT	GET /static/portugal-flag-fbf130c4cf651d793ef080714eb235d7.svg HTTP/1.1 Host: www.avs4you.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:10 UTC	437	IN	HTTP/1.1 200 OK Content-Type: image/svg+xml Content-Length: 12555 Connection: close Last-Modified: Tue, 16 Apr 2024 10:00:09 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:10 GMT ETag: "fbf130c4cf651d793ef080714eb235d7" X-Cache: Hit from cloudfront Via: 1.1 f64124e7852b3c2ecb7a2c8c2f2f678c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: gINgkVRfsE77VcB_dv-s_BBIOXK-7ycDeW3-Y3J0wH3S2rpTPX1UVw== Age: 1
2024-05-24 15:39:10 UTC	12555	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 0a 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 63 6c 69 70 2d 70 61 74 68 22 3e 0a 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 69 64 3d 22 45 6c 6c 69 70 73 65 5f 37 37 31 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 45 6c 6c 69 70 73 65 20 37 37 31 22 20 63 78 3d 22 38 22 20 63 79 3d 22 38 22 20 72 3d 22 38 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="16" height="16" viewBox="0 0 16 16"> <defs> <clipPath id="clip-path"> <circle id="Ellipse_771" data-name="Ellipse 771" cx="8" cy="8" r="8" transform="tra

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	60640	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:10 UTC	588	OUT	GET /impact-affiliates-run.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:11 UTC	438	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 1453 Connection: close Date: Fri, 24 May 2024 15:39:12 GMT Last-Modified: Tue, 16 Apr 2024 09:58:37 GMT ETag: "96d6c0fbb60d8f2310afccf2b326ea8f" Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 9d213bbde01ff71af70e3a8fd7017940.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: WP7JoEdwHxzQDmxM76S9Nl60VZIVlwWjETDjavt78kVf5PtQF1eEDQ==
2024-05-24 15:39:11 UTC	1453	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 0a 20 20 20 20 76 61 72 20 61 66 66 4b 65 79 41 72 72 61 72 79 20 3d 20 5b 27 63 61 6d 70 61 69 67 6e 5f 69 64 27 2c 20 27 6d 65 64 69 61 5f 70 61 72 74 6e 65 72 5f 69 64 27 2c 20 27 74 72 61 63 6b 65 72 5f 69 64 27 5d 3b 0a 20 20 20 20 76 61 72 20 61 66 66 50 61 72 61 6d 20 3d 20 27 27 3b 0a 0a 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 20 3d 20 30 3b 20 69 20 3c 20 61 66 66 4b 65 79 41 72 72 61 72 79 2e 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 61 66 66 4b 65 79 20 3d 20 61 66 66 4b 65 79 41 72 72 61 72 79 5b 69 5d 3b 0a 0a 20 20 20 20 20 20 20 20 69 66 20 28 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 2e 69 6e 64 65 78 4f 66 28 61 66 66 4b 65 79 20 2b 20 27 3d 27 29 20 Data Ascii: (function () { var affKeyArrary = ['campaign_id', 'media_partner_id', 'tracker_id']; var affParam = ''; for (var i = 0; i < affKeyArrary.length; i++) { var affKey = affKeyArrary[i]; if (document.cookie.indexOf(affKey + '=')

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	60639	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:11 UTC	698	OUT	GET /static/246926afbd284fb716642aa731f7a86a/77c99/register-available-carts.png HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:11 UTC	431	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 7087 Connection: close Last-Modified: Tue, 16 Apr 2024 09:59:15 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:12 GMT ETag: "560c83aca91592a5d2786012b4ca5d22" X-Cache: RefreshHit from cloudfront Via: 1.1 d5915fbf562d36d8917411262c8cd60a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: zchTTcFhCbpTOt5DYXEaHq9qfOklcwkm1VkrmuwVmw8q6KyCI3ln5g==
2024-05-24 15:39:11 UTC	7087	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d6 00 00 00 57 08 03 00 00 00 8e 5f 94 a1 00 00 03 00 50 4c 54 45 47 70 4c e3 e8 e8 db eb f9 ff c6 00 00 42 86 00 70 cf 00 6e cf 00 44 88 00 6e cf 00 46 83 1c 1c 71 ff ff ff 7e 98 c9 55 9e df 54 a0 e0 f8 bd 18 00 70 cf 00 44 88 3f 55 9f ff ff ff bc 26 8e bb bb bb 00 44 87 10 3c 7b 01 6f d0 0e 3f 7d 2b 43 94 1a 1f 71 ff 60 00 f7 b6 00 f7 db 00 f7 9e 1b eb 00 1b 01 84 cc 00 00 00 d9 00 2e 26 3b 80 14 9a d6 00 3b 87 00 cc 5c 80 b7 e8 40 93 dc e0 e1 e2 c6 c6 c7 49 59 68 4e 5f 97 f0 f3 f7 bf db f4 6e 6e 6e d3 d3 d3 d1 09 4b 05 70 92 f9 c8 3f 7e 7e 7e a7 ac b2 f4 f4 f5 8a 8a 89 c0 d2 e2 e2 30 2f 40 73 a5 5e 5e 5d ef f8 fc d2 d6 d9 7f a0 c3 df e8 f0 21 b9 dd f6 fa f9 98 98 98 23 2c 66 f0 f2 f0 76 82 8e ce Data Ascii: PNGIHDRW_PLTEGpLBpnDnFq~UTpD?U&D<{o?}+Cq`.&;;\@IYhN_nnnKp?~~~0/@s^^]!#,fv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	60641	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:11 UTC	694	OUT	GET /page-data/privacy.aspx/page-data.json HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.avs4you.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: application/signed-exchange;v=b3;q=0.7,/;q=0.8 Purpose: prefetch Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:11 UTC	434	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 214527 Connection: close Date: Fri, 24 May 2024 15:39:12 GMT Last-Modified: Tue, 16 Apr 2024 09:58:57 GMT ETag: "5cd7527e5d146f451335f6aba3a0c44c" Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 e0389dce33f3ab76770520feb1331814.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: g0-ofK1sFBd0bLLSNK08VdlY0zHSZt7EGnjIZqZxZ212LnLN63Dl6g==
2024-05-24 15:39:11 UTC	15950	IN	Data Raw: 7b 22 63 6f 6d 70 6f 6e 65 6e 74 43 68 75 6e 6b 4e 61 6d 65 22 3a 22 63 6f 6d 70 6f 6e 65 6e 74 2d 2d 2d 73 72 63 2d 70 61 67 65 73 2d 70 72 69 76 61 63 79 2d 61 73 70 78 2d 6a 73 22 2c 22 70 61 74 68 22 3a 22 2f 70 72 69 76 61 63 79 2e 61 73 70 78 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 70 61 67 65 43 6f 6e 74 65 78 74 22 3a 7b 22 61 76 61 69 6c 61 62 6c 65 4c 6f 63 61 6c 65 73 22 3a 5b 7b 22 76 61 6c 75 65 22 3a 22 65 6e 22 2c 22 74 65 78 74 22 3a 22 45 6e 67 6c 69 73 68 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 64 65 22 2c 22 74 65 78 74 22 3a 22 44 65 75 74 73 63 68 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 69 74 22 2c 22 74 65 78 74 22 3a 22 49 74 61 6c 69 61 6e 6f 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 66 72 22 2c 22 74 65 78 74 22 3a 22 46 72 61 6e c3 a7 Data Ascii: {"componentChunkName":"component---src-pages-privacy-aspx-js","path":"/privacy.aspx","result":{"pageContext":{"availableLocales":[{"value":"en","text":"English"},{"value":"de","text":"Deutsch"},{"value":"it","text":"Italiano"},{"value":"fr","text":"Fran
2024-05-24 15:39:11 UTC	6108	IN	Data Raw: 20 61 6e 64 20 48 44 20 76 69 64 65 6f 73 5c 22 2c 5c 6e 5c 74 5c 22 45 64 69 74 20 61 6e 64 20 73 61 76 65 20 76 69 64 65 6f 20 69 6e 20 61 6c 6c 20 70 6f 70 75 6c 61 72 20 66 6f 72 6d 61 74 73 20 4d 50 34 2c 20 44 56 44 2c 20 41 56 49 2c 20 4d 4f 56 2c 20 56 4f 42 2c 20 57 4d 56 2c 20 4d 4b 56 2c 20 46 4c 56 2c 20 57 45 42 4d 2c 20 65 74 63 5c 22 3a 20 5c 22 45 64 69 74 20 61 6e 64 20 73 61 76 65 20 76 69 64 65 6f 20 69 6e 20 61 6c 6c 20 70 6f 70 75 6c 61 72 20 66 6f 72 6d 61 74 73 20 28 4d 50 34 2c 20 4d 34 56 2c 20 4d 4f 56 2c 20 4d 4b 56 2c 20 57 45 42 4d 2c 20 41 56 49 2c 20 44 56 44 2c 20 56 4f 42 2c 20 4d 50 47 2c 20 57 4d 56 2c 20 33 47 50 2c 20 46 4c 56 2c 20 4d 32 54 53 2c 20 54 53 2c 20 65 74 63 2e 29 5c 22 2c 5c 6e 5c 74 5c 22 50 72 6f 63 65 Data Ascii: and HD videos\",\n\t\"Edit and save video in all popular formats MP4, DVD, AVI, MOV, VOB, WMV, MKV, FLV, WEBM, etc\": \"Edit and save video in all popular formats (MP4, M4V, MOV, MKV, WEBM, AVI, DVD, VOB, MPG, WMV, 3GP, FLV, M2TS, TS, etc.)\",\n\t\"Proce
2024-05-24 15:39:11 UTC	2864	IN	Data Raw: 73 20 61 74 5c 22 2c 5c 6e 5c 74 5c 22 43 61 6e 20 49 20 65 64 69 74 20 76 69 64 65 6f 20 6f 6e 20 61 6c 6c 20 6f 66 20 6d 79 20 64 65 76 69 63 65 73 5c 22 20 3a 20 5c 22 33 2e 20 43 61 6e 20 49 20 65 64 69 74 20 76 69 64 65 6f 20 6f 6e 20 61 6c 6c 20 6f 66 20 6d 79 20 64 65 76 69 63 65 73 3f 20 28 4d 61 63 2c 20 57 69 6e 64 6f 77 73 20 50 43 2c 20 41 6e 64 72 6f 69 64 2c 20 69 4f 53 20 69 50 68 6f 6e 65 20 61 6e 64 20 69 50 61 64 29 5c 22 2c 5c 6e 5c 74 5c 22 41 56 53 20 56 69 64 65 6f 20 45 64 69 74 6f 72 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 20 62 65 73 74 20 76 69 64 65 6f 20 65 64 69 74 6f 72 73 20 66 6f 72 20 57 69 6e 64 6f 77 73 5c 22 20 3a 20 5c 22 41 56 53 20 56 69 64 65 6f 20 45 64 69 74 6f 72 20 69 73 20 6f 6e 65 20 6f 66 20 74 68 65 20 62 Data Ascii: s at\",\n\t\"Can I edit video on all of my devices\" : \"3. Can I edit video on all of my devices? (Mac, Windows PC, Android, iOS iPhone and iPad)\",\n\t\"AVS Video Editor is one of the best video editors for Windows\" : \"AVS Video Editor is one of the b
2024-05-24 15:39:11 UTC	16384	IN	Data Raw: 76 65 72 74 65 72 20 66 6f 72 20 57 69 6e 64 6f 77 73 5c 22 20 3a 20 5c 22 46 72 65 65 20 56 69 64 65 6f 20 43 6f 6e 76 65 72 74 65 72 20 66 6f 72 20 57 69 6e 64 6f 77 73 5c 22 2c 5c 6e 5c 74 5c 22 43 6f 6e 76 65 72 74 20 61 6e 79 20 76 69 64 65 6f 20 77 69 74 68 20 41 56 53 20 46 72 65 65 20 56 69 64 65 6f 20 43 6f 6e 76 65 72 74 65 72 20 66 6f 72 20 57 69 6e 64 6f 77 73 5c 22 3a 20 5c 22 43 6f 6e 76 65 72 74 20 61 6e 79 20 76 69 64 65 6f 20 77 69 74 68 20 41 56 53 20 46 72 65 65 20 56 69 64 65 6f 20 43 6f 6e 76 65 72 74 65 72 20 66 6f 72 20 57 69 6e 64 6f 77 73 5c 22 2c 5c 6e 5c 74 5c 22 41 56 53 20 46 72 65 65 20 56 69 64 65 6f 20 43 6f 6e 76 65 72 74 65 72 20 63 6f 6e 76 65 72 74 73 20 76 69 64 65 6f 20 20 66 69 6c 65 73 20 74 6f 20 61 6c 6c 20 70 6f Data Ascii: verter for Windows\" : \"Free Video Converter for Windows\",\n\t\"Convert any video with AVS Free Video Converter for Windows\": \"Convert any video with AVS Free Video Converter for Windows\",\n\t\"AVS Free Video Converter converts video files to all po
2024-05-24 15:39:11 UTC	16384	IN	Data Raw: 61 6d 2e 20 59 6f 75 72 20 73 6f 66 74 77 61 72 65 20 64 6f 65 73 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 49 20 6e 65 65 64 20 69 74 20 74 6f 20 64 6f 2e 2e 2e 5c 22 2c 5c 6e 5c 74 5c 22 41 72 74 68 75 72 20 52 65 65 73 5c 22 3a 20 5c 22 41 72 74 68 75 72 20 52 65 65 73 5c 22 2c 5c 6e 5c 74 5c 22 47 6f 6f 64 20 61 70 70 6c 69 63 61 74 69 6f 6e 73 2c 20 70 72 6f 6d 70 74 20 73 65 72 76 69 63 65 20 61 6e 64 20 72 65 61 73 6f 6e 61 62 6c 65 20 70 72 69 63 69 6e 67 20 47 72 65 61 74 20 70 72 6f 64 75 63 74 73 2c 20 69 6e 74 75 69 74 69 76 65 20 74 6f 20 6c 65 61 72 6e 20 61 6e 64 20 68 65 6c 70 20 66 69 6c 65 73 20 61 72 65 20 63 6f 6e 63 69 73 65 5c 22 3a 20 5c 22 47 6f 6f 64 20 61 70 70 6c 69 63 61 74 69 6f 6e 73 2c 20 70 72 6f 6d 70 74 20 73 65 72 76 69 Data Ascii: am. Your software does exactly what I need it to do...\",\n\t\"Arthur Rees\": \"Arthur Rees\",\n\t\"Good applications, prompt service and reasonable pricing Great products, intuitive to learn and help files are concise\": \"Good applications, prompt servi
2024-05-24 15:39:11 UTC	13056	IN	Data Raw: 6e 73 74 61 6c 6c 20 74 68 65 20 41 56 53 34 59 4f 55 20 73 6f 66 74 77 61 72 65 20 73 6d 6f 6f 74 68 6c 79 2e 5c 22 2c 5c 6e 5c 74 5c 22 48 6f 77 20 74 6f 20 75 6e 69 6e 73 74 61 6c 6c 20 41 56 53 34 59 4f 55 20 70 72 6f 67 72 61 6d 73 3f 5c 22 3a 20 5c 22 48 6f 77 20 74 6f 20 75 6e 69 6e 73 74 61 6c 6c 20 41 56 53 34 59 4f 55 20 70 72 6f 67 72 61 6d 73 3f 5c 22 2c 5c 6e 5c 74 5c 22 49 6e 20 63 61 73 65 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 75 6e 69 6e 73 74 61 6c 6c 20 74 68 65 c2 a0 41 56 53 34 59 4f 55 c2 a0 70 72 6f 67 72 61 6d 73 20 66 6f 6c 6c 6f 77 20 74 68 69 73 20 64 65 74 61 69 6c 65 64 20 67 75 69 64 65 20 50 6c 65 61 73 65 20 6e 6f 74 65 20 74 68 61 74 20 69 74 20 69 73 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 74 6f 20 75 6e 69 6e 73 74 61 6c Data Ascii: nstall the AVS4YOU software smoothly.\",\n\t\"How to uninstall AVS4YOU programs?\": \"How to uninstall AVS4YOU programs?\",\n\t\"In case you need to uninstall theAVS4YOUprograms follow this detailed guide Please note that it is recommended to uninstal
2024-05-24 15:39:11 UTC	5728	IN	Data Raw: 65 20 6f 66 20 72 65 76 65 6e 75 65 20 77 69 74 68 20 74 6f 70 20 41 56 53 34 59 4f 55 20 74 6f 6f 6c 73 5c 22 3a 20 5c 22 47 72 6f 77 20 79 6f 75 72 20 6f 77 6e 20 62 75 73 69 6e 65 73 73 20 62 79 20 65 73 74 61 62 6c 69 73 68 69 6e 67 20 61 6e 20 61 64 64 69 74 69 6f 6e 61 6c 20 73 6f 75 72 63 65 20 6f 66 20 72 65 76 65 6e 75 65 20 77 69 74 68 20 74 6f 70 20 41 56 53 34 59 4f 55 20 74 6f 6f 6c 73 2e 5c 22 2c 5c 6e 5c 74 5c 22 53 69 67 6e 20 75 70 20 6e 6f 77 5c 22 3a 20 5c 22 53 69 67 6e 20 75 70 20 6e 6f 77 5c 22 2c 5c 6e 5c 74 5c 22 52 65 61 73 6f 6e 73 20 74 6f 20 4a 6f 69 6e 20 41 56 53 34 59 4f 55 20 41 66 66 69 6c 69 61 74 65 20 50 72 6f 67 72 61 6d 5c 22 3a 20 5c 22 52 65 61 73 6f 6e 73 20 74 6f 20 4a 6f 69 6e 20 41 56 53 34 59 4f 55 20 41 66 66 Data Ascii: e of revenue with top AVS4YOU tools\": \"Grow your own business by establishing an additional source of revenue with top AVS4YOU tools.\",\n\t\"Sign up now\": \"Sign up now\",\n\t\"Reasons to Join AVS4YOU Affiliate Program\": \"Reasons to Join AVS4YOU Aff
2024-05-24 15:39:11 UTC	16384	IN	Data Raw: 79 20 74 6f 20 73 69 6d 70 6c 69 66 79 20 6d 79 20 67 65 6e 65 72 61 74 69 6f 6e 20 6f 66 20 63 75 73 74 6f 6d 20 61 66 66 69 6c 69 61 74 65 20 6c 69 6e 6b 73 20 66 72 6f 6d 20 41 56 53 34 59 4f 55 c2 ae 3f 5c 22 2c 5c 6e 20 20 20 20 5c 22 59 65 73 2c 20 70 6c 65 61 73 65 20 75 73 65 20 6f 75 72 5c 22 20 3a 20 5c 22 59 65 73 2c 20 70 6c 65 61 73 65 20 75 73 65 20 6f 75 72 5c 22 2c 5c 6e 20 20 20 20 5c 22 41 66 66 69 6c 69 61 74 65 20 4c 69 6e 6b 73 20 47 65 6e 65 72 61 74 6f 72 5c 22 20 3a 20 5c 22 41 66 66 69 6c 69 61 74 65 20 4c 69 6e 6b 73 20 47 65 6e 65 72 61 74 6f 72 5c 22 2c 5c 6e 20 20 20 20 5c 22 74 6f 6f 6c 5c 22 20 3a 20 5c 22 20 74 6f 6f 6c 5c 22 2c 5c 6e 20 20 20 20 5c 22 68 65 72 65 5c 22 20 3a 20 5c 22 68 65 72 65 5c 22 2c 5c 6e 20 20 20 20 Data Ascii: y to simplify my generation of custom affiliate links from AVS4YOU?\",\n \"Yes, please use our\" : \"Yes, please use our\",\n \"Affiliate Links Generator\" : \"Affiliate Links Generator\",\n \"tool\" : \" tool\",\n \"here\" : \"here\",\n
2024-05-24 15:39:11 UTC	800	IN	Data Raw: 73 2c 20 73 74 6f 72 69 65 73 20 61 6e 64 20 61 64 76 65 6e 74 75 72 65 73 20 77 69 74 68 20 46 72 65 65 20 41 56 53 20 49 6d 61 67 65 20 43 6f 6e 76 65 72 74 65 72 5c 22 3a 20 5c 22 53 68 61 72 65 20 79 6f 75 72 20 70 68 6f 74 6f 73 2c 20 73 74 6f 72 69 65 73 20 61 6e 64 20 61 64 76 65 6e 74 75 72 65 73 20 77 69 74 68 20 46 72 65 65 20 41 56 53 20 49 6d 61 67 65 20 43 6f 6e 76 65 72 74 65 72 2e 5c 22 2c 5c 6e 5c 74 5c 22 43 6f 6e 76 65 72 74 20 66 72 6f 6d 20 61 6e 64 20 74 6f 20 70 6f 70 75 6c 61 72 20 66 6f 72 6d 61 74 73 5c 22 3a 20 5c 22 43 6f 6e 76 65 72 74 20 66 72 6f 6d 20 61 6e 64 20 74 6f 20 70 6f 70 75 6c 61 72 20 66 6f 72 6d 61 74 73 5c 22 2c 5c 6e 5c 74 5c 22 43 6f 6e 76 65 72 74 20 69 6d 61 67 65 73 20 74 6f 20 61 6c 6c 20 6b 65 79 20 66 6f Data Ascii: s, stories and adventures with Free AVS Image Converter\": \"Share your photos, stories and adventures with Free AVS Image Converter.\",\n\t\"Convert from and to popular formats\": \"Convert from and to popular formats\",\n\t\"Convert images to all key fo
2024-05-24 15:39:11 UTC	5728	IN	Data Raw: 44 46 20 66 6f 72 6d 61 74 2c 20 6d 65 72 67 65 20 6d 75 6c 74 69 70 6c 65 20 4a 50 45 47 20 66 69 6c 65 73 20 74 6f 20 50 44 46 2e 5c 22 2c 5c 6e 5c 74 5c 22 45 61 73 69 6c 79 20 72 65 73 69 7a 65 20 69 6d 61 67 65 73 20 75 73 69 6e 67 20 70 72 65 73 65 74 73 5c 22 3a 20 5c 22 45 61 73 69 6c 79 20 72 65 73 69 7a 65 20 69 6d 61 67 65 73 20 75 73 69 6e 67 20 70 72 65 73 65 74 73 5c 22 2c 5c 6e 5c 74 5c 22 41 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 74 61 69 6c 6f 72 20 79 6f 75 72 20 70 68 6f 74 6f 73 20 74 6f 20 70 6f 70 75 6c 61 72 20 70 72 69 6e 74 69 6e 67 20 66 6f 72 6d 61 74 73 5c 22 3a 20 5c 22 41 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 74 61 69 6c 6f 72 20 79 6f 75 72 20 70 68 6f 74 6f 73 20 74 6f 20 70 6f 70 75 6c 61 72 20 70 72 69 6e 74 69 6e 67 20 Data Ascii: DF format, merge multiple JPEG files to PDF.\",\n\t\"Easily resize images using presets\": \"Easily resize images using presets\",\n\t\"Automatically tailor your photos to popular printing formats\": \"Automatically tailor your photos to popular printing

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	60642	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:11 UTC	687	OUT	GET /page-data/index/page-data.json HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.avs4you.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: application/signed-exchange;v=b3;q=0.7,/;q=0.8 Purpose: prefetch Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:11 UTC	440	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 214469 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:50 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:12 GMT ETag: "47ed8898bca3325add7230a5be6f7aae" X-Cache: RefreshHit from cloudfront Via: 1.1 e880f887bc0d932c2631abf8fa58de7e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: xbtahr1SJ0ek8aH0WfomFeVM7YyYeIuoDRriFBJcb6ZQb9biCDCddQ==
2024-05-24 15:39:11 UTC	15576	IN	Data Raw: 7b 22 63 6f 6d 70 6f 6e 65 6e 74 43 68 75 6e 6b 4e 61 6d 65 22 3a 22 63 6f 6d 70 6f 6e 65 6e 74 2d 2d 2d 73 72 63 2d 70 61 67 65 73 2d 69 6e 64 65 78 2d 6a 73 22 2c 22 70 61 74 68 22 3a 22 2f 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 70 61 67 65 43 6f 6e 74 65 78 74 22 3a 7b 22 61 76 61 69 6c 61 62 6c 65 4c 6f 63 61 6c 65 73 22 3a 5b 7b 22 76 61 6c 75 65 22 3a 22 65 6e 22 2c 22 74 65 78 74 22 3a 22 45 6e 67 6c 69 73 68 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 64 65 22 2c 22 74 65 78 74 22 3a 22 44 65 75 74 73 63 68 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 69 74 22 2c 22 74 65 78 74 22 3a 22 49 74 61 6c 69 61 6e 6f 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 66 72 22 2c 22 74 65 78 74 22 3a 22 46 72 61 6e c3 a7 61 69 73 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 65 73 22 Data Ascii: {"componentChunkName":"component---src-pages-index-js","path":"/","result":{"pageContext":{"availableLocales":[{"value":"en","text":"English"},{"value":"de","text":"Deutsch"},{"value":"it","text":"Italiano"},{"value":"fr","text":"Franais"},{"value":"es"
2024-05-24 15:39:11 UTC	16384	IN	Data Raw: 72 79 20 76 69 72 61 6c 20 6f 6e 20 73 6f 63 69 61 6c 20 61 6e 64 20 76 69 64 65 6f 20 70 6c 61 74 66 6f 72 6d 73 3a 20 59 6f 75 54 75 62 65 2c 20 54 69 6b 54 6f 6b 2c 20 49 6e 73 74 61 67 72 61 6d 2c 20 56 69 6d 65 6f 2c 20 65 74 63 2e 5c 22 2c 5c 6e 5c 74 5c 22 54 72 69 6d 2c 20 63 75 74 2c 20 73 70 6c 69 74 2c 20 6d 65 72 67 65 2c 20 72 6f 74 61 74 65 2c 20 6d 69 78 20 76 69 64 65 6f 73 20 33 30 30 2b 20 69 6e 6e 6f 76 61 74 69 76 65 20 65 66 66 65 63 74 73 2c 20 74 72 61 6e 73 69 74 69 6f 6e 73 2c 20 6f 76 65 72 6c 61 79 73 5c 22 3a 20 5c 22 54 72 69 6d 2c 20 63 75 74 2c 20 73 70 6c 69 74 2c 20 6d 65 72 67 65 2c 20 72 6f 74 61 74 65 2c 20 6d 69 78 20 76 69 64 65 6f 73 2e 20 33 30 30 2b 20 69 6e 6e 6f 76 61 74 69 76 65 20 65 66 66 65 63 74 73 2c 20 74 Data Ascii: ry viral on social and video platforms: YouTube, TikTok, Instagram, Vimeo, etc.\",\n\t\"Trim, cut, split, merge, rotate, mix videos 300+ innovative effects, transitions, overlays\": \"Trim, cut, split, merge, rotate, mix videos. 300+ innovative effects, t
2024-05-24 15:39:11 UTC	2322	IN	Data Raw: 42 6c 75 2d 72 61 79 20 64 69 73 63 73 5c 22 3a 20 5c 22 43 72 65 61 74 65 20 44 56 44 2f 42 6c 75 2d 72 61 79 20 64 69 73 63 73 5c 22 2c 5c 6e 5c 74 5c 22 43 6f 6e 76 65 72 74 20 66 72 6f 6d 20 74 6f 20 42 6c 75 2d 72 61 79 20 6f 72 20 44 56 44 20 66 6f 72 6d 61 74 73 20 43 75 74 2c 20 61 70 70 6c 79 20 65 66 66 65 63 74 73 2c 20 61 64 64 20 63 6f 6c 6f 72 66 75 6c 20 44 56 44 20 42 6c 75 2d 72 61 79 20 6d 65 6e 75 73 20 53 70 6c 69 74 20 79 6f 75 72 20 6d 6f 76 69 65 20 69 6e 74 6f 20 63 68 61 70 74 65 72 73 20 61 6e 64 20 62 75 72 6e 20 44 56 44 20 42 6c 75 2d 72 61 79 20 64 69 73 63 73 5c 22 3a 20 5c 22 43 6f 6e 76 65 72 74 20 66 72 6f 6d 20 74 6f 20 42 6c 75 2d 72 61 79 20 6f 72 20 44 56 44 20 66 6f 72 6d 61 74 73 2e 20 43 75 74 2c 20 61 70 70 6c 79 Data Ascii: Blu-ray discs\": \"Create DVD/Blu-ray discs\",\n\t\"Convert from to Blu-ray or DVD formats Cut, apply effects, add colorful DVD Blu-ray menus Split your movie into chapters and burn DVD Blu-ray discs\": \"Convert from to Blu-ray or DVD formats. Cut, apply
2024-05-24 15:39:11 UTC	16384	IN	Data Raw: 65 72 74 65 72 73 20 68 61 76 65 20 6c 69 6d 69 74 61 74 69 6f 6e 73 2c 20 66 6f 72 20 65 78 61 6d 70 6c 65 2c 20 74 68 65 79 20 61 6c 6c 6f 77 20 74 6f 20 63 6f 6e 76 65 72 74 20 6f 6e 6c 79 20 6f 6e 65 20 74 68 69 72 64 20 6f 66 20 74 68 65 20 69 6e 70 75 74 20 76 69 64 65 6f 20 66 69 6c 65 20 6f 72 20 61 6e 20 61 6e 6e 6f 79 69 6e 67 20 77 61 74 65 72 6d 61 72 6b 20 69 73 20 61 64 64 65 64 20 61 74 20 74 68 65 20 63 65 6e 74 65 72 20 6f 66 20 74 68 65 20 73 63 72 65 65 6e 2e 20 57 65 20 72 65 63 6f 6d 6d 65 6e 64 20 79 6f 75 20 75 73 69 6e 67 20 41 56 53 20 56 69 64 65 6f 20 43 6f 6e 76 65 72 74 65 72 2c 20 6f 6e 65 20 6f 66 20 74 68 65 20 62 65 73 74 20 76 69 64 65 6f 20 63 6f 6e 76 65 72 74 65 72 73 20 66 6f 72 20 57 69 6e 64 6f 77 73 2c 20 62 65 63 Data Ascii: erters have limitations, for example, they allow to convert only one third of the input video file or an annoying watermark is added at the center of the screen. We recommend you using AVS Video Converter, one of the best video converters for Windows, bec
2024-05-24 15:39:11 UTC	16384	IN	Data Raw: 65 72 79 20 64 65 74 61 69 6c 20 6f 72 69 65 6e 74 65 64 20 73 6f 20 66 61 72 20 68 61 76 65 20 72 75 6e 20 6d 61 6e 79 20 64 6f 7a 65 6e 73 20 6f 66 20 4d 34 41 20 74 6f 20 57 4d 41 20 61 6e 64 20 4d 50 33 20 63 6f 6e 76 65 72 73 69 6f 6e 73 5c 22 3a 20 5c 22 46 6f 72 20 74 68 65 20 48 6f 6c 69 64 61 79 73 20 49 20 68 61 64 20 74 68 65 20 6e 65 65 64 20 74 6f 20 63 6f 6e 76 65 72 74 20 61 75 64 69 6f 20 66 69 6c 65 73 20 66 6f 72 20 6d 79 20 77 69 66 65 20 61 6e 64 20 6b 69 64 73 20 41 66 74 65 72 20 75 73 69 6e 67 20 79 6f 75 72 20 61 70 70 20 49 20 73 61 77 20 69 6d 6d 65 64 69 61 74 65 6c 79 20 74 68 61 74 20 69 74 20 77 61 73 20 77 65 6c 6c 20 77 72 69 74 74 65 6e 2c 20 73 74 72 61 69 67 68 74 20 66 6f 72 77 61 72 64 2c 20 65 61 73 79 20 74 6f 20 75 Data Ascii: ery detail oriented so far have run many dozens of M4A to WMA and MP3 conversions\": \"For the Holidays I had the need to convert audio files for my wife and kids After using your app I saw immediately that it was well written, straight forward, easy to u
2024-05-24 15:39:11 UTC	16384	IN	Data Raw: 63 75 74 74 69 6e 67 20 65 64 67 65 20 6f 66 20 68 69 67 68 20 74 65 63 68 6e 6f 6c 6f 67 69 63 61 6c 20 61 64 76 61 6e 63 65 73 5c 22 3a 20 5c 22 41 73 63 65 6e 73 69 6f 20 53 79 73 74 65 6d 20 53 49 41 20 69 73 20 61 6e 20 49 54 20 68 69 67 68 2d 74 65 63 68 20 63 6f 6d 70 61 6e 79 20 74 68 61 74 20 73 70 65 63 69 61 6c 69 7a 65 73 20 69 6e 20 64 65 76 65 6c 6f 70 69 6e 67 20 69 6e 6e 6f 76 61 74 69 76 65 20 76 69 64 65 6f 20 61 6e 64 20 61 75 64 69 6f 20 73 6f 6c 75 74 69 6f 6e 73 20 66 6f 72 20 65 6e 64 2d 75 73 65 72 73 20 61 6e 64 20 70 72 6f 66 65 73 73 69 6f 6e 61 6c 20 64 65 76 65 6c 6f 70 65 72 73 2e 20 4f 75 72 20 61 77 61 72 64 2d 77 69 6e 6e 69 6e 67 20 70 72 6f 64 75 63 74 73 20 68 61 76 65 20 65 61 72 6e 65 64 20 68 69 67 68 20 72 65 70 75 Data Ascii: cutting edge of high technological advances\": \"Ascensio System SIA is an IT high-tech company that specializes in developing innovative video and audio solutions for end-users and professional developers. Our award-winning products have earned high repu
2024-05-24 15:39:11 UTC	14808	IN	Data Raw: 5c 22 41 56 53 20 46 72 65 65 20 44 69 73 63 20 43 72 65 61 74 6f 72 20 69 73 20 61 20 66 72 65 65 20 43 44 20 44 56 44 20 62 75 72 6e 69 6e 67 20 73 6f 66 74 77 61 72 65 5c 22 3a 20 5c 22 41 56 53 20 46 72 65 65 20 44 69 73 63 20 43 72 65 61 74 6f 72 20 69 73 20 61 20 66 72 65 65 20 43 44 20 2f 44 56 44 20 62 75 72 6e 69 6e 67 20 73 6f 66 74 77 61 72 65 2e 5c 22 2c 5c 6e 5c 74 5c 22 46 72 65 65 20 41 56 53 20 44 69 73 63 20 43 72 65 61 74 6f 72 5c 22 3a 20 5c 22 46 72 65 65 20 41 56 53 20 44 69 73 63 20 43 72 65 61 74 6f 72 5c 22 2c 5c 6e 5c 74 5c 22 43 6f 70 79 20 44 56 44 20 77 69 74 68 20 41 56 53 20 46 72 65 65 20 44 69 73 63 20 43 72 65 61 74 6f 72 20 73 6f 66 74 77 61 72 65 20 57 72 69 74 65 20 44 56 44 20 43 44 20 42 6c 75 2d 72 61 79 20 64 61 74 Data Ascii: \"AVS Free Disc Creator is a free CD DVD burning software\": \"AVS Free Disc Creator is a free CD /DVD burning software.\",\n\t\"Free AVS Disc Creator\": \"Free AVS Disc Creator\",\n\t\"Copy DVD with AVS Free Disc Creator software Write DVD CD Blu-ray dat
2024-05-24 15:39:11 UTC	552	IN	Data Raw: 52 65 67 69 73 74 72 79 20 43 6c 65 61 6e 65 72 2e 5c 22 2c 5c 6e 5c 74 5c 22 41 56 53 20 52 65 67 69 73 74 72 79 20 43 6c 65 61 6e 65 72 5c 22 3a 20 5c 22 41 56 53 20 52 65 67 69 73 74 72 79 20 43 6c 65 61 6e 65 72 5c 22 2c 5c 6e 5c 74 5c 22 4d 61 6b 65 20 79 6f 75 72 20 50 43 20 6f 70 65 72 61 74 65 20 63 6c 65 61 6e 20 61 6e 64 20 66 61 73 74 20 77 69 74 68 20 46 72 65 65 20 41 56 53 20 52 65 67 69 73 74 72 79 20 43 6c 65 61 6e 65 72 5c 22 3a 20 5c 22 4d 61 6b 65 20 79 6f 75 72 20 50 43 20 6f 70 65 72 61 74 65 20 63 6c 65 61 6e 20 61 6e 64 20 66 61 73 74 20 77 69 74 68 20 46 72 65 65 20 41 56 53 20 52 65 67 69 73 74 72 79 20 43 6c 65 61 6e 65 72 2e 5c 22 2c 5c 6e 5c 74 5c 22 53 63 61 6e 20 79 6f 75 72 20 70 63 20 72 65 67 69 73 74 72 79 20 61 75 74 6f Data Ascii: Registry Cleaner.\",\n\t\"AVS Registry Cleaner\": \"AVS Registry Cleaner\",\n\t\"Make your PC operate clean and fast with Free AVS Registry Cleaner\": \"Make your PC operate clean and fast with Free AVS Registry Cleaner.\",\n\t\"Scan your pc registry auto
2024-05-24 15:39:11 UTC	16384	IN	Data Raw: 65 65 20 72 65 67 69 73 74 72 79 20 63 6c 65 61 6e 65 72 2c 62 65 73 74 20 72 65 67 69 73 74 72 79 20 63 6c 65 61 6e 65 72 2c 20 41 56 53 20 52 65 67 69 73 74 72 79 20 43 6c 65 61 6e 65 72 2c 20 6f 70 74 69 6d 69 7a 65 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 2c 20 63 6f 6d 70 75 74 65 72 20 70 65 72 66 6f 72 6d 61 6e 63 65 5c 22 3a 20 5c 22 52 65 67 69 73 74 72 79 20 43 6c 65 61 6e 65 72 2c 20 66 72 65 65 20 72 65 67 69 73 74 72 79 20 63 6c 65 61 6e 65 72 2c 62 65 73 74 20 72 65 67 69 73 74 72 79 20 63 6c 65 61 6e 65 72 2c 20 41 56 53 20 52 65 67 69 73 74 72 79 20 43 6c 65 61 6e 65 72 2c 20 6f 70 74 69 6d 69 7a 65 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 2c 20 63 6f 6d 70 75 74 65 72 20 70 65 72 66 6f 72 6d 61 6e 63 65 5c 22 2c 5c 6e 5c 74 5c 22 43 6c Data Ascii: ee registry cleaner,best registry cleaner, AVS Registry Cleaner, optimize your computer, computer performance\": \"Registry Cleaner, free registry cleaner,best registry cleaner, AVS Registry Cleaner, optimize your computer, computer performance\",\n\t\"Cl
2024-05-24 15:39:11 UTC	16384	IN	Data Raw: 2c 20 62 61 6e 6b 20 74 72 61 6e 73 66 65 72 2c 20 70 75 72 63 68 61 73 65 20 6f 72 64 65 72 2c 20 65 74 63 2e 29 2e 5c 22 2c 5c 6e 5c 74 5c 22 4e 6f 20 72 65 67 69 73 74 72 61 74 69 6f 6e 20 72 65 71 75 69 72 65 64 5c 22 3a 20 5c 22 4e 6f 20 72 65 67 69 73 74 72 61 74 69 6f 6e 20 72 65 71 75 69 72 65 64 5c 22 2c 5c 6e 5c 74 5c 22 4f 75 72 20 6d 61 6e 61 67 65 72 73 20 63 61 72 65 66 75 6c 6c 79 20 6c 65 61 64 20 79 6f 75 20 74 68 72 6f 75 67 68 20 74 68 65 20 70 75 72 63 68 61 73 65 20 70 72 6f 63 65 73 73 20 61 6e 64 20 70 72 6f 76 69 64 65 20 79 6f 75 20 77 69 74 68 20 61 6c 6c 20 61 63 63 6f 6d 70 61 6e 79 69 6e 67 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 5c 22 3a 5c 22 4f 75 72 20 6d 61 6e 61 67 65 72 73 20 63 61 72 65 66 75 6c 6c 79 20 6c 65 61 64 Data Ascii: , bank transfer, purchase order, etc.).\",\n\t\"No registration required\": \"No registration required\",\n\t\"Our managers carefully lead you through the purchase process and provide you with all accompanying documentation\":\"Our managers carefully lead

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	60643	34.96.102.137	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:11 UTC	601	OUT	GET /7.0/va-02675bafc3b15c3fe9607f49f9c72a3c.js HTTP/1.1 Host: dev.visualwebsiteoptimizer.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.avs4you.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:11 UTC	464	IN	HTTP/1.1 200 OK Date: Fri, 24 May 2024 15:39:11 GMT Content-Type: text/javascript; charset=UTF-8 Last-Modified: Fri, 24 May 2024 13:39:31 GMT Content-Encoding: gzip ETag: "66509893-13ae6" server: gnv2 Vary: Accept-Encoding Cache-Control: public Cache-Control: max-age=31536000 Access-Control-Allow-Origin: * Accept-Ranges: bytes Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-05-24 15:39:11 UTC	926	IN	Data Raw: 30 30 30 30 30 30 30 31 0d 0a 1f 0d 0a 30 30 30 30 30 30 30 31 0d 0a 8b 0d 0a 30 30 30 30 30 30 30 31 0d 0a 08 0d 0a 30 30 30 30 30 30 30 31 0d 0a 08 0d 0a 30 30 30 30 30 30 30 31 0d 0a 78 0d 0a 30 30 30 30 30 30 30 31 0d 0a a5 0d 0a 30 30 30 30 30 30 30 31 0d 0a 38 0d 0a 30 30 30 30 30 30 30 31 0d 0a 66 0d 0a 30 30 30 30 30 30 30 31 0d 0a 00 0d 0a 30 30 30 30 30 30 30 31 0d 0a 03 0d 0a 30 30 30 30 30 30 30 31 0d 0a 76 0d 0a 30 30 30 30 30 30 30 31 0d 0a 61 0d 0a 30 30 30 30 30 30 30 31 0d 0a 2e 0d 0a 30 30 30 30 30 30 30 31 0d 0a 6a 0d 0a 30 30 30 30 30 30 30 31 0d 0a 73 0d 0a 30 30 30 30 30 30 30 31 0d 0a 00 0d 0a 30 30 30 30 30 30 30 31 0d 0a c4 0d 0a 30 30 30 30 30 30 30 31 0d 0a 7d 0d 0a 30 30 30 30 30 30 30 31 0d 0a fd 0d 0a 30 30 31 0d 0a 7b 0d 0a Data Ascii: 0000000100000001000000010000000100000001x0000000100000001800000001f000000010000000100000001v00000001a00000001.00000001j00000001s000000010000000100000001}00000001001{
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 7a f2 e2 ec fc ec fa 23 b3 5e 9d 5d 5f 20 d8 57 00 f7 c4 7a 7b 72 75 7d 76 fa ee fc e4 ca 7a fb ee ea ed e5 70 00 23 78 09 90 2f ce 2e 5e 5d 41 47 83 37 83 8b 6b 0f 3a 86 32 6b f0 2b bc 58 c3 d7 27 e7 e7 34 bd 93 77 30 81 2b 1c 22 76 7c 7a f9 f6 e3 d5 d9 df 5f 5f 5b af 2f cf 5f 0e a0 fc c5 00 c6 77 f2 e2 7c 20 7b 83 a9 9d 9e 9f 9c bd 61 d6 cb 93 37 27 7f 1f d0 dc 2e 01 d0 15 55 53 03 7c ff 7a 40 45 d0 e5 09 fc 77 7a 7d 76 79 81 33 39 bd bc b8 be 82 57 06 73 bd ba 56 7d 52 eb f7 67 c3 01 b3 4e ae ce 86 88 99 57 57 97 d0 03 e2 15 1a 5d 12 1c 68 7a 31 90 80 10 e7 d5 a5 81 2a f8 fe 6e 38 28 87 f3 72 70 72 0e b0 86 d8 d8 ac 8c 6b db f9 ae 35 5f 0b e2 34 c7 7d b4 81 7b 2c c9 7a 76 ef 2e 4c 2d 1e 8c 26 2c 0a 46 f6 8c df 79 77 51 b6 0e e3 7b 7e 93 45 39 4f 56 39 Data Ascii: z#^]_ Wz{ru}vzp#x/.^]AG7k:2k+X'4w0+"v\|z__[/_w\| {a7'.US\|z@Ewz}vy39WsV}RgNWW]hz1*n8(rprk5_4}{,zv.L-&,FywQ{~E9OV9
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 51 32 31 8a 26 c5 00 60 6c e5 68 00 4d 69 40 9f a1 60 09 e8 17 eb 38 66 f6 32 01 05 0a ba e3 29 e2 6c ea ad 52 8e 93 04 41 4d 5f 62 1e de f1 ca 97 cd c6 c9 68 ec 29 8f d1 84 ba ae 4d c1 98 3f 10 0a 50 f6 01 ec 4e 41 90 6e 36 a1 44 d0 23 f6 ef a7 4c d2 cc e5 cd 17 7f ba 75 4d dc 84 f5 29 13 5f 85 30 f4 3a 76 40 8b a2 c9 70 22 1c 78 2b 60 52 01 94 17 05 e6 47 d6 3a 82 11 99 b5 71 6d 5f d3 5b aa 88 58 41 8e 81 7e 72 50 e4 aa 9a 59 6e c8 bd 99 94 7b f2 8b 4d e4 64 b7 1d 44 e0 33 a2 c2 3e 6f db 9e ed 03 a9 b4 f3 82 74 3a 63 af 73 cb ec ff b4 dd b2 c8 c2 92 03 db 60 9d a4 94 c3 2d c0 3b 50 79 29 e3 36 9b a3 23 a2 3d 43 ec 09 f8 07 97 a8 84 10 3a 11 e3 5a 53 01 4d d4 e3 a0 4f 39 c6 de 0c a8 45 96 a0 a6 17 b0 b7 01 48 50 48 93 c9 c1 01 fe 5b 14 bb 12 06 d7 2c 0a Data Ascii: Q21&`lhMi@`8f2)lRAM_bh)M?PNAn6D#LuM)_0:v@p"x+`RG:qm_[XA~rPYn{MdD3>ot:cs`-;Py)6#=C:ZSMO9EHPH[,
2024-05-24 15:39:11 UTC	633	IN	Data Raw: 61 33 ba cc a6 f6 36 53 d4 58 7e f1 be 24 91 70 6c 66 bb b8 a9 87 2b df f4 a2 34 f7 81 b2 75 25 7b 68 56 17 4a 71 c2 dd 2d c2 e5 62 b6 77 e8 05 b9 6d 36 43 07 b9 c0 95 74 ed 7f 65 19 e8 83 fe 08 ec 34 f8 65 d2 42 a4 57 7a da b2 42 25 31 b6 4f 2c 43 6b fb 5b 0e 7d d2 9b 7e ae 39 da 0a 07 47 69 59 03 6b a1 83 12 2c ab 23 30 bd 8b 62 c5 e3 60 09 82 79 83 ba 37 6c 78 09 6a 8e a5 b2 8b 8a 63 16 44 15 60 47 1a d8 73 c0 7e dd 5d 12 c1 64 cd fd 2f 82 ad 08 74 db 47 50 f7 c2 40 6a b1 91 64 bf c3 c3 c4 ed 25 c7 21 79 af 71 53 00 0c b5 02 10 c2 65 4f c9 44 ba bc 73 b2 07 5c 11 44 a3 7c c2 40 a8 e1 8f fd f9 33 61 e7 f3 67 b4 b2 80 f1 22 f8 41 23 37 23 ff 8a 53 df 31 52 57 0e 4d ca 8a 14 f6 14 74 dc 36 54 14 95 8a a0 3e f7 85 6f 36 ec 8f 26 3e cc 1f c7 12 e8 05 71 d0 Data Ascii: a36SX~$plf+4u%{hVJq-bwm6Cte4eBWzB%1O,Ck[}~9GiYk,#0b`y7lxjcD`Gs~]d/tGP@jd%!yqSeODs\D\|@3ag"A#7#S1RWMt6T>o6&>q
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 30 30 30 30 30 30 30 31 0d 0a 95 0d 0a 30 30 30 30 30 30 30 31 0d 0a 51 0d 0a 30 30 30 30 30 30 30 31 0d 0a 4c 0d 0a 30 30 30 30 30 30 30 31 0d 0a ab 0d 0a 30 30 30 30 30 30 30 31 0d 0a d2 0d 0a 30 30 30 30 30 30 30 31 0d 0a 26 0d 0a 30 30 30 30 30 30 30 31 0d 0a 5f 0d 0a 30 30 30 30 30 30 30 31 0d 0a a4 0d 0a 30 30 30 30 30 30 30 31 0d 0a c9 0d 0a 30 30 30 30 30 30 30 31 0d 0a bd 0d 0a 30 30 30 30 30 30 30 31 0d 0a 05 0d 0a 30 30 30 30 30 30 30 31 0d 0a fb 0d 0a 30 30 30 30 30 30 30 31 0d 0a 00 0d 0a 30 30 30 30 30 30 30 31 0d 0a d8 0d 0a 30 30 30 30 30 30 30 31 0d 0a b2 0d 0a 30 30 30 30 30 30 30 31 0d 0a 19 0d 0a 30 30 30 30 30 30 30 31 0d 0a ff 0d 0a 30 30 30 30 30 30 30 31 0d 0a c7 0d 0a 30 30 30 30 30 30 30 31 0d 0a f0 0d 0a 31 0d 0a f2 0d 0a 30 66 Data Ascii: 0000000100000001Q00000001L000000010000000100000001&00000001_00000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000110f
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: c6 80 72 10 4c ef 17 11 70 11 8c 8c fb 3f 52 08 b9 d4 9e 0a cb 85 e5 68 78 fb ad 7d fd d1 67 5b c7 f5 d9 22 5f c6 43 ca fc 46 77 6c 6b 6f 33 c4 66 d9 8a 30 e7 77 00 67 8a af 13 6c 76 92 ab 2c 61 14 a4 50 01 54 49 86 d8 be 48 d2 25 c1 9f f9 76 27 44 ca ab 57 c7 5a 88 25 85 f4 ce a7 2e e0 fd fb 02 b6 5c 70 f5 d5 65 d3 2c 7b 45 2b d5 6a e9 6f ba 88 d1 ba 5c 0a df a6 14 af bd 58 a7 a5 24 cc 7b a0 45 ac 39 74 9d 0f c9 55 0a 83 dc a5 51 fa 02 d3 6f 52 75 8b 5a 98 e0 09 bd 82 ec c9 14 24 56 46 c7 7d a9 01 c1 80 2a 3a ee d3 10 89 fe 01 5e 09 86 c9 18 f6 e0 db 2a 14 b3 c4 07 29 56 06 76 d1 35 53 2a e6 f8 26 12 fa 40 0c 8d 75 81 5e df 00 90 58 d9 1e f9 1e 45 9f 1c 01 f9 d3 7a bd ad 32 ce ec 76 da b6 83 a3 1e 3a 3a 4b 27 01 af 2a fa 20 fa 2a 8a fe 0d 68 2b 95 e8 74 Data Ascii: rLp?Rhx}g["_CFwlko3f0wglv,aPTIH%v'DWZ%.\pe,{E+jo\X${E9tUQoRuZ$VF}:^)Vv5S&@u^XEz2v::K' *h+t
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 71 52 6d f6 47 0b 8c 6d 35 38 3c 45 42 0e 7d 9d 01 2d b3 4a e9 b5 be b9 48 5a 00 35 f8 94 54 32 33 9b 44 05 d1 8d e3 1c 4f 6c 03 85 e6 3a a4 51 80 79 e5 69 a0 8e 30 52 aa 30 56 43 63 95 ca 1f 5a a1 5b b9 3d 34 24 25 8b c2 5f 8d ce 52 19 30 90 9b ca 6b cc d1 26 27 7a 29 a2 7b f9 71 da cb db 6d 39 12 99 8f 01 64 8b c0 11 1b 51 99 78 89 3e 11 af 50 3e cd a3 8d b6 65 b7 8d 4f 6d 78 67 61 60 94 e0 89 16 16 97 0e e6 ec 38 a6 c3 2d 49 e1 e7 47 10 78 9e 05 db ba c7 5d 3a 82 16 e8 42 98 6a 09 4b 07 35 43 57 46 58 cc 4f c2 cc 83 d3 34 f1 7f 7f 8d 0c b8 ff 07 cb 04 0a 23 9d 0f fa 7f b2 5a e8 bc 2a d7 8a c2 63 c6 82 39 0d 2b 56 46 95 7e 63 f8 8a 47 f7 60 dd 8a 35 0b 8f b3 5e 88 6b 16 24 45 4d b9 40 21 ad 1a 35 6a 5a a8 a4 61 a1 6c bb ba 52 79 72 7b 1b d7 57 2a 61 a1 Data Ascii: qRmGm58<EB}-JHZ5T23DOl:Qyi0R0VCcZ[=4$%_R0k&'z){qm9dQx>P>eOmxga`8-IGx]:BjK5CWFXO4#Zc9+VF~cG`5^k$EM@!5jZalRyr{Wa
2024-05-24 15:39:11 UTC	167	IN	Data Raw: a1 f1 57 77 9a e0 ec 14 7a 35 91 55 0b d4 6c f1 90 aa d4 67 12 b7 b8 d3 40 a6 81 e2 e4 60 ff e1 2a 54 a3 92 43 31 66 21 d5 f2 e6 3d e9 69 f6 29 38 8d 85 30 4f 22 13 bc 79 80 10 ad e8 9d ad 02 98 ce 4c d1 38 72 24 bc ae 28 f3 0d c5 65 2e 99 10 f4 65 3d 1d 22 42 52 2b 18 9e c5 db 8d 16 80 0c f4 6c 99 bd b8 08 d3 93 1c 68 84 2c 96 88 ae b5 20 17 a4 cd 56 c5 91 6b 39 3b 98 54 d4 ce a5 c5 41 c6 64 8d d4 c1 1c 1d cd 89 b4 51 73 44 2a 70 c0 d4 8c 83 c8 ad d0 2f a8 a6 74 0e c4 41 17 41 13 0d 67 01 0d 0a Data Ascii: Wwz5Ulg@`TC1f!=i)80O"yL8r$(e.e="BR+lh, Vk9;TAdQsDp/tAAg
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 30 30 30 30 30 30 30 31 0d 0a a6 0d 0a 30 30 30 30 30 30 30 31 0d 0a f2 0d 0a 30 30 30 30 30 30 30 31 0d 0a 5e 0d 0a 30 30 30 30 30 30 30 31 0d 0a f1 0d 0a 30 30 30 30 30 30 30 31 0d 0a db 0d 0a 30 30 30 30 30 30 30 31 0d 0a c1 0d 0a 30 30 30 30 30 30 30 31 0d 0a b7 0d 0a 30 30 30 30 30 30 30 31 0d 0a 95 0d 0a 30 30 30 30 30 30 30 31 0d 0a 63 0d 0a 30 30 30 30 30 30 30 31 0d 0a 3b 0d 0a 30 30 30 30 30 30 30 31 0d 0a 9f 0d 0a 30 30 30 30 30 30 30 31 0d 0a 36 0d 0a 30 30 30 30 30 30 30 31 0d 0a e3 0d 0a 30 30 30 30 30 30 30 31 0d 0a b1 0d 0a 30 30 30 30 30 30 30 31 0d 0a e7 0d 0a 30 30 30 30 30 30 30 31 0d 0a da 0d 0a 30 30 30 30 30 30 30 31 0d 0a 6d 0d 0a 30 30 30 30 31 0d 0a 79 0d 0a 32 36 36 61 0d 0a 22 27 ac 13 35 7b a7 e9 1a aa 51 0a 13 56 ef a3 1f d7 Data Ascii: 000000010000000100000001^000000010000000100000001000000010000000100000001c00000001;000000010000000160000000100000001000000010000000100000001m00001y266a"'5{QV
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: df 1e 98 da a8 fd 47 79 c2 fb 91 6c 68 df b8 e0 81 69 15 9f fc c2 c9 6a cb f0 c6 31 bf e6 d0 c1 40 77 ed e6 2c 5e dc 5f c7 4c 07 04 67 85 ff 21 a2 2b 0d 76 ac 5a 1d 3d 6b 61 78 86 ef b9 05 af 57 28 a1 0d 7b 11 dd b1 47 c7 d1 aa b1 33 a1 9d ed cd 30 8b 00 2d ee eb 2e cb 4b 95 55 d9 1a f5 79 45 74 be 9c 12 9e d7 74 c4 5a e3 6f cf 19 24 e5 d3 36 bc 58 d2 cd 9d 08 13 08 ba 47 31 6c 54 20 be 96 bc d3 d0 82 dc b4 cd b0 e8 1e 08 f8 1f 89 b9 bf 07 8d 87 4c fa f5 f1 f2 a6 5a 98 88 82 3e 92 ed ce f4 78 3d 1b da 6e d3 95 8c 3d 25 50 83 9a fc 6d 15 17 56 94 9b 6b 11 4a a2 2b b2 24 24 8c 3c 22 9f d0 6d 87 4e b1 72 b8 c7 48 b8 ea 2e 26 79 37 a4 74 46 f8 46 89 fa 1a 2d f9 30 0f 97 ab 00 93 42 29 da f6 82 5c 2c 4c f5 63 5e 1a 55 1d 94 5f b7 6d 76 35 e5 40 f4 ca c4 9a ea Data Ascii: Gylhij1@w,^_Lg!+vZ=kaxW({G30-.KUyEttZo$6XG1lT LZ>x=n=%PmVkJ+$$<"mNrH.&y7tFF-0B)\,Lc^U_mv5@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	60645	34.96.102.137	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:11 UTC	604	OUT	GET /7.0/track-02675bafc3b15c3fe9607f49f9c72a3c.js HTTP/1.1 Host: dev.visualwebsiteoptimizer.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.avs4you.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:11 UTC	463	IN	HTTP/1.1 200 OK Date: Fri, 24 May 2024 15:39:11 GMT Content-Type: text/javascript; charset=UTF-8 Last-Modified: Fri, 24 May 2024 13:39:31 GMT Content-Encoding: gzip ETag: "66509893-1344" server: gnv2 Vary: Accept-Encoding Cache-Control: public Cache-Control: max-age=31536000 Access-Control-Allow-Origin: * Accept-Ranges: bytes Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 30 30 30 30 30 30 30 31 0d 0a 1f 0d 0a 30 30 30 30 30 30 30 31 0d 0a 8b 0d 0a 30 30 30 30 30 30 30 31 0d 0a 08 0d 0a 30 30 30 30 30 30 30 31 0d 0a 08 0d 0a 30 30 30 30 30 30 30 31 0d 0a 73 0d 0a 30 30 30 30 30 30 30 31 0d 0a a6 0d 0a 30 30 30 30 30 30 30 31 0d 0a 38 0d 0a 30 30 30 30 30 30 30 31 0d 0a 66 0d 0a 30 30 30 30 30 30 30 31 0d 0a 00 0d 0a 30 30 30 30 30 30 30 31 0d 0a 03 0d 0a 30 30 30 30 30 30 30 31 0d 0a 74 0d 0a 30 30 30 30 30 30 30 31 0d 0a 72 0d 0a 30 30 30 30 30 30 30 31 0d 0a 61 0d 0a 30 30 30 30 30 30 30 31 0d 0a 63 0d 0a 30 30 30 30 30 30 30 31 0d 0a 6b 0d 0a 30 30 30 30 30 31 0d 0a 2e 0d 0a 61 66 30 0d 0a 6a 73 00 ed 5b 6d 73 9b 48 b6 fe 7e 7f 85 44 dd d2 42 d4 e6 4a 79 9b 0c 0a eb 52 64 ec 61 46 91 5c 92 ec ec 5c 95 86 c2 d0 92 19 63 Data Ascii: 0000000100000001000000010000000100000001s0000000100000001800000001f000000010000000100000001t00000001r00000001a00000001c00000001k000001.af0js[msH~DBJyRdaF\\c
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 78 72 86 51 cb 68 3c b3 8c a1 79 61 7e 18 1a 44 ba 9a a2 e3 87 26 11 e4 18 67 d2 8e 98 f3 24 08 28 90 93 a0 fb 41 e1 d2 68 8a 33 cf bc 7b 50 45 80 90 dc ec 28 e8 40 91 89 9c e8 9c 9b 7a b3 43 9a 40 1c e8 ae 07 e0 00 d2 51 6d b0 bd ab 28 9a 7c 94 a2 c9 90 b7 80 07 19 fc 02 9f 81 20 18 b4 25 65 a1 16 85 99 1b 8e 24 12 e8 cf 5e 36 1b f0 9f c5 06 d5 d3 cb af 9b 8d a4 be e0 a6 19 99 28 78 eb d3 1a a4 f8 a8 63 6b 3b a2 57 91 ff c9 63 b7 a9 4f 48 2d f8 84 ae e8 67 d9 47 3e 0d 12 30 3b 01 83 6e c0 91 f2 62 e5 57 aa a8 ae e7 7e b4 99 73 8b ce aa 0a 8a 32 a2 e3 db 30 f1 5d a3 06 3a e0 31 9f 01 bc 3d 70 d6 21 18 98 0c 1b 18 da 68 68 33 af 7c 4d 23 44 51 0d 47 aa 56 7b fd 10 80 29 57 0f 84 d3 7c ea c1 ba 4e 09 ab 13 39 6b 06 be 6e 4b 92 35 bc d2 19 02 e7 12 ac 8b e9 Data Ascii: xrQh<ya~D&g$(Ah3{PE(@zC@Qm(\| %e$^6(xck;WcOH-gG>0;nbW~s20]:1=p!hh3\|M#DQGV{)W\|N9knK5
2024-05-24 15:39:11 UTC	233	IN	Data Raw: 71 d2 a4 2e 0e ac 51 1f 12 cd c3 05 41 e3 05 41 0f a8 52 4e 01 3d 9f 9e 9b d0 10 6f 36 93 fa a8 f6 e0 6c 6d 08 fd ed 39 3e a2 2d ee 88 2c f0 48 41 e0 40 c2 51 af d1 e4 58 ea a0 64 95 98 8c 37 c5 65 32 60 d6 e1 19 40 bc 83 45 e9 84 28 3d 1c 5a f2 4a 59 ca 82 9c f3 18 88 16 92 05 b2 d7 a3 a6 32 df a4 9c a3 cf 93 0e 64 ff 82 83 e9 69 44 4d b8 96 49 67 97 1e 80 85 ef 90 ce ee ec e3 f9 83 ba cf 3b 30 c1 8a 5d 5d 27 99 3e ef dc c4 55 eb 3b 15 c7 a3 e3 aa 23 39 77 68 48 f0 8e dc e7 74 ef e6 45 80 be eb e2 07 33 d8 63 0d 77 b6 7a 5e 7d 61 58 7d e1 66 07 82 19 91 b5 8a 81 00 d1 6c 34 1f 24 12 de ce ce 11 64 68 cb b2 26 9e cb ad c0 4a aa 9e 0b b1 09 83 18 74 2f c4 2e 1d 87 3d 27 37 22 89 6e 65 0d 0a Data Ascii: q.QAARN=o6lm9>-,HA@QXd7e2`@E(=ZJY2diDMIg;0]]'>U;#9whHtE3cwz^}aX}fl4$dh&Jt/.='7"ne
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 30 30 30 30 30 30 30 31 0d 0a 38 0d 0a 30 30 30 30 30 30 30 31 0d 0a 4d 0d 0a 30 30 30 30 30 30 30 31 0d 0a 52 0d 0a 30 30 30 30 30 30 30 31 0d 0a 9c 0d 0a 30 30 30 30 30 30 30 31 0d 0a 42 0d 0a 30 30 30 30 30 30 30 31 0d 0a 40 0d 0a 30 30 30 30 30 30 30 31 0d 0a 63 0d 0a 30 30 30 30 30 30 30 31 0d 0a cd 0d 0a 30 30 30 30 30 30 31 0d 0a 93 0d 0a 38 33 62 0d 0a 6a 7e 04 4b 8a 43 a7 10 4b ab 90 2c d9 18 fe 34 e1 9f 97 8b 1d d1 c1 e1 2d 46 4a 1b cf a6 bc cc ef c4 60 1b 42 b0 6f be 1a 25 41 26 c0 58 7e ba a3 74 6d f8 f4 9e 06 4c 9c b9 4f 60 06 f4 2a cd 2e e6 41 a6 1b 6b 18 81 7b f1 47 3b 48 40 66 a8 36 dc fc f0 3f 68 e2 b8 a2 f1 65 b3 83 33 90 27 8f fb 78 b9 38 e0 29 cc 1e 89 15 19 ee bc 50 07 bc 90 60 7e d1 15 01 27 52 89 04 99 44 b2 f3 ce 20 0d 3a 4e ba f9 Data Ascii: 00000001800000001M00000001R0000000100000001B00000001@00000001c00000001000000183bj~KCK,4-FJ`Bo%A&X~tmLO`*.Ak{G;H@f6?he3'x8)P`~'RD :N
2024-05-24 15:39:11 UTC	840	IN	Data Raw: 21 22 bc 5b 27 f1 da af 28 59 1c bc 15 9d 9f 77 95 cb 82 9b 4d 5d fb cb 7c c6 23 f7 ac 6b 67 ec d4 dd 02 3f 36 89 ab 1e ec ce 6b a2 cf bb 52 7e 78 b2 42 21 8d 17 a9 4b d5 b5 ba 39 44 81 ba 54 1d 16 fe 57 94 88 d3 4f c7 b6 74 78 06 e4 4e 56 9a cd 8b 39 95 f2 9d 28 dd 89 0a 1d 96 92 e6 6c d1 db ab e8 32 10 11 09 b2 72 96 05 d1 e9 65 7f 82 11 29 5e 76 e3 bf 04 40 63 c0 b5 13 bc 6a 37 17 67 dd a2 65 ba ab 30 10 25 b1 74 5c a5 d4 7c 80 5c 08 39 9b bc e4 53 99 90 c1 fe 77 05 d7 ba ef 78 0e 23 c3 e8 12 f9 68 50 2a fd 5e a6 fd f0 c6 55 a9 6f ab d5 f4 94 42 fd 39 af 07 f6 22 71 85 c6 98 47 58 0a b4 bf b3 14 68 c3 96 c5 d2 9d 5d d9 ee b9 62 e0 77 dc c0 2f f0 da b0 d6 94 c7 7c 03 f9 c5 5f 0d af 5a 25 d9 cf 10 0a 57 e6 c9 04 58 a0 17 1b 46 c5 9f 72 bd 82 a5 73 73 c1 Data Ascii: !"['(YwM]\|#kg?6kR~xB!K9DTWOtxNV9(l2re)^v@cj7ge0%t\\|\9Swx#hP*^UoB9"qGXh]bw/\|_Z%WXFrss
2024-05-24 15:39:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	60644	34.96.102.137	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:11 UTC	611	OUT	GET /analysis/4.0/opa-2015714ead7ef389f4c17a73331ce8c0.js HTTP/1.1 Host: dev.visualwebsiteoptimizer.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.avs4you.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 24 May 2024 15:39:11 GMT Content-Type: application/javascript; charset=UTF-8 Last-Modified: Fri, 24 May 2024 13:39:24 GMT Content-Encoding: gzip ETag: "6650988c-9bf6" server: gnv2 Vary: Accept-Encoding Cache-Control: public Cache-Control: max-age=31536000 Access-Control-Allow-Origin: * Accept-Ranges: bytes Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 30 30 30 30 31 0d 0a 1f 0d 0a 30 66 66 66 0d 0a 8b 08 08 34 cc 4c 66 00 03 6f 70 61 2e 6a 73 00 e4 5b 6d 77 db 36 b2 fe 2b 36 cf 5e 1d a2 82 69 29 2f 4d 43 99 57 37 75 ec 4d ee 26 71 36 76 d3 f4 c8 aa 0f 2d c1 12 12 0a 50 49 28 8e 63 f2 bf df 19 80 20 41 8a 4a da ee c7 7b b6 1b 91 20 30 18 0c e6 e5 99 01 bc 7f b3 11 33 c5 a5 f0 c9 fd e7 38 dd 63 51 d5 c0 a8 32 6d 22 72 3a 31 9f 8c 95 4f c2 8c a9 0b be 62 72 a3 7c 41 87 83 01 29 46 f0 b9 18 31 df e9 9c 32 b5 49 c5 de fb 5f cf 7a 3d f8 27 b8 2a 7f 82 84 5f bf 92 f1 9c cd 0b ea 74 bf e5 62 2e 6f 03 e8 12 d5 8f 79 3e 99 52 1c f5 f9 4a 46 de a3 60 10 3c f8 e9 a1 47 5b 7c f3 16 df 66 66 9f 47 67 d7 1f d9 4c 05 c0 ee db 54 2a a9 ee d6 ec ec 26 cf ef af ae d6 f8 7e 75 15 4e a6 05 17 99 8a c5 8c c9 9b bd 67 69 1a Data Ascii: 000010fff4Lfopa.js[mw6+6^i)/MCW7uM&q6v-PI(c AJ{ 038cQ2m"r:1Obr\|A)F12I_z='_tb.oy>RJF`<G[\|ffGgLT&~uNgi
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 2c bd 0b 3e 66 1e 4d 38 f8 53 19 2a 3a 93 09 fc 0a 9a c9 4d 3a 63 21 2f 4c 42 b0 6c 7b cf 59 34 97 33 8d 10 00 59 cd 02 fb 72 92 30 dd 26 c1 b4 8d 8b a4 1b 7c 44 74 05 f8 00 9e 60 1f 01 7c c0 c3 0d 4f 14 4b 21 a0 cd ca e4 a4 1c eb 7b 73 fe d9 43 90 30 a9 84 a7 c1 69 90 ad 35 41 74 1b 60 e4 9f 19 20 24 3a 2f a5 45 93 e8 f0 77 04 bc 07 7e d0 27 87 74 19 1d 5e 9e f7 0f 17 f4 06 da fd cb 2c bf dc 0c 06 cf 06 a4 9f bb 2f ff 80 0e ab e8 3e 16 7c a5 6d ee 25 70 a4 1f 74 18 0c f7 07 28 8f cd aa 7e bd 49 d8 97 7f a6 f2 d6 3e 9f 2f 21 4c 7f d2 6f 52 a8 5f 19 5f 2c 75 3f 94 e7 8b ea 4d ae e3 19 57 77 fa 31 9d b3 d4 3c ac 97 b1 c8 f0 f1 96 c3 02 f4 d3 d7 97 b8 5e 78 72 f6 7b ed 06 f9 60 b5 49 14 07 ef d2 eb b1 40 ae b1 43 36 76 83 b5 51 8c 2a cb 42 0f 9b 46 ef 21 50 Data Ascii: ,>fM8S:M:c!/LBl{Y43Yr0&\|Dt`\|OK!{sC0i5At` $:/Ew~'t^,/>\|m%pt(~I>/!LoR__,u?MWw1<^xr{`I@C6vQBF!P
2024-05-24 15:39:11 UTC	1333	IN	Data Raw: 92 95 24 dd 56 50 cb d2 89 9d 04 c0 24 b4 6f 15 e7 8c 31 43 1e 59 17 a2 07 da 2d 43 3a 33 84 5c a6 5d b9 86 d4 66 7f a8 8f 2f bc 6b 29 01 91 39 f0 5a 62 21 27 92 0d 62 43 4b ec 01 24 0b a6 20 eb 69 ef 2c 21 72 bc d7 ff fa 52 57 da 62 68 86 8c 1a de f4 b9 d2 c1 01 42 83 a3 78 94 9a c4 c9 a0 20 9f 39 b4 d3 29 21 ce 41 0a 76 8a 24 1e ff 80 07 c5 1f af 3a 33 f4 0c 7e 92 f0 c3 b1 5f 06 3e 0e a6 42 3f fe 36 01 bc 66 0a c3 3e 07 6e b0 cd 1c 39 71 42 8c 90 e6 91 e8 e8 2c 1a 9d 05 21 63 11 ba 83 d1 11 de 17 23 64 28 b2 e2 f7 33 3a af b4 be aa 43 20 2b ba 1b 27 75 c2 46 2b 5a e6 04 cc be d1 16 1f 8d 00 84 d8 14 ad c3 96 be 4d 97 3f 57 fb 46 70 66 9d 38 3e 67 4c bd 44 0c 0d 9a 58 22 56 d8 78 ac bf bb c9 13 44 a7 ae c3 43 46 3d a7 93 47 76 75 73 49 39 27 a4 1e ac b0 Data Ascii: $VP$o1CY-C:3\]f/k)9Zb!'bCK$ i,!rRWbhBx 9)!Av$:3~_>B?6f>n9qB,!c#d(3:C +'uF+ZM?WFpf8>gLDX"VxDCF=GvusI9'
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 30 30 31 30 30 30 0d 0a 56 f2 82 62 da 19 36 eb 44 d5 7d 0d c3 c5 35 a6 35 6d 80 cd c7 e5 9d 47 bf 72 63 e3 f2 17 d7 f9 cc 66 ba 9d 8d 3e f2 50 ba 0c 31 2d f1 28 19 97 b8 94 85 bb d6 a6 ef 8f 3a a4 1b af 9a f7 10 2f b9 45 80 fe 2a 68 a6 33 04 41 cc b5 15 9d 62 03 76 53 2d 30 86 d1 07 eb 38 cf 1a c2 70 ca c0 90 74 eb 0a b8 bf 24 fa 22 6c 27 87 a2 ab c4 26 82 9a b4 e1 53 99 62 1a ad ad b2 eb ec 6a a7 c6 68 8f ee 97 da 6f ee 78 39 c6 fe 37 28 99 91 25 29 13 57 5a 91 4a b9 b1 60 5f 95 ca 70 af 20 7a 0e 68 82 a1 6d 50 8c ea e2 5f 14 e9 03 c2 8b 93 0f 17 57 6f ce 9e 9f e0 8d 92 f6 19 87 39 a8 00 c0 52 68 97 84 77 63 77 78 a3 da bc 61 f2 ef 59 b8 a2 3f 0e 1e 7e cb c2 29 ea be f5 dc e5 42 4a e8 0a b0 f6 16 60 c3 f3 f2 e3 b8 f5 ee 06 e1 d0 84 c0 91 23 08 f4 99 eb Data Ascii: 001000Vb6D}55mGrcf>P1-(:/E*h3AbvS-08pt$"l'&Sbjhox97(%)WZJ`_p zhmP_Wo9RhwcwxaY?~)BJ`#
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 03 d1 a3 07 a4 16 ec ab aa 7c 8a 7d 43 81 70 01 7c 09 a4 5c 35 50 48 23 69 22 07 de 86 c3 b5 a5 79 be 82 20 09 f9 d1 07 d8 d4 b1 0a 61 05 eb 2f de ce 48 f2 cc 9c cd 49 2c b9 e0 bd b0 f2 ef 78 cb bf 30 d4 75 17 f3 41 03 05 54 63 bd bd 85 85 59 69 85 18 62 07 b2 c1 c6 fa 31 20 b6 b8 1d 5c 97 71 b6 04 c9 8b 05 fb 3f e2 9e 45 ab 6d 64 c9 5f 91 7b b2 20 c5 8d b1 49 32 49 64 14 1f 0f 90 8c 77 78 e4 02 49 ee 2c 30 3e c2 92 b1 6e 6c 89 91 64 48 06 fc 25 fb 1f fb 4f fb 17 b7 aa fa a1 96 2c 9b ec dd b3 67 e7 64 8c d4 dd ea 67 75 75 bd bb 74 00 48 33 fb 65 39 7f 51 5e 48 31 a4 4a f4 4b 64 8a 56 9e 66 8c 34 d9 16 7e cb cf a2 eb 29 50 d7 48 1e 9a 98 82 38 6d 71 0a a0 67 62 8f 6c 8f ae a5 25 8b e3 e2 de 95 c4 83 2d 58 29 91 f7 af 6e 3b 6a ae 64 15 13 17 db cf 1f 97 b0 Data Ascii: \|}Cp\|\5PH#i"y a/HI,x0uATcYib1 \q?Emd_{ I2IdwxI,0>nldH%O,gdguutH3e9Q^H1JKdVf4~)PH8mqgbl%-X)n;jd
2024-05-24 15:39:11 UTC	1326	IN	Data Raw: d4 43 23 eb d4 9e c2 6f 0c bf 8e 9e ec e9 94 51 a7 7c dd a9 ca 02 d8 63 fa 16 08 20 f8 5d b6 3e 1f 8b a9 98 cb d3 90 4f e4 83 8e 13 83 06 4c f6 c4 83 2e f1 b9 67 1b ff 22 6d 0b 8d 0c 90 61 d8 8b 46 b4 97 f0 1f 2b 25 c7 22 39 2e a7 e6 22 35 2f a7 32 48 dd 84 0a 36 01 b3 4f 3c c6 f8 bc c7 58 73 d2 9c 37 27 2e 3d 44 cd 09 ad ca 98 cf f8 2d 8e 7f 06 fc 7b 59 1d 34 73 6a 80 7c 26 46 7b 03 75 ea 40 46 2d 40 af 07 65 b2 5b 82 47 f7 a6 e9 25 04 6a 38 f7 39 cd 3d fe a2 05 5e 2f 68 e9 ed 29 0e 59 d7 4c 09 1d 0e 1f 33 ce d0 db f7 82 35 73 fb c6 69 b2 2b b6 a8 03 9b 5b 13 6c 6e 61 bf 94 47 72 2b 59 9d 3b a3 d7 a6 7d 23 b0 d0 2b 87 e0 45 17 21 2a be b1 cb dd bb a6 17 a3 1a aa dc d1 26 b0 3c 4d 33 29 87 24 d1 f1 07 ec f8 1d bc 2e d8 82 fe e3 33 13 87 9b 98 88 24 51 40 Data Ascii: C#oQ\|c ]>OL.g"maF+%"9."5/2H6O<Xs7'.=D-{Y4sj\|&F{u@F-@e[G%j89=^/h)YL35si+[lnaGr+Y;}#+E!*&<M3)$.3$Q@
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 30 30 30 30 30 30 30 31 0d 0a b2 0d 0a 30 30 30 30 30 30 30 31 0d 0a 24 0d 0a 30 30 30 30 30 30 30 31 0d 0a af 0d 0a 30 30 30 30 30 30 30 31 0d 0a 1c 0d 0a 30 30 30 31 0d 0a 73 0d 0a 31 63 37 62 0d 0a d8 00 f1 b2 c8 ca 0c 76 34 2c e5 e8 f5 db 83 b9 f5 a3 9b da 80 1a 48 b1 b1 fe 71 ff f0 f7 ff 38 18 6a a9 92 f4 3e 91 be 5d 88 a6 81 29 57 a5 7e 3d e8 9f 1f f5 3f ae 2d f3 fe e4 f4 a8 28 50 91 92 55 01 6b c9 95 d3 bb 17 f8 93 a4 a0 41 c6 88 10 28 24 bc 6a 15 8f 13 03 12 50 85 80 2e 35 0e 57 9e c4 5e 0d d6 0e b5 fa de 65 68 03 92 5f 28 1c bf b5 83 ae e5 a6 f8 15 4e 24 a0 d1 a4 43 3c d1 7a a8 08 93 c7 b1 ef c5 aa 26 2e fa 47 db 6a 69 ce ed 48 7b b2 93 65 1d 10 48 d9 ae af 63 87 21 81 24 e4 36 fe 45 a6 cf 93 21 d4 18 90 19 c0 31 49 49 6c 7c 41 79 a0 7c 4d 1d 61 Data Ascii: 0000000100000001$00000001000000010001s1c7bv4,Hq8j>])W~=?-(PUkA($jP.5W^eh_(N$C<z&.GjiH{eHc!$6E!1IIl\|Ay\|Ma
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: 7e f6 15 d9 f8 52 5d 98 18 06 2a 98 a5 2b 62 69 7c d4 c6 a0 f5 bb b1 cc 6b 52 80 57 c1 cb 98 61 92 79 aa ce 1c 7c 2b a0 09 a7 b4 35 1c 46 d9 7b c0 6c c2 0d 16 df ef e6 e1 70 d8 43 39 77 51 85 2b 35 a9 b0 e3 fe 2c 91 6b 8e 11 c5 3c 47 e3 1f e0 4f e0 a0 3f 8b 72 61 2c 32 cd c4 10 7a d8 25 fd e6 b2 79 2c c4 6a 01 6b 68 1b 99 89 0f 4b 7a 9a 24 68 3a 66 b4 6d 19 57 32 15 65 7a e5 31 12 c9 ed 1a 4c 80 99 b9 82 c2 d7 fe 48 e8 e2 d6 da 3f d9 fb 74 74 70 7c 3e 7c 7f da ff 40 0f d2 6f 3c d1 0c 45 b4 b2 d6 48 d5 1a 01 dd 10 02 5d 1c 66 59 42 56 48 14 c3 06 37 e2 2a 74 ca 53 ee 73 65 1d dc 68 a0 6d 47 c3 2e a6 3b 34 ad 49 ab 93 ad 8e 61 55 3c f2 cc 09 c8 f4 64 ad 98 80 fa 9a 49 6f a7 6a 66 e7 07 47 1f 0f fb e7 07 52 40 22 62 36 69 cd ba 9d ea 16 71 3d a4 b6 cf 6c 2e Data Ascii: ~R]+bi\|kRWay\|+5F{lpC9wQ+5,k<GO?ra,2z%y,jkhKz$h:fmW2ez1LH?ttp\|>\|@o<EH]fYBVH7tSsehmG.;4IaU<dIojfGR@"b6iq=l.
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: bc 6e 96 8c 59 b8 af 97 35 5c 64 57 7c a4 6b 34 59 f1 a7 ea 36 b8 f2 6b 33 3d 55 e9 29 d4 dd d5 d2 56 38 77 03 c2 1f 81 76 12 54 01 60 02 85 39 bb 01 50 a1 3e 61 3c db 37 aa 04 72 ae 91 a9 08 44 ad 9b 69 72 ed 4f 35 f2 45 ae bb 11 56 72 69 0f 02 ce 08 bf 21 61 3b 47 b7 46 46 e4 b5 06 53 46 7e cd 15 3f b7 12 22 b4 e7 3c 31 9d 29 0c 47 3c 2f 37 0c ed 2e 7b 8f 97 1b 0e 20 a3 cb 8d cb 9f ae 9e f7 1c 4f 3f 93 b1 dd b3 ce b3 1d 6f a9 71 05 72 70 b0 2e ed 2c f3 f4 12 d1 a6 4a 07 03 9b c3 8e 65 8e d6 b4 29 02 03 92 2f ed 56 b3 77 09 cd 8a 90 6f 32 2a 54 58 7b d8 98 a3 08 f9 26 55 8a 4e 2f 4b c8 21 46 c1 b0 b3 e9 2c 14 42 d6 2d e2 b5 79 97 dd 67 db 0e fa 99 03 7f 8a d6 0d 30 ab 4d 8f 59 8d 68 76 9b a4 68 63 dc 65 c6 60 97 51 58 e9 a8 96 c7 74 79 43 56 ae 64 ce 0d Data Ascii: nY5\dW\|k4Y6k3=U)V8wvT`9P>a<7rDirO5EVri!a;GFFSF~?"<1)G</7.{ O?oqrp.,Je)/Vwo2*TX{&UN/K!F,B-yg0MYhvhce`QXtyCVd
2024-05-24 15:39:11 UTC	1390	IN	Data Raw: ba bd 7b 42 f3 a9 5a 87 45 f2 be 2b 28 a0 db 20 00 d4 6d ae a8 7c db c7 7d ce 57 d4 48 96 cd ba e4 a3 44 2a e1 12 04 90 8e b8 2c 91 6c 0a be 81 60 d4 d1 e0 41 ec 82 e8 20 65 d7 29 ee 56 c7 1a 8d 76 ba 27 c4 46 58 f8 9f 3e dd 20 6d 50 4d 35 2a be 32 11 f3 8e 65 8f d0 d3 d0 33 18 d1 b4 70 b5 1d d5 70 95 df 77 9d c5 d8 45 f2 97 51 48 e2 7a 9e 58 a7 32 97 79 6b ea 05 d8 56 59 17 f0 d7 17 8b b6 ad b2 c8 f5 d7 34 ab bc ad b6 29 e1 6f 41 72 84 b6 ea 32 db 5f 17 78 48 5b 3d c8 82 3a 67 d5 1c 85 14 2c 83 04 9e 9c d3 8c 1c 11 c4 bb 9c 23 48 3c c8 5e ef ba b3 83 3b 5f 57 6e 72 dd 0b 51 3b c4 d9 76 32 ce da 32 0a 95 61 de a1 5f bc e2 45 d8 de 19 54 b8 f0 b7 d8 92 75 61 b2 10 44 95 8f df ed 9f 21 35 7a b6 cc 55 64 17 af 26 3c 14 fa 57 52 5e 6b 7d 5d a4 a5 09 49 7c ad Data Ascii: {BZE+( m\|}WHD,l`A e)Vv'FX> mPM52e3ppwEQHzX2ykVY4)oAr2_xH[=:g,#H<^;_WnrQ;v22a_ETuaD!5zUd&<WR^k}]I\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	60655	34.96.102.137	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:12 UTC	701	OUT	GET /v.gif?cd=0&a=279977&d=avs4you.com&u=D7089C87ED9985DECDFE20D474BE53994&h=76d0d9c659f6f247740bd2ae94d457e2&t=false HTTP/1.1 Host: dev.visualwebsiteoptimizer.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:12 UTC	312	IN	HTTP/1.1 200 OK Date: Fri, 24 May 2024 15:39:12 GMT Content-Type: image/gif Cache-Control: public, max-age=43200 X-Content-Type-Options: nosniff Content-Length: 35 Access-Control-Allow-Origin: * server: gnv1c Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-24 15:39:12 UTC	35	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 ff ff ff 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	60649	34.96.102.137	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:12 UTC	582	OUT	GET /settings.js?a=279977&settings_type=1&vn=7.0&exc=18\|25 HTTP/1.1 Host: dev.visualwebsiteoptimizer.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:12 UTC	404	IN	HTTP/1.1 200 OK Date: Fri, 24 May 2024 15:39:11 GMT Content-Type: application/javascript; charset=UTF-8 Transfer-Encoding: chunked Cache-Control: public Cache-Control: max-age=0 Cache-Control: no-cache Cache-Control: must-revalidate Access-Control-Allow-Origin: * ETag: W/"1716557981" server: gnv2 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-24 15:39:12 UTC	986	IN	Data Raw: 34 0d 0a 74 72 79 7b 0d 0a 33 66 62 61 0d 0a 77 69 6e 64 6f 77 2e 56 57 4f 20 3d 20 77 69 6e 64 6f 77 2e 56 57 4f 20 7c 7c 20 5b 5d 3b 20 20 77 69 6e 64 6f 77 2e 56 57 4f 2e 64 61 74 61 20 3d 20 77 69 6e 64 6f 77 2e 56 57 4f 2e 64 61 74 61 20 7c 7c 20 7b 7d 3b 20 77 69 6e 64 6f 77 2e 56 57 4f 2e 64 61 74 61 2e 74 73 20 3d 20 31 37 31 36 35 36 35 31 35 31 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 56 57 4f 4f 6d 6e 69 54 65 6d 70 3d 7b 7d 3b 77 69 6e 64 6f 77 2e 56 57 4f 4f 6d 6e 69 3d 77 69 6e 64 6f 77 2e 56 57 4f 4f 6d 6e 69 7c 7c 7b 7d 3b 66 6f 72 28 76 61 72 20 6b 65 79 20 69 6e 20 56 57 4f 4f 6d 6e 69 54 65 6d 70 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 56 57 4f 4f 6d 6e Data Ascii: 4try{3fbawindow.VWO = window.VWO \|\| []; window.VWO.data = window.VWO.data \|\| {}; window.VWO.data.ts = 1716565151;(function(){var VWOOmniTemp={};window.VWOOmni=window.VWOOmni\|\|{};for(var key in VWOOmniTemp)Object.prototype.hasOwnProperty.call(VWOOmn
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 63 6f 6d 62 5f 6e 22 3a 7b 22 34 22 3a 22 56 61 72 69 61 74 69 6f 6e 2d 33 22 2c 22 32 22 3a 22 56 61 72 69 61 74 69 6f 6e 2d 31 22 2c 22 31 22 3a 22 43 6f 6e 74 72 6f 6c 22 2c 22 33 22 3a 22 56 61 72 69 61 74 69 6f 6e 2d 32 22 7d 2c 22 73 65 63 74 69 6f 6e 73 22 3a 7b 22 31 22 3a 7b 22 73 65 67 6d 65 6e 74 4f 62 6a 22 3a 7b 7d 2c 22 73 65 67 6d 65 6e 74 22 3a 7b 22 34 22 3a 31 2c 22 32 22 3a 31 2c 22 31 22 3a 31 2c 22 33 22 3a 31 7d 2c 22 70 61 74 68 22 3a 22 22 2c 22 76 61 72 69 61 74 69 6f 6e 73 22 3a 7b 22 34 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 69 6f 62 69 74 2e 63 6f 6d 5c 2f 6f 72 64 65 72 5c 2f 63 68 65 63 6b 6f 75 74 2e 70 68 70 3f 2a 26 4f 50 54 49 4f 4e 53 34 35 30 34 35 39 34 30 3d 31 70 63 69 6d 66 26 4f 52 44 45 52 53 54 Data Ascii: comb_n":{"4":"Variation-3","2":"Variation-1","1":"Control","3":"Variation-2"},"sections":{"1":{"segmentObj":{},"segment":{"4":1,"2":1,"1":1,"3":1},"path":"","variations":{"4":"https:\/\/store.iobit.com\/order\/checkout.php?*&OPTIONS45045940=1pcimf&ORDERST
2024-05-24 15:39:12 UTC	1385	IN	Data Raw: 62 69 74 5c 5c 2e 63 6f 6d 5c 5c 5c 2f 6f 72 64 65 72 5c 5c 5c 2f 66 69 6e 69 73 68 5c 5c 2e 70 68 70 5c 5c 3f 2e 2a 24 22 7d 2c 22 31 22 3a 7b 22 74 79 70 65 22 3a 22 53 45 50 41 52 41 54 45 5f 50 41 47 45 22 2c 22 65 78 63 6c 75 64 65 55 72 6c 22 3a 22 22 2c 22 75 72 6c 52 65 67 65 78 22 3a 22 5e 68 74 74 70 73 5c 5c 3a 5c 5c 5c 2f 5c 5c 5c 2f 73 74 6f 72 65 5c 5c 2e 69 6f 62 69 74 5c 5c 2e 63 6f 6d 5c 5c 5c 2f 6f 72 64 65 72 5c 5c 5c 2f 66 69 6e 69 73 68 5c 5c 2e 70 68 70 5c 5c 3f 2e 2a 24 22 7d 2c 22 32 22 3a 7b 22 74 79 70 65 22 3a 22 53 45 50 41 52 41 54 45 5f 50 41 47 45 22 2c 22 65 78 63 6c 75 64 65 55 72 6c 22 3a 22 22 2c 22 75 72 6c 52 65 67 65 78 22 3a 22 5e 68 74 74 70 73 5c 5c 3a 5c 5c 5c 2f 5c 5c 5c 2f 73 74 6f 72 65 5c 5c 2e 69 6f 62 69 74 Data Ascii: bit\\.com\\\/order\\\/finish\\.php\\?.$"},"1":{"type":"SEPARATE_PAGE","excludeUrl":"","urlRegex":"^https\\:\\\/\\\/store\\.iobit\\.com\\\/order\\\/finish\\.php\\?.$"},"2":{"type":"SEPARATE_PAGE","excludeUrl":"","urlRegex":"^https\\:\\\/\\\/store\\.iobit
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 6d 5c 2f 6f 72 64 65 72 5c 2f 63 68 65 63 6b 6f 75 74 2e 70 68 70 3f 2a 22 2c 22 33 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 69 6f 62 69 74 2e 63 6f 6d 5c 2f 6f 72 64 65 72 5c 2f 63 68 65 63 6b 6f 75 74 2e 70 68 70 3f 2a 26 4f 50 54 49 4f 4e 53 34 35 30 34 36 30 34 35 3d 31 70 63 69 75 26 4f 52 44 45 52 53 54 59 4c 45 3d 6e 4c 57 77 6d 35 54 66 6b 4c 67 3d 26 43 4c 45 41 4e 5f 43 41 52 54 3d 61 6c 6c 22 7d 2c 22 76 61 72 69 61 74 69 6f 6e 73 52 65 67 65 78 22 3a 7b 22 34 22 3a 22 5e 68 74 74 70 73 5c 5c 3a 5c 5c 5c 2f 5c 5c 5c 2f 73 74 6f 72 65 5c 5c 2e 69 6f 62 69 74 5c 5c 2e 63 6f 6d 5c 5c 5c 2f 6f 72 64 65 72 5c 5c 5c 2f 63 68 65 63 6b 6f 75 74 5c 5c 2e 70 68 70 5c 5c 3f 2e 2a 26 4f 50 54 49 4f 4e 53 34 35 30 34 36 30 34 35 5c 5c 3d 31 Data Ascii: m\/order\/checkout.php?","3":"https:\/\/store.iobit.com\/order\/checkout.php?&OPTIONS45046045=1pciu&ORDERSTYLE=nLWwm5TfkLg=&CLEAN_CART=all"},"variationsRegex":{"4":"^https\\:\\\/\\\/store\\.iobit\\.com\\\/order\\\/checkout\\.php\\?.*&OPTIONS45046045\\=1
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 5c 5c 5c 2f 66 69 6e 69 73 68 5c 5c 2e 70 68 70 5c 5c 3f 2e 2a 24 22 7d 7d 2c 22 63 6f 6d 62 73 22 3a 7b 22 34 22 3a 30 2e 33 33 33 33 33 33 2c 22 32 22 3a 30 2e 33 33 33 33 33 33 2c 22 31 22 3a 30 2c 22 33 22 3a 30 2e 33 33 33 33 33 33 7d 2c 22 73 65 67 6d 65 6e 74 5f 63 6f 64 65 22 3a 22 28 28 5f 76 77 6f 5f 74 2e 63 6d 28 27 65 4f 27 2c 20 27 70 6f 6c 6c 27 2c 27 5f 76 77 6f 5f 73 28 29 2e 66 5f 69 6e 28 5f 76 77 6f 5f 73 28 29 2e 6a 76 28 5c 5c 27 6f 6d 6e 69 74 75 72 65 5f 76 61 72 73 2e 54 45 4d 50 4c 41 54 45 5f 49 44 5c 5c 27 29 2c 5c 5c 27 33 30 33 30 38 5c 5c 27 29 27 29 20 26 26 20 5f 76 77 6f 5f 73 28 29 2e 66 5f 63 6f 6e 28 5f 76 77 6f 5f 73 28 29 2e 55 28 29 2c 27 34 35 30 34 36 30 34 35 27 29 29 29 22 2c 22 75 72 6c 52 65 67 65 78 22 3a 22 Data Ascii: \\\/finish\\.php\\?.*$"}},"combs":{"4":0.333333,"2":0.333333,"1":0,"3":0.333333},"segment_code":"((_vwo_t.cm('eO', 'poll','_vwo_s().f_in(_vwo_s().jv(\\'omniture_vars.TEMPLATE_ID\\'),\\'30308\\')') && _vwo_s().f_con(_vwo_s().U(),'45046045')))","urlRegex":"
2024-05-24 15:39:12 UTC	1316	IN	Data Raw: 57 77 6d 35 54 66 6a 48 49 5c 5c 3d 28 3f 3a 23 2e 2a 29 3f 24 22 2c 22 31 22 3a 22 5e 68 74 74 70 73 5c 5c 3a 5c 5c 5c 2f 5c 5c 5c 2f 73 74 6f 72 65 5c 5c 2e 69 6f 62 69 74 5c 5c 2e 63 6f 6d 5c 5c 5c 2f 6f 72 64 65 72 5c 5c 5c 2f 63 68 65 63 6b 6f 75 74 5c 5c 2e 70 68 70 5c 5c 3f 2e 2a 24 22 2c 22 33 22 3a 22 5e 68 74 74 70 73 5c 5c 3a 5c 5c 5c 2f 5c 5c 5c 2f 73 74 6f 72 65 5c 5c 2e 69 6f 62 69 74 5c 5c 2e 63 6f 6d 5c 5c 5c 2f 6f 72 64 65 72 5c 5c 5c 2f 63 68 65 63 6b 6f 75 74 5c 5c 2e 70 68 70 5c 5c 3f 2e 2a 26 4f 50 54 49 4f 4e 53 34 35 30 34 35 38 39 35 5c 5c 3d 31 70 63 64 62 26 4f 52 44 45 52 53 54 59 4c 45 5c 5c 3d 6e 4c 57 77 6d 35 54 66 6b 4c 67 5c 5c 3d 26 43 4c 45 41 4e 5f 43 41 52 54 5c 5c 3d 61 6c 6c 28 3f 3a 23 2e 2a 29 3f 24 22 7d 7d 7d 2c Data Ascii: Wwm5TfjHI\\=(?:#.)?$","1":"^https\\:\\\/\\\/store\\.iobit\\.com\\\/order\\\/checkout\\.php\\?.$","3":"^https\\:\\\/\\\/store\\.iobit\\.com\\\/order\\\/checkout\\.php\\?.&OPTIONS45045895\\=1pcdb&ORDERSTYLE\\=nLWwm5TfkLg\\=&CLEAN_CART\\=all(?:#.)?$"}}},
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 70 63 5f 74 72 61 66 66 69 63 22 3a 31 30 30 2c 22 6d 61 6e 75 61 6c 22 3a 66 61 6c 73 65 2c 22 74 79 70 65 22 3a 22 53 50 4c 49 54 5f 55 52 4c 22 2c 22 69 73 53 70 61 52 65 76 65 72 74 46 65 61 74 75 72 65 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 7d 5d 2c 22 33 30 35 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 48 50 49 4e 43 41 56 50 5f 4f 6e 65 2d 53 74 65 70 49 6e 4c 69 6e 65 54 65 73 74 5f 44 52 41 46 54 22 2c 22 65 70 22 3a 31 37 30 39 33 30 34 39 37 37 30 30 30 2c 22 63 6c 69 63 6b 6d 61 70 22 3a 31 2c 22 73 73 22 3a 7b 22 73 65 22 3a 22 74 72 75 65 22 2c 22 63 73 61 22 3a 30 7d 2c 22 65 78 63 6c 75 64 65 5f 75 72 6c 22 3a 22 22 2c 22 76 61 72 53 65 67 41 6c 6c 6f 77 65 64 22 3a 66 61 6c 73 65 2c 22 69 62 65 22 3a 31 2c 22 63 6f 6d 62 5f 6e 22 3a 7b 22 31 Data Ascii: pc_traffic":100,"manual":false,"type":"SPLIT_URL","isSpaRevertFeatureEnabled":false}],"305":[{"name":"HPINCAVP_One-StepInLineTest_DRAFT","ep":1709304977000,"clickmap":1,"ss":{"se":"true","csa":0},"exclude_url":"","varSegAllowed":false,"ibe":1,"comb_n":{"1
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 61 22 3a 30 2c 22 70 75 22 3a 22 5f 76 77 6f 5f 74 2e 63 6d 28 27 65 4f 27 2c 27 64 6f 6d 2e 6c 6f 61 64 27 29 22 7d 2c 22 65 78 63 6c 75 64 65 5f 75 72 6c 22 3a 22 5e 2e 2a 26 44 4f 54 45 53 54 5c 5c 3d 31 2e 2a 24 22 2c 22 6d 75 6c 74 69 70 6c 65 5f 64 6f 6d 61 69 6e 73 22 3a 31 2c 22 69 62 65 22 3a 31 2c 22 63 6f 6d 62 5f 6e 22 3a 7b 22 34 22 3a 22 56 61 72 69 61 74 69 6f 6e 2d 33 22 2c 22 32 22 3a 22 56 61 72 69 61 74 69 6f 6e 2d 31 22 2c 22 31 22 3a 22 43 6f 6e 74 72 6f 6c 22 2c 22 33 22 3a 22 56 61 72 69 61 74 69 6f 6e 2d 32 22 7d 2c 22 73 65 63 74 69 6f 6e 73 22 3a 7b 22 31 22 3a 7b 22 73 65 67 6d 65 6e 74 4f 62 6a 22 3a 7b 7d 2c 22 73 65 67 6d 65 6e 74 22 3a 7b 22 34 22 3a 31 2c 22 32 22 3a 31 2c 22 31 22 3a 31 2c 22 33 22 3a 31 7d 2c 22 70 61 74 Data Ascii: a":0,"pu":"_vwo_t.cm('eO','dom.load')"},"exclude_url":"^.&DOTEST\\=1.$","multiple_domains":1,"ibe":1,"comb_n":{"4":"Variation-3","2":"Variation-1","1":"Control","3":"Variation-2"},"sections":{"1":{"segmentObj":{},"segment":{"4":1,"2":1,"1":1,"3":1},"pat
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 5c 5c 5c 2f 66 69 6e 69 73 68 5c 5c 2e 70 68 70 5c 5c 3f 2e 2a 24 22 7d 2c 22 32 33 30 22 3a 7b 22 74 79 70 65 22 3a 22 43 55 53 54 4f 4d 5f 47 4f 41 4c 22 2c 22 65 78 63 6c 75 64 65 55 72 6c 22 3a 22 22 2c 22 75 72 6c 52 65 67 65 78 22 3a 22 5e 68 74 74 70 73 5c 5c 3a 5c 5c 5c 2f 5c 5c 5c 2f 73 74 6f 72 65 5c 5c 2e 69 6f 62 69 74 5c 5c 2e 63 6f 6d 5c 5c 5c 2f 6f 72 64 65 72 5c 5c 5c 2f 66 69 6e 69 73 68 5c 5c 2e 70 68 70 5c 5c 3f 2e 2a 24 22 7d 2c 22 31 22 3a 7b 22 74 79 70 65 22 3a 22 53 45 50 41 52 41 54 45 5f 50 41 47 45 22 2c 22 65 78 63 6c 75 64 65 55 72 6c 22 3a 22 22 2c 22 75 72 6c 52 65 67 65 78 22 3a 22 5e 68 74 74 70 73 5c 5c 3a 5c 5c 5c 2f 5c 5c 5c 2f 73 74 6f 72 65 5c 5c 2e 69 6f 62 69 74 5c 5c 2e 63 6f 6d 5c 5c 5c 2f 6f 72 64 65 72 5c 5c 5c Data Ascii: \\\/finish\\.php\\?.$"},"230":{"type":"CUSTOM_GOAL","excludeUrl":"","urlRegex":"^https\\:\\\/\\\/store\\.iobit\\.com\\\/order\\\/finish\\.php\\?.$"},"1":{"type":"SEPARATE_PAGE","excludeUrl":"","urlRegex":"^https\\:\\\/\\\/store\\.iobit\\.com\\\/order\\\
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 69 6f 62 69 74 2e 63 6f 6d 5c 2f 6f 72 64 65 72 5c 2f 63 68 65 63 6b 6f 75 74 2e 70 68 70 3f 2a 26 4f 52 44 45 52 53 54 59 4c 45 3d 6e 4c 57 77 6d 35 54 66 6a 48 49 3d 22 2c 22 31 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 69 6f 62 69 74 2e 63 6f 6d 5c 2f 6f 72 64 65 72 5c 2f 63 68 65 63 6b 6f 75 74 2e 70 68 70 3f 2a 22 2c 22 33 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 69 6f 62 69 74 2e 63 6f 6d 5c 2f 6f 72 64 65 72 5c 2f 63 68 65 63 6b 6f 75 74 2e 70 68 70 3f 2a 26 4f 50 54 49 4f 4e 53 34 34 37 33 39 35 32 35 3d 31 70 63 61 73 63 26 4f 52 44 45 52 53 54 59 4c 45 3d 6e 4c 57 77 6d 35 54 66 6b 4c 67 3d 26 43 4c 45 41 4e 5f 43 41 52 54 3d 61 6c 6c 22 7d 2c 22 76 61 72 69 61 Data Ascii: :"https:\/\/store.iobit.com\/order\/checkout.php?&ORDERSTYLE=nLWwm5TfjHI=","1":"https:\/\/store.iobit.com\/order\/checkout.php?","3":"https:\/\/store.iobit.com\/order\/checkout.php?*&OPTIONS44739525=1pcasc&ORDERSTYLE=nLWwm5TfkLg=&CLEAN_CART=all"},"varia

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	60656	34.96.102.137	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:12 UTC	609	OUT	GET /analysis/worker-70faafffa0475802f5ee03ca5ff74179.js HTTP/1.1 Host: dev.visualwebsiteoptimizer.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.avs4you.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:12 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 24 May 2024 15:39:12 GMT Content-Type: application/javascript; charset=UTF-8 Last-Modified: Fri, 24 May 2024 13:39:24 GMT Content-Encoding: gzip ETag: "6650988c-3b55" server: gnv2 Vary: Accept-Encoding Cache-Control: public Cache-Control: max-age=31536000 Access-Control-Allow-Origin: * Accept-Ranges: bytes Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-05-24 15:39:12 UTC	920	IN	Data Raw: 30 30 30 30 30 30 30 31 0d 0a 1f 0d 0a 30 30 30 30 30 30 30 31 0d 0a 8b 0d 0a 30 30 30 30 30 30 30 31 0d 0a 08 0d 0a 30 30 30 30 30 30 30 31 0d 0a 08 0d 0a 30 30 30 30 30 30 30 31 0d 0a 01 0d 0a 30 30 30 30 30 30 30 31 0d 0a c0 0d 0a 30 30 30 30 30 30 30 31 0d 0a 16 0d 0a 30 30 30 30 30 30 30 31 0d 0a 5f 0d 0a 30 66 66 38 0d 0a 00 03 77 6f 72 6b 65 72 2e 6a 73 00 e4 5a ff 73 da 38 da ff fd fe 0a 97 99 97 b3 17 41 31 f9 b2 a9 41 65 68 42 1a 66 29 64 08 d9 dd 1e c3 32 0a c8 c1 ad 63 67 6d d3 6c 9a 70 7f fb 3d 8f 24 db 32 d0 24 bd bb d9 db 99 b7 bb 13 2c e9 d1 a3 47 cf d7 8f 64 bf fe e1 87 bf 19 3b fe 99 e3 25 37 3e f4 c6 46 df 9b f3 20 e6 d6 df 76 92 1d 87 b7 f7 91 77 bd 4c 0c f3 d8 32 1a 75 7b bf 0a 7f 7e 34 ae ee 8d 9f bd 84 f9 f7 c6 f9 ea 6b e4 05 06 0b Data Ascii: 0000000100000001000000010000000100000001000000010000000100000001_0ff8worker.jsZs8A1AehBf)d2cgmlp=$2$,Gd;%7>F vwL2u{~4k
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 91 10 4e 1f 6e 59 b2 8c 9d 07 08 15 d7 bb 76 34 8a 88 27 10 6b 0f 9f 7e 5f f1 e8 de 29 d5 6a af af c2 3b 1e cd e6 e1 cd 6d 18 40 76 8b 5f cb 31 f5 53 bb f1 82 12 29 05 7e 5c 95 1d 25 47 6f ac e1 5f 33 97 80 59 0f a5 50 84 6d 89 d2 e4 fe 96 43 20 f0 3f 30 2c e2 72 f9 4b e8 2d 8c fa 2b 4a 79 9b d7 54 2f 65 a6 e5 24 74 4b c0 52 da 93 f3 61 6d a4 65 6b d3 5a 9b 5b f4 46 da 63 24 26 27 8c 78 d6 43 d6 13 98 31 09 ad 07 cf 35 5f b1 49 3c 95 4f 5c 3c a1 be 7c ba 63 b1 88 ff be f2 22 5e 2e ab 87 26 ce 09 cb 65 df 52 eb f9 c0 f4 55 dd c2 fe 28 ed 8b 54 1f 72 5d d2 80 df 19 dd 28 0a 23 b3 74 cc 02 48 32 50 32 20 fb 40 52 5e f9 dc f8 7b a9 12 57 4a 7f 2f 59 cd 64 19 85 77 c6 b2 36 0f 17 9c 96 3e 0c 4f 2e fb dd 19 04 e9 ec 74 78 39 38 29 91 e5 1a f9 2d 28 ca 4e 1f 94 Data Ascii: NnYv4'k~_)j;m@v_1S)~\%Go_3YPmC ?0,rK-+JyT/e$tKRamekZ[Fc$&'xC15_I<O\<\|c"^.&eRU(Tr](#tH2P2 @R^{WJ/Ydw6>O.tx98)-(N
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: b8 4b 09 fe 9f e0 2e 38 fc 8b 9b a9 4d e0 a5 e1 b1 c5 4e 3c e6 6a bd d7 5f a5 1b 40 f7 ec db 30 ed c5 a8 8c 2c e1 e4 e9 6a d8 6c f5 0d 6c 06 58 af 30 a0 41 ea 6b 8a 18 ed c5 d0 0d 4d 7a da 1b f4 2e ce 1c 7c 1c 0c 67 a7 fd cb 8b b3 5d 70 ce cd e0 5c 86 32 9e 45 74 b3 0c d1 b9 df 44 74 6e 86 e8 5c 0d d1 b9 39 a2 73 bf 85 e8 dc 02 90 72 77 20 ba 95 95 32 95 88 4e 9b 41 61 4c 8f 02 d3 25 ba 06 2c 8b 4a 87 1f 74 bb 27 b3 93 de f1 b8 5c 9e bf 2c 6e e6 10 66 4c cd 7e 77 79 3a eb 8e 46 c3 51 b9 2c 34 7e 2d 58 c8 40 12 b6 02 52 15 59 17 e3 51 b7 f3 61 d6 1d 9c 48 48 a9 a2 ed 65 b8 32 df a5 82 94 05 dd ec 5a a2 40 85 50 ce 53 44 d2 1d ca e5 b4 7d f1 71 70 ac 74 f2 34 1c 85 13 66 58 5b 25 ee d1 55 18 61 c6 4c 0d a2 99 00 63 2d 6f 55 03 88 31 09 5c 15 6a cd a6 04 05 Data Ascii: K.8MN<j_@0,jllX0AkMz.\|g]p\2EtDtn\9srw 2NAaL%,Jt'\,nfL~wy:FQ,4~-X@RYQaHHe2Z@PSD}qpt4fX[%UaLc-oU1\j
2024-05-24 15:39:12 UTC	500	IN	Data Raw: 26 db 56 bd cd 1d 3c 48 31 f8 65 95 70 82 34 d3 b7 bc cd 1c ae ee 9d 33 a8 0c d5 e6 e0 99 6a 93 7f 5a b1 59 b5 73 97 0b 84 ae 0e ca c9 63 1d a2 3e c1 88 00 e7 c7 ae c7 ba 78 85 8f 07 67 d6 94 13 58 15 f2 42 83 ef b5 58 1b fe 3a ac 09 26 aa c0 41 38 a8 f0 09 54 94 e9 63 dd 82 59 d5 6a dc b4 9a c1 ff 21 e7 86 4d 22 f5 90 6a 38 78 04 b3 da 87 8f f5 b5 ac 99 87 2f de c5 43 7e 61 e1 d4 c9 3f 66 e2 53 a3 4e 5f f5 d8 44 3f da 39 0d 68 9e 5e f6 d3 d1 3d 92 5d fd ec c3 e3 bb fe f0 f8 27 e7 00 9e e0 04 da bd 80 03 05 1e c5 04 d7 fc 4c 2a 58 66 37 22 82 63 77 34 1a 0c 9d aa ad d1 e1 7d 87 53 c5 c1 93 ce b8 93 b6 71 bd ec 3a c4 a9 e2 4a 20 fb f1 f0 83 f8 4e ab 37 1c 88 b5 de 75 2f c6 b3 8b 73 58 42 ac 25 9a 3a cd 1b e4 da 3d ed 5c f6 8b fd 42 80 d3 5e 7f dc 1d a9 a9 Data Ascii: &V<H1ep43jZYsc>xgXBX:&A8TcYj!M"j8x/C~a?fSN_D?9h^=]'L*Xf7"cw4}Sq:J N7u/sXB%:=\B^
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 30 30 30 30 30 30 30 31 0d 0a 7b 0d 0a 30 30 30 30 30 30 30 31 0d 0a 1d 0d 0a 30 30 30 30 30 30 30 31 0d 0a 2c 0d 0a 30 30 30 30 30 30 30 31 0d 0a e9 0d 0a 30 30 30 30 30 30 30 31 0d 0a f9 0d 0a 30 30 30 30 30 30 30 31 0d 0a d5 0d 0a 30 30 30 30 30 30 30 31 0d 0a 0d 0d 0a 30 30 30 30 30 30 30 31 0d 0a 11 0d 0a 30 30 30 30 30 30 30 31 0d 0a 31 0d 0a 30 30 30 30 30 30 30 31 0d 0a 0f 0d 0a 30 30 30 30 30 30 30 31 0d 0a dd 0d 0a 30 30 30 30 30 30 30 31 0d 0a 5f 0d 0a 30 30 30 30 30 30 30 31 0d 0a f2 0d 0a 30 30 30 30 31 0d 0a 4b 0d 0a 32 62 34 37 0d 0a a7 24 bd 33 ca 98 cc a0 bc 68 2d 18 06 6d 27 da e5 57 fe 0c 08 a4 48 89 1d 49 0d ce 86 cc cf 9b 99 00 55 9d 1c 1b f2 d5 90 ea 10 6f 00 34 5e e2 86 26 db 78 28 35 fe b9 36 4b a2 99 eb af e2 e5 ec ca 0f e7 9f a1 Data Ascii: 00000001{0000000100000001,0000000100000001000000010000000100000001000000011000000010000000100000001_0000000100001K2b47$3h-m'WHIUo4^&x(56K
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 34 5a af 48 58 ff e2 ee 49 9b db 36 92 fd fe 7e 85 9c aa 65 61 c2 c1 5b 02 e0 4d 8c 54 92 8f 44 15 47 d9 32 ed 0f b1 4a 8f 05 91 90 4d 8b 22 15 92 ba 6c 6a 7f fb 76 f7 dc 00 68 4b 8a 77 b3 f5 6a e3 15 e6 ee e9 e9 e9 ee e9 ee 19 16 6b cb 68 37 37 4b 27 f1 a8 a1 bf 65 a4 88 d3 ed 87 cf b0 5e f9 ad 89 da a5 6b 4c e2 48 a6 08 9d 64 3f c2 1b 27 b2 33 6f f0 9b d1 29 46 25 9b 14 6e 4a 93 22 42 70 86 72 0e b6 06 52 d8 8b 4e 8d 02 6c 92 7b a8 aa e6 00 ea 65 b8 c3 1b 9e e1 37 41 5e a3 73 5c eb 95 9e 71 41 09 d2 60 29 a9 e3 d5 f2 38 84 5a c7 8a ce bc 2c b3 95 bc ce fd f1 8a 46 29 37 df 8a 2e d3 23 de 28 73 20 20 11 64 16 d8 58 87 74 8e b5 5f e9 9c c9 1d 0c b4 5e e6 d2 d3 76 2d bd fd 41 fc e3 5b 66 cb 27 15 e5 f0 df 61 3d d2 41 54 a7 b3 51 75 9d 77 54 47 85 4f 9b b1 Data Ascii: 4ZHXI6~ea[MTDG2JM"ljvhKwjkh77K'e^kLHd?'3o)F%nJ"BprRNl{e7A^s\qA`)8Z,F)7.#(s dXt_^v-A[f'a=ATQuwTGO
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: a7 6d 78 5d a9 b1 5b 5e 00 d3 2d d2 73 74 46 42 54 13 5b d5 ee 48 f5 05 35 dc 48 17 93 e2 0d d5 5a 5b 0f 0c 51 b4 7b c0 c4 70 68 35 bb af fd 79 2c a6 12 66 c7 f9 55 5e 35 a0 8d 35 16 47 b8 f2 52 31 0b bb 69 da 64 69 da 1d 8c 37 22 d8 da 69 a3 af bf db 40 77 6d 0f 92 04 9a b7 c9 9e 3c b1 46 c7 5a 00 fd e1 a5 e9 71 5d 24 51 38 fe 5b 12 39 d0 f0 8f 00 df 98 95 1b 61 be 42 26 c5 15 32 aa a9 e2 0d 65 3e 59 7d 25 e2 23 b4 db b7 7b ce 06 66 b4 31 dd 55 94 26 df 91 30 8b 31 30 0b 91 06 b2 e3 6a 8a 40 77 b7 6e 43 60 16 35 82 cd 26 28 50 84 a9 b3 3b 7a 0c 79 84 23 10 2d 0c a3 82 f0 9a ac a5 9a af 0f 8f 2e da 6a 9a 3e 36 33 3c 71 c8 0e c3 51 be 27 b8 96 9e 11 ba ea 3d 57 49 f3 9d 84 49 d3 aa 93 83 0c b5 93 6c 5b 48 e4 58 ec 8b b7 86 14 00 62 d2 a2 0a 41 6a fc ff c0 Data Ascii: mx][^-stFBT[H5HZ[Q{ph5y,fU^55GR1idi7"i@wm<FZq]$Q8[9aB&2e>Y}%#{f1U&010j@wnC`5&(P;zy#-.j>63<qQ'=WIIl[HXbAj
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 5d 1c d0 75 e5 34 1d a3 45 b3 cb 4b 39 8c 5f 8a 0f c7 57 b5 8b 93 41 de 47 46 a3 0e 09 57 20 2a c5 b5 b8 dc 45 49 ca c7 a1 b8 46 2d 22 90 39 4a e6 b2 e1 f1 52 5f 4f 6f d5 2e a5 a9 96 9e e7 84 0a d7 4c 9f ee 82 76 93 52 38 90 32 5d 5e b2 7a 70 55 43 e0 af 01 66 76 32 18 2f e6 eb e9 fc 2a df c9 51 2d 4e 62 68 f0 05 36 2e be 0e 1f c5 f2 9c b7 b3 be 97 d7 4a 7f 98 ce 29 d2 65 07 74 c1 7c 99 cd fe 2e 37 fb 0e 62 e9 07 ae 5a 25 0d d3 ea 5c 03 c8 83 eb 1a 3e 63 89 56 de f4 ba 0a 3f 8c 9f d7 85 05 8c 4b 2c d0 f4 19 7f 1c 52 4f 01 a9 37 27 83 ec 1b 48 25 5c 15 d0 5a 46 dc e9 b7 11 97 15 b1 83 44 81 af a3 6e c5 0b 0c 72 67 50 33 4e 2d 72 bc f9 04 34 a1 2d e8 02 92 4f 83 3b 17 65 0c ef 77 56 c3 b1 5e 2c 76 ce 60 33 9f 66 e3 f3 2d f0 38 f8 86 c5 82 7d b7 62 e9 1d a1 Data Ascii: ]u4EK9_WAGFW EIF-"9JR_Oo.LvR82]^zpUCfv2/Q-Nbh6.J)et\|.7bZ%\>cV?K,RO7'H%\ZFDnrgP3N-r4-O;ewV^,v`3f-8}b
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 5d 5f b9 eb a4 19 cb 1e a6 13 e5 34 a5 b6 b7 69 d4 b6 4e d8 19 53 27 a4 c1 2c 0c f9 08 c8 97 5e 05 4c d3 5b 0e 47 8d 2e 9e 9b e2 5a a6 84 7e d2 6a 47 2d 68 34 62 5f 3e 1d 67 5a 23 94 8f f3 8c f8 a7 e3 08 ce 20 e6 31 1f 5d fe 21 50 5f fc 13 ac 48 03 43 b1 47 d2 84 87 b0 c5 d6 9f 9b 19 dd 53 da 1d 09 c1 e4 da 57 46 25 7c bb 3a 52 c0 e0 f3 e5 52 01 1e 29 6d 18 46 86 b3 e9 df 92 c8 39 24 8e 17 cb 25 3e 65 2f 1f 51 de 21 30 4a a7 43 1c bb fb 8c 7e 0c 63 64 4f b2 57 f3 f3 f9 e2 66 be 83 3f 17 b8 cc e5 ef 67 ca 78 f4 ca 0e 6e 43 d1 e4 87 a2 5b c7 6e 10 96 5d d1 54 91 0d 99 e4 b3 4c fd 15 87 e6 2d c1 c3 5d 5d 56 3c d7 4a be b5 83 bc a5 3c 9c b4 37 21 0b 3f 34 31 08 1a db 91 ae 8d 0f 54 8e f6 a2 46 1f 76 03 61 5c 36 1e 10 a5 c4 fd a7 91 82 5e a2 11 47 84 21 f6 55 Data Ascii: ]_4iNS',^L[G.Z~jG-h4b_>gZ# 1]!P_HCGSWF%\|:RR)mF9$%>e/Q!0JC~cdOWf?gxnC[n]TL-]]V<J<7!?41TFva\6^G!U
2024-05-24 15:39:12 UTC	1390	IN	Data Raw: 8d fc 8d dd b8 d9 a8 bd 51 af 38 1f c1 fe fe 4d bc e1 2f 80 a5 16 40 7a 51 0f 02 09 d6 51 fd 37 8c a9 d9 dd 3d 62 db a0 3a aa 3f 15 2e e2 22 47 c8 45 8e b8 c4 4e 5d 1c 15 f9 b2 2e 78 6f 14 25 f1 9c 98 f5 1b 63 53 8e db 96 e6 92 b8 46 05 da cb 5a d0 a5 e8 e2 6b 13 ab 3c 21 94 0b c4 a9 34 53 80 32 f4 c6 e8 df ea 5c 11 c7 f2 dc e0 5c 9e 7d 25 54 f2 71 9c 57 cf b3 2e 34 69 c8 3e 61 36 84 18 95 46 f4 e8 4f 8d 24 95 86 2e d0 f9 ee 98 5c 24 a8 ca 68 18 2b ab a1 5a 75 cd 01 0c 25 3a d1 7c ff 06 52 7c 00 1d 1a 88 fe 3b 09 b1 92 80 be 1e ed 06 2b a2 e2 43 9e f3 4a 2a 52 c6 d0 b8 f9 fd a8 48 0e f8 27 a8 88 20 91 bd ec 4a 3b ff 13 63 de f4 89 26 56 a6 d3 b8 a5 0d 01 67 66 16 74 cc 3a 08 cf b8 19 72 28 9f ae c4 c3 97 cc 09 87 6c 57 05 b3 fe c9 20 bc 7b 54 55 c8 81 ba Data Ascii: Q8M/@zQQ7=b:?."GEN].xo%cSFZk<!4S2\\}%TqW.4i>a6FO$.\$h+Zu%:\|R\|;+CJ*RH' J;c&Vgft:r(lW {TU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	60652	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:12 UTC	620	OUT	GET /static/246926afbd284fb716642aa731f7a86a/77c99/register-available-carts.png HTTP/1.1 Host: www.avs4you.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151
2024-05-24 15:39:12 UTC	432	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 7087 Connection: close Last-Modified: Tue, 16 Apr 2024 09:59:15 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:12 GMT ETag: "560c83aca91592a5d2786012b4ca5d22" X-Cache: Hit from cloudfront Via: 1.1 87b57eed59394b56861648e2552cb6ea.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: jRxp9HnqA0wMxPPymb07lxDzrR5zXrVQe2IFbyvc7cRDtvp_2sH2HA== Age: 1
2024-05-24 15:39:12 UTC	7087	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d6 00 00 00 57 08 03 00 00 00 8e 5f 94 a1 00 00 03 00 50 4c 54 45 47 70 4c e3 e8 e8 db eb f9 ff c6 00 00 42 86 00 70 cf 00 6e cf 00 44 88 00 6e cf 00 46 83 1c 1c 71 ff ff ff 7e 98 c9 55 9e df 54 a0 e0 f8 bd 18 00 70 cf 00 44 88 3f 55 9f ff ff ff bc 26 8e bb bb bb 00 44 87 10 3c 7b 01 6f d0 0e 3f 7d 2b 43 94 1a 1f 71 ff 60 00 f7 b6 00 f7 db 00 f7 9e 1b eb 00 1b 01 84 cc 00 00 00 d9 00 2e 26 3b 80 14 9a d6 00 3b 87 00 cc 5c 80 b7 e8 40 93 dc e0 e1 e2 c6 c6 c7 49 59 68 4e 5f 97 f0 f3 f7 bf db f4 6e 6e 6e d3 d3 d3 d1 09 4b 05 70 92 f9 c8 3f 7e 7e 7e a7 ac b2 f4 f4 f5 8a 8a 89 c0 d2 e2 e2 30 2f 40 73 a5 5e 5e 5d ef f8 fc d2 d6 d9 7f a0 c3 df e8 f0 21 b9 dd f6 fa f9 98 98 98 23 2c 66 f0 f2 f0 76 82 8e ce Data Ascii: PNGIHDRW_PLTEGpLBpnDnFq~UTpD?U&D<{o?}+Cq`.&;;\@IYhN_nnnKp?~~~0/@s^^]!#,fv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	60663	34.96.102.137	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:13 UTC	466	OUT	GET /v.gif?cd=0&a=279977&d=avs4you.com&u=D7089C87ED9985DECDFE20D474BE53994&h=76d0d9c659f6f247740bd2ae94d457e2&t=false HTTP/1.1 Host: dev.visualwebsiteoptimizer.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:13 UTC	312	IN	HTTP/1.1 200 OK Date: Fri, 24 May 2024 15:39:13 GMT Content-Type: image/gif Cache-Control: public, max-age=43200 X-Content-Type-Options: nosniff Content-Length: 35 Access-Control-Allow-Origin: * server: gnv1c Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-24 15:39:13 UTC	35	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 ff ff ff 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	60662	34.96.102.137	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:13 UTC	405	OUT	GET /analysis/worker-70faafffa0475802f5ee03ca5ff74179.js HTTP/1.1 Host: dev.visualwebsiteoptimizer.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:13 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 24 May 2024 15:39:12 GMT Content-Type: application/javascript; charset=UTF-8 Last-Modified: Fri, 24 May 2024 13:39:24 GMT Content-Encoding: gzip ETag: "6650988c-3b55" server: gnv2 Vary: Accept-Encoding Cache-Control: public Cache-Control: max-age=31536000 Access-Control-Allow-Origin: * Accept-Ranges: bytes Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-05-24 15:39:13 UTC	920	IN	Data Raw: 30 30 30 30 30 30 30 31 0d 0a 1f 0d 0a 30 30 30 30 30 30 30 31 0d 0a 8b 0d 0a 30 30 30 30 30 30 30 31 0d 0a 08 0d 0a 30 30 30 30 30 30 30 31 0d 0a 08 0d 0a 30 30 30 30 30 30 30 31 0d 0a 01 0d 0a 30 30 30 30 30 30 30 31 0d 0a c0 0d 0a 30 30 30 30 30 30 30 31 0d 0a 16 0d 0a 30 30 30 30 30 30 30 31 0d 0a 5f 0d 0a 30 30 30 30 30 30 30 31 0d 0a 00 0d 0a 30 30 30 30 30 30 30 31 0d 0a 03 0d 0a 30 30 30 30 30 30 30 31 0d 0a 77 0d 0a 30 30 30 30 30 30 30 31 0d 0a 6f 0d 0a 30 30 30 30 30 30 30 31 0d 0a 72 0d 0a 30 30 30 30 30 30 30 31 0d 0a 6b 0d 0a 30 30 30 30 30 30 30 31 0d 0a 65 0d 0a 30 30 30 30 30 30 30 31 0d 0a 72 0d 0a 30 30 30 30 30 31 0d 0a 2e 0d 0a 30 66 65 66 0d 0a 6a 73 00 e4 5a ff 73 da 38 da ff fd fe 0a 97 99 97 b3 17 41 31 f9 b2 a9 41 65 68 42 1a 66 Data Ascii: 0000000100000001000000010000000100000001000000010000000100000001_000000010000000100000001w00000001o00000001r00000001k00000001e00000001r000001.0fefjsZs8A1AehBf
2024-05-24 15:39:13 UTC	1390	IN	Data Raw: ef 8a 59 43 e0 bc 5b 2f 38 55 ee cc f8 e5 ac 8b 64 28 57 07 fe 3f 1e f7 86 03 54 c1 f1 70 30 1e 41 93 80 86 46 e3 8c dd 2f bd 8b 2e 31 3a a3 de 05 2a f3 74 34 fc b0 5b 39 68 32 e0 32 14 8c 81 d7 a0 2b 39 a3 39 8b 56 07 12 6c 5f 5e 74 b3 45 8c 93 6e a7 0f fc c1 05 06 cf ba 4d ed 87 d7 af dc 55 20 52 87 69 3d 7c 61 91 91 10 4e 1f 6e 59 b2 8c 9d 07 08 15 d7 bb 76 34 8a 88 27 10 6b 0f 9f 7e 5f f1 e8 de 29 d5 6a af af c2 3b 1e cd e6 e1 cd 6d 18 40 76 8b 5f cb 31 f5 53 bb f1 82 12 29 05 7e 5c 95 1d 25 47 6f ac e1 5f 33 97 80 59 0f a5 50 84 6d 89 d2 e4 fe 96 43 20 f0 3f 30 2c e2 72 f9 4b e8 2d 8c fa 2b 4a 79 9b d7 54 2f 65 a6 e5 24 74 4b c0 52 da 93 f3 61 6d a4 65 6b d3 5a 9b 5b f4 46 da 63 24 26 27 8c 78 d6 43 d6 13 98 31 09 ad 07 cf 35 5f b1 49 3c 95 4f 5c 3c Data Ascii: YC[/8Ud(W?Tp0AF/.1:*t4[9h22+99Vl_^tEnMU Ri=\|aNnYv4'k~_)j;m@v_1S)~\%Go_3YPmC ?0,rK-+JyT/e$tKRamekZ[Fc$&'xC15_I<O\<
2024-05-24 15:39:13 UTC	1390	IN	Data Raw: da da 3f 82 ed 40 02 b4 0f 0a fd d6 86 50 8f 14 84 fa 2f 60 b0 c5 33 18 cc 0b be 81 c1 34 d1 52 70 e5 d7 fe 31 1b fe b4 85 20 96 29 c2 12 d3 25 7a 12 6b bb 24 e3 ff 7e 07 d2 d2 c8 8b 60 ab 90 28 76 41 2c bd 41 ff 1d bc 35 db 81 b7 84 01 34 be 4f c1 2f 94 57 38 a6 a9 e9 f0 5b c8 ab 38 33 d7 e3 6e 45 fe 17 70 d7 f2 a5 b8 4b 09 fe 9f e0 2e 38 fc 8b 9b a9 4d e0 a5 e1 b1 c5 4e 3c e6 6a bd d7 5f a5 1b 40 f7 ec db 30 ed c5 a8 8c 2c e1 e4 e9 6a d8 6c f5 0d 6c 06 58 af 30 a0 41 ea 6b 8a 18 ed c5 d0 0d 4d 7a da 1b f4 2e ce 1c 7c 1c 0c 67 a7 fd cb 8b b3 5d 70 ce cd e0 5c 86 32 9e 45 74 b3 0c d1 b9 df 44 74 6e 86 e8 5c 0d d1 b9 39 a2 73 bf 85 e8 dc 02 90 72 77 20 ba 95 95 32 95 88 4e 9b 41 61 4c 8f 02 d3 25 ba 06 2c 8b 4a 87 1f 74 bb 27 b3 93 de f1 b8 5c 9e bf 2c 6e Data Ascii: ?@P/`34Rp1 )%zk$~`(vA,A54O/W8[83nEpK.8MN<j_@0,jllX0AkMz.\|g]p\2EtDtn\9srw 2NAaL%,Jt'\,n
2024-05-24 15:39:13 UTC	606	IN	Data Raw: 3f 36 ed 56 0c 47 07 5c 2b a2 51 ab 75 88 aa 97 eb 91 b8 5a c5 e1 b6 ce d6 89 94 f1 53 39 1c 33 aa 4a ef 22 aa 4b 78 d8 63 04 b6 ae 97 ed 7a 63 2f eb 47 5f 7b c4 1e 48 af eb cc 6a 4b 28 0b 02 a8 66 67 bb 5d da 13 8a 91 30 37 33 d4 db f4 09 2f a9 a8 6e 3f 0e 1b 87 7c c3 ca 65 50 19 5e 2b be 69 e0 a6 20 cf 5a 0c 36 95 26 db 56 bd cd 1d 3c 48 31 f8 65 95 70 82 34 d3 b7 bc cd 1c ae ee 9d 33 a8 0c d5 e6 e0 99 6a 93 7f 5a b1 59 b5 73 97 0b 84 ae 0e ca c9 63 1d a2 3e c1 88 00 e7 c7 ae c7 ba 78 85 8f 07 67 d6 94 13 58 15 f2 42 83 ef b5 58 1b fe 3a ac 09 26 aa c0 41 38 a8 f0 09 54 94 e9 63 dd 82 59 d5 6a dc b4 9a c1 ff 21 e7 86 4d 22 f5 90 6a 38 78 04 b3 da 87 8f f5 b5 ac 99 87 2f de c5 43 7e 61 e1 d4 c9 3f 66 e2 53 a3 4e 5f f5 d8 44 3f da 39 0d 68 9e 5e f6 d3 d1 Data Ascii: ?6VG\+QuZS93J"Kxczc/G_{HjK(fg]073/n?\|eP^+i Z6&V<H1ep43jZYsc>xgXBX:&A8TcYj!M"j8x/C~a?fSN_D?9h^
2024-05-24 15:39:13 UTC	1390	IN	Data Raw: 30 30 30 30 30 30 30 31 0d 0a 7b 0d 0a 30 30 30 30 30 30 30 31 0d 0a 1d 0d 0a 30 30 30 30 30 30 30 31 0d 0a 2c 0d 0a 30 30 30 30 30 30 30 31 0d 0a e9 0d 0a 30 30 30 30 30 30 30 31 0d 0a f9 0d 0a 30 30 30 30 30 30 30 31 0d 0a d5 0d 0a 30 30 30 30 30 30 30 31 0d 0a 0d 0d 0a 30 30 30 30 30 30 30 31 0d 0a 11 0d 0a 30 30 30 30 30 30 30 31 0d 0a 31 0d 0a 30 30 30 30 30 30 30 31 0d 0a 0f 0d 0a 30 30 30 30 30 30 30 31 0d 0a dd 0d 0a 30 30 30 30 30 30 30 31 0d 0a 5f 0d 0a 30 30 30 30 30 30 30 31 0d 0a f2 0d 0a 30 30 30 30 30 30 30 31 0d 0a 4b 0d 0a 30 30 30 30 30 30 30 31 0d 0a a7 0d 0a 30 30 30 30 30 30 30 31 0d 0a 24 0d 0a 30 30 30 30 30 30 30 31 0d 0a bd 0d 0a 30 30 30 30 30 30 30 31 0d 0a 33 0d 0a 30 30 30 30 30 30 30 31 0d 0a ca 0d 0a 30 30 30 30 30 30 30 31 Data Ascii: 00000001{0000000100000001,0000000100000001000000010000000100000001000000011000000010000000100000001_0000000100000001K0000000100000001$000000010000000130000000100000001
2024-05-24 15:39:13 UTC	1390	IN	Data Raw: bd 5f fb 09 8e 79 02 dd 98 25 3e 56 79 a1 ec 64 87 8e 2d f2 57 c9 c9 73 fd 3d ae f8 fa 43 9c b1 d3 9c a4 be 0c 51 69 04 df 9f 63 5b 5c 0b 28 12 96 93 88 bb 05 ea c9 0e 5c 81 06 f9 42 d7 a6 e2 2f bf 79 c5 57 7c aa c9 92 55 9c 7e 39 ab dd 6e 68 34 5a af 48 58 ff e2 ee 49 9b db 36 92 fd fe 7e 85 9c aa 65 61 c2 c1 5b 02 e0 4d 8c 54 92 8f 44 15 47 d9 32 ed 0f b1 4a 8f 05 91 90 4d 8b 22 15 92 ba 6c 6a 7f fb 76 f7 dc 00 68 4b 8a 77 b3 f5 6a e3 15 e6 ee e9 e9 e9 ee e9 ee 19 16 6b cb 68 37 37 4b 27 f1 a8 a1 bf 65 a4 88 d3 ed 87 cf b0 5e f9 ad 89 da a5 6b 4c e2 48 a6 08 9d 64 3f c2 1b 27 b2 33 6f f0 9b d1 29 46 25 9b 14 6e 4a 93 22 42 70 86 72 0e b6 06 52 d8 8b 4e 8d 02 6c 92 7b a8 aa e6 00 ea 65 b8 c3 1b 9e e1 37 41 5e a3 73 5c eb 95 9e 71 41 09 d2 60 29 a9 e3 d5 Data Ascii: _y%>Vyd-Ws=CQic[\(\B/yW\|U~9nh4ZHXI6~ea[MTDG2JM"ljvhKwjkh77K'e^kLHd?'3o)F%nJ"BprRNl{e7A^s\qA`)
2024-05-24 15:39:13 UTC	1390	IN	Data Raw: 1f 81 0f ef c5 7e 1e 54 5b 66 f8 fc 80 9b 39 cf 2e f2 bd ae 9f 87 3c 3f 9f 43 9f 6d c8 97 c3 63 74 80 1d 70 7a 91 cb 6c 2f 4b 05 19 54 96 44 ed ad 45 71 d3 16 f5 08 1f 24 ac 00 fa 38 a5 b5 d0 86 42 55 90 c6 34 87 32 58 8b 95 c5 91 9c 6c ad e6 a7 6d 78 5d a9 b1 5b 5e 00 d3 2d d2 73 74 46 42 54 13 5b d5 ee 48 f5 05 35 dc 48 17 93 e2 0d d5 5a 5b 0f 0c 51 b4 7b c0 c4 70 68 35 bb af fd 79 2c a6 12 66 c7 f9 55 5e 35 a0 8d 35 16 47 b8 f2 52 31 0b bb 69 da 64 69 da 1d 8c 37 22 d8 da 69 a3 af bf db 40 77 6d 0f 92 04 9a b7 c9 9e 3c b1 46 c7 5a 00 fd e1 a5 e9 71 5d 24 51 38 fe 5b 12 39 d0 f0 8f 00 df 98 95 1b 61 be 42 26 c5 15 32 aa a9 e2 0d 65 3e 59 7d 25 e2 23 b4 db b7 7b ce 06 66 b4 31 dd 55 94 26 df 91 30 8b 31 30 0b 91 06 b2 e3 6a 8a 40 77 b7 6e 43 60 16 35 82 Data Ascii: ~T[f9.<?Cmctpzl/KTDEq$8BU42Xlmx][^-stFBT[H5HZ[Q{ph5y,fU^55GR1idi7"i@wm<FZq]$Q8[9aB&2e>Y}%#{f1U&010j@wnC`5
2024-05-24 15:39:13 UTC	1390	IN	Data Raw: 80 52 2e b2 5b 8e 74 78 43 ac 62 82 5f 1f b3 6b d8 db f8 85 fd 4b be 21 af b4 5c e1 46 5b cc 26 7c 2c f0 da fc 7a 05 da 07 19 a2 f0 61 74 7e 8a fd 4d 57 6b 4a 5c 88 20 c2 4d 0d 85 58 91 01 69 df a8 2c ac a3 f2 06 eb 3e a8 c5 e3 34 42 87 e0 55 5d 1c d0 75 e5 34 1d a3 45 b3 cb 4b 39 8c 5f 8a 0f c7 57 b5 8b 93 41 de 47 46 a3 0e 09 57 20 2a c5 b5 b8 dc 45 49 ca c7 a1 b8 46 2d 22 90 39 4a e6 b2 e1 f1 52 5f 4f 6f d5 2e a5 a9 96 9e e7 84 0a d7 4c 9f ee 82 76 93 52 38 90 32 5d 5e b2 7a 70 55 43 e0 af 01 66 76 32 18 2f e6 eb e9 fc 2a df c9 51 2d 4e 62 68 f0 05 36 2e be 0e 1f c5 f2 9c b7 b3 be 97 d7 4a 7f 98 ce 29 d2 65 07 74 c1 7c 99 cd fe 2e 37 fb 0e 62 e9 07 ae 5a 25 0d d3 ea 5c 03 c8 83 eb 1a 3e 63 89 56 de f4 ba 0a 3f 8c 9f d7 85 05 8c 4b 2c d0 f4 19 7f 1c 52 Data Ascii: R.[txCb_kK!\F[&\|,zat~MWkJ\ MXi,>4BU]u4EK9_WAGFW EIF-"9JR_Oo.LvR82]^zpUCfv2/Q-Nbh6.J)et\|.7bZ%\>cV?K,R
2024-05-24 15:39:13 UTC	1390	IN	Data Raw: e5 c0 bc 07 04 dc 69 63 e5 f9 20 22 8b a7 63 ee 44 41 87 b1 b7 ea b0 9a 48 53 a0 b1 23 2c ad 1d e1 cc b5 c1 93 5b 4e 9b 25 e6 c6 2c 31 73 cd 88 23 6d 1c b8 d5 c6 81 cf 80 d2 03 e0 0e ef 40 d3 5f eb 93 e5 ea 66 8a cf 45 4a 08 d8 97 71 06 6a e5 5d 5f b9 eb a4 19 cb 1e a6 13 e5 34 a5 b6 b7 69 d4 b6 4e d8 19 53 27 a4 c1 2c 0c f9 08 c8 97 5e 05 4c d3 5b 0e 47 8d 2e 9e 9b e2 5a a6 84 7e d2 6a 47 2d 68 34 62 5f 3e 1d 67 5a 23 94 8f f3 8c f8 a7 e3 08 ce 20 e6 31 1f 5d fe 21 50 5f fc 13 ac 48 03 43 b1 47 d2 84 87 b0 c5 d6 9f 9b 19 dd 53 da 1d 09 c1 e4 da 57 46 25 7c bb 3a 52 c0 e0 f3 e5 52 01 1e 29 6d 18 46 86 b3 e9 df 92 c8 39 24 8e 17 cb 25 3e 65 2f 1f 51 de 21 30 4a a7 43 1c bb fb 8c 7e 0c 63 64 4f b2 57 f3 f3 f9 e2 66 be 83 3f 17 b8 cc e5 ef 67 ca 78 f4 ca 0e Data Ascii: ic "cDAHS#,[N%,1s#m@_fEJqj]_4iNS',^L[G.Z~jG-h4b_>gZ# 1]!P_HCGSWF%\|:RR)mF9$%>e/Q!0JC~cdOWf?gx
2024-05-24 15:39:13 UTC	1390	IN	Data Raw: 41 e6 63 61 d5 35 25 b0 97 1a 58 03 2a ad 90 d3 49 01 66 33 d0 56 a0 35 33 ff 1a b8 46 43 29 cb da d8 28 38 b1 52 0f 63 d2 6d da a9 98 d5 80 a5 74 53 0c 8c f8 3e 6a e1 69 b0 e6 07 ff 56 bb 28 59 65 33 6b 8b 55 4e 3e e6 50 b5 ca 6c fc 25 7c f5 8d fc 8d dd b8 d9 a8 bd 51 af 38 1f c1 fe fe 4d bc e1 2f 80 a5 16 40 7a 51 0f 02 09 d6 51 fd 37 8c a9 d9 dd 3d 62 db a0 3a aa 3f 15 2e e2 22 47 c8 45 8e b8 c4 4e 5d 1c 15 f9 b2 2e 78 6f 14 25 f1 9c 98 f5 1b 63 53 8e db 96 e6 92 b8 46 05 da cb 5a d0 a5 e8 e2 6b 13 ab 3c 21 94 0b c4 a9 34 53 80 32 f4 c6 e8 df ea 5c 11 c7 f2 dc e0 5c 9e 7d 25 54 f2 71 9c 57 cf b3 2e 34 69 c8 3e 61 36 84 18 95 46 f4 e8 4f 8d 24 95 86 2e d0 f9 ee 98 5c 24 a8 ca 68 18 2b ab a1 5a 75 cd 01 0c 25 3a d1 7c ff 06 52 7c 00 1d 1a 88 fe 3b 09 b1 Data Ascii: Aca5%X*If3V53FC)(8RcmtS>jiV(Ye3kUN>Pl%\|Q8M/@zQQ7=b:?."GEN].xo%cSFZk<!4S2\\}%TqW.4i>a6FO$.\$h+Zu%:\|R\|;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	60657	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:13 UTC	1153	OUT	GET /component---src-pages-privacy-aspx-js-a7a853f585e8da46a6a3.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Purpose: prefetch Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
2024-05-24 15:39:13 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 24234 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:29 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:14 GMT ETag: "48dbd5d18fbbc92dde7e49bbe7ec5281" X-Cache: RefreshHit from cloudfront Via: 1.1 4082bc3032224eec2bf8c66d45286576.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: ShYo9I2PKIsDEDboF94V977Jo5ym-oTtBwaOC8a_M3LKdIvmweHVEQ==
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 36 37 5d 2c 7b 47 64 42 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 61 29 7b 7d 2c 5a 6d 67 6a 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 61 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 61 2e 72 28 74 29 3b 76 61 72 20 6f 3d 61 28 22 39 48 72 78 22 29 2c 73 3d 61 28 22 71 31 74 49 22 29 2c 72 3d 61 2e 6e 28 73 29 2c 69 3d 61 28 22 59 4a 72 47 22 29 2c 6e 3d 61 28 22 35 56 79 30 22 29 2c 63 3d 61 28 22 2f 6d 34 63 22 29 2c 6c 3d 61 28 22 42 6c 37 4a 22 29 2c 70 3d 28 61 28 22 47 64 42 6b 22 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 72 65 74 75 72 6e 20 65 2e 61 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[67],{GdBk:function(e,t,a){},Zmgj:function(e,t,a){"use strict";a.r(t);var o=a("9Hrx"),s=a("q1tI"),r=a.n(s),i=a("YJrG"),n=a("5Vy0"),c=a("/m4c"),l=a("Bl7J"),p=(a("GdBk"),function(e){function t(){return e.a
2024-05-24 15:39:13 UTC	7850	IN	Data Raw: 74 69 61 6c 20 54 68 65 73 65 20 63 6f 6f 6b 69 65 73 20 61 72 65 20 6e 65 63 65 73 73 61 72 79 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 65 6e 61 62 6c 65 20 63 65 72 74 61 69 6e 20 62 61 73 65 20 66 65 61 74 75 72 65 73 2c 20 73 75 63 68 20 61 73 20 69 64 65 6e 74 69 66 79 69 6e 67 20 63 65 72 74 61 69 6e 20 75 73 65 72 20 61 6e 64 20 72 65 6d 65 6d 62 65 72 69 6e 67 20 74 68 61 74 20 75 73 65 72 20 68 61 76 65 20 6c 6f 67 67 65 64 20 69 6e 74 6f 20 68 69 73 20 41 63 63 6f 75 6e 74 20 54 68 65 73 65 20 63 6f 6f 6b 69 65 73 20 6d 61 79 20 73 74 6f 72 65 20 75 6e 69 71 75 65 20 75 73 65 72 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 6b 65 79 20 61 6e 64 20 61 72 65 20 72 65 71 75 69 72 65 64 20 62 79 20 74 68 65 20 73 65 72 76 69 63 65 20 74 6f 20 6f 70 Data Ascii: tial These cookies are necessary in order to enable certain base features, such as identifying certain user and remembering that user have logged into his Account These cookies may store unique user authentication key and are required by the service to op

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	60658	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:13 UTC	1146	OUT	GET /component---src-pages-index-js-61c1fcfe70144a5f0bfa.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Purpose: prefetch Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
2024-05-24 15:39:13 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 45325 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:28 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:14 GMT ETag: "012fc0f16637026704ab5f7013098414" X-Cache: RefreshHit from cloudfront Via: 1.1 cc2247fba5ef27d286a255150dad2710.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: C81SNAZJbfBDuleLK0Bn1wVa-5R-mAT7G6-CbJ3enHyIGLkkFsmMXQ==
2024-05-24 15:39:13 UTC	15571	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 35 32 5d 2c 7b 22 32 78 78 70 22 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 2e 65 78 70 6f 72 74 73 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 79 4f 53 49 67 61 47 56 70 5a 32 68 30 50 53 49 79 4f 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 35 49 44 49 35 49 6a 34 4b 49 43 41 38 5a 79 42 70 5a 44 30 69 62 58 56 7a 61 57 4e 66 61 57 4e 76 62 6c 39 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[52],{"2xxp":function(e,t){e.exports="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyOSIgaGVpZ2h0PSIyOSIgdmlld0JveD0iMCAwIDI5IDI5Ij4KICA8ZyBpZD0ibXVzaWNfaWNvbl9
2024-05-24 15:39:13 UTC	11276	IN	Data Raw: 61 47 56 70 5a 32 68 30 50 53 49 79 4f 53 49 67 64 48 4a 68 62 6e 4e 6d 62 33 4a 74 50 53 4a 30 63 6d 46 75 63 32 78 68 64 47 55 6f 4d 43 41 74 4d 53 34 77 4d 44 45 70 49 69 42 6d 61 57 78 73 50 53 4a 75 62 32 35 6c 49 69 38 2b 43 69 41 67 49 43 41 38 5a 79 42 70 5a 44 30 69 52 33 4a 76 64 58 42 66 4d 7a 67 34 4d 79 49 67 5a 47 46 30 59 53 31 75 59 57 31 6c 50 53 4a 48 63 6d 39 31 63 43 41 7a 4f 44 67 7a 49 6a 34 4b 49 43 41 67 49 43 41 67 50 48 42 68 64 47 67 67 61 57 51 39 49 6c 42 68 64 47 68 66 4d 54 51 33 4e 44 59 69 49 47 52 68 64 47 45 74 62 6d 46 74 5a 54 30 69 55 47 46 30 61 43 41 78 4e 44 63 30 4e 69 49 67 5a 44 30 69 54 54 49 35 4c 44 49 33 4c 6a 46 57 4e 44 41 75 4d 7a 59 30 59 53 34 34 4d 54 51 75 4f 44 45 30 4c 44 41 73 4d 43 77 78 4c 53 34 Data Ascii: aGVpZ2h0PSIyOSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMCAtMS4wMDEpIiBmaWxsPSJub25lIi8+CiAgICA8ZyBpZD0iR3JvdXBfMzg4MyIgZGF0YS1uYW1lPSJHcm91cCAzODgzIj4KICAgICAgPHBhdGggaWQ9IlBhdGhfMTQ3NDYiIGRhdGEtbmFtZT0iUGF0aCAxNDc0NiIgZD0iTTI5LDI3LjFWNDAuMzY0YS44MTQuODE0LDAsMCwxLS4
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 61 6d 65 3a 22 6d 61 69 6e 2d 70 61 67 65 2d 68 65 61 64 65 72 2d 69 6d 61 67 65 2e 6a 70 67 22 7d 29 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 64 2e 61 2c 6e 75 6c 6c 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 2c 7b 69 64 3a 22 68 65 61 64 65 72 43 6f 75 70 6f 6e 22 2c 63 6c 61 73 73 4e 61 6d 65 3a 22 68 65 61 64 65 72 43 6f 6e 74 65 6e 74 57 72 61 70 70 65 72 22 7d 2c 72 2e 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 75 2e 61 2c 7b 63 6f 6c 6f 72 3a 22 23 66 66 66 66 66 66 22 2c 63 6c 61 73 73 4e 61 6d 65 3a 22 68 65 61 64 65 72 54 65 78 74 22 2c 6c 69 6e 65 48 65 69 67 68 74 3a 22 36 35 70 78 22 2c 66 6f 6e 74 53 69 7a 65 3a 35 35 2c 66 6f 6e 74 57 65 69 67 68 74 3a 36 30 30 2c 61 73 3a 22 68 31 22 7d 2c Data Ascii: ame:"main-page-header-image.jpg"}),r.a.createElement(d.a,null,r.a.createElement("div",{id:"headerCoupon",className:"headerContentWrapper"},r.a.createElement(u.a,{color:"#ffffff",className:"headerText",lineHeight:"65px",fontSize:55,fontWeight:600,as:"h1"},
2024-05-24 15:39:13 UTC	2094	IN	Data Raw: 70 6f 6e 65 6e 74 49 64 3a 22 73 63 2d 31 79 35 65 6a 37 38 2d 30 22 7d 29 28 5b 22 77 69 64 74 68 3a 31 36 70 78 3b 69 6e 70 75 74 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 69 64 74 68 3a 30 70 78 3b 68 65 69 67 68 74 3a 31 34 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 26 3a 63 68 65 63 6b 65 64 7b 26 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 27 27 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 34 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 68 65 69 67 68 74 3a 37 70 78 3b 62 6f 72 64 65 72 3a 73 6f 6c 69 64 20 23 46 35 39 35 34 31 3b 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 30 20 32 70 78 20 32 70 78 20 30 3b 74 72 61 6e 73 66 6f 72 6d Data Ascii: ponentId:"sc-1y5ej78-0"})(["width:16px;input{cursor:pointer;position:relative;width:0px;height:14px;visibility:hidden;&:checked{&:after{content:'';display:block;width:4px;position:absolute;height:7px;border:solid #F59541;border-width:0 2px 2px 0;transform

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	60659	13.107.253.67	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:13 UTC	528	OUT	GET /tag/uet/4024645 HTTP/1.1 Host: www.clarity.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:13 UTC	528	IN	HTTP/1.1 200 OK Date: Fri, 24 May 2024 15:39:13 GMT Content-Type: application/x-javascript Content-Length: 978 Connection: close Cache-Control: no-cache, no-store Expires: -1 Set-Cookie: CLID=3de2ac6fe27f4600a8f7c15bf03c6d47.20240524.20250524; expires=Sat, 24 May 2025 15:39:13 GMT; path=/; secure; samesite=none; httponly Request-Context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8 x-azure-ref: 20240524T153913Z-1756c4dfbdbjngnt3t2w57u5r8000000064g000000000h77 X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-05-24 15:39:13 UTC	978	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 61 2c 72 2c 69 2c 74 2c 79 29 7b 61 5b 63 5d 3d 61 5b 63 5d 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 28 61 5b 63 5d 2e 71 3d 61 5b 63 5d 2e 71 7c 7c 5b 5d 29 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 73 79 6e 63 28 29 7b 28 6e 65 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 2e 63 6c 61 72 69 74 79 2e 6d 73 2f 63 2e 67 69 66 22 7d 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 73 79 6e 63 28 29 3a 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 73 79 6e 63 29 3b 61 5b 63 5d 28 22 6d 65 74 61 64 61 74 61 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 5b 63 5d 28 22 Data Ascii: !function(c,l,a,r,i,t,y){a[c]=a[c]\|\|function(){(a[c].q=a[c].q\|\|[]).push(arguments)};function sync(){(new Image).src="https://c.clarity.ms/c.gif"}"complete"==document.readyState?sync():window.addEventListener("load",sync);a[c]("metadata",(function(){a[c]("

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	60661	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:13 UTC	754	OUT	GET /page-data/privacy.aspx/page-data.json HTTP/1.1 Host: www.avs4you.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
2024-05-24 15:39:13 UTC	441	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 214527 Connection: close Date: Fri, 24 May 2024 15:39:12 GMT Last-Modified: Tue, 16 Apr 2024 09:58:57 GMT ETag: "5cd7527e5d146f451335f6aba3a0c44c" Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 8929678ebb25525520ff2b11bf7ddd4a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: NXJq6X_yoKyioRfWMTOgo-0LfW2P3QAo_q7p3x-L61fGM_l-YngjNg== Age: 2
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 7b 22 63 6f 6d 70 6f 6e 65 6e 74 43 68 75 6e 6b 4e 61 6d 65 22 3a 22 63 6f 6d 70 6f 6e 65 6e 74 2d 2d 2d 73 72 63 2d 70 61 67 65 73 2d 70 72 69 76 61 63 79 2d 61 73 70 78 2d 6a 73 22 2c 22 70 61 74 68 22 3a 22 2f 70 72 69 76 61 63 79 2e 61 73 70 78 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 70 61 67 65 43 6f 6e 74 65 78 74 22 3a 7b 22 61 76 61 69 6c 61 62 6c 65 4c 6f 63 61 6c 65 73 22 3a 5b 7b 22 76 61 6c 75 65 22 3a 22 65 6e 22 2c 22 74 65 78 74 22 3a 22 45 6e 67 6c 69 73 68 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 64 65 22 2c 22 74 65 78 74 22 3a 22 44 65 75 74 73 63 68 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 69 74 22 2c 22 74 65 78 74 22 3a 22 49 74 61 6c 69 61 6e 6f 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 66 72 22 2c 22 74 65 78 74 22 3a 22 46 72 61 6e c3 a7 Data Ascii: {"componentChunkName":"component---src-pages-privacy-aspx-js","path":"/privacy.aspx","result":{"pageContext":{"availableLocales":[{"value":"en","text":"English"},{"value":"de","text":"Deutsch"},{"value":"it","text":"Italiano"},{"value":"fr","text":"Fran
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 66 79 20 61 6e 64 20 73 61 76 65 20 76 69 64 65 6f 20 75 73 69 6e 67 20 70 6f 70 75 6c 61 72 20 63 6f 64 65 d1 81 73 20 48 20 32 36 34 2c 20 48 20 32 36 35 20 20 72 65 61 64 69 6e 67 20 6f 6e 6c 79 20 2c 20 4d 50 45 47 2d 34 2c 20 65 74 63 5c 22 3a 20 5c 22 4f 70 65 6e 2c 20 6d 6f 64 69 66 79 20 61 6e 64 20 73 61 76 65 20 76 69 64 65 6f 20 75 73 69 6e 67 20 70 6f 70 75 6c 61 72 20 63 6f 64 65 d1 81 73 20 48 2e 32 36 34 2f 41 56 43 2c 20 56 50 38 2c 20 4d 50 45 47 2d 34 2c 20 4d 50 45 47 2d 32 2c 20 4d 4a 50 45 47 2c 20 48 2e 32 36 33 20 65 74 63 2e 20 59 6f 75 20 63 61 6e 20 61 6c 73 6f 20 6f 70 65 6e 20 76 69 64 65 6f 20 66 69 6c 65 73 20 77 69 74 68 20 6d 6f 64 65 72 6e 20 63 6f 64 65 63 73 20 48 2e 32 36 35 2f 48 45 56 43 2c 20 41 56 31 2c 20 56 50 39 Data Ascii: fy and save video using popular codes H 264, H 265 reading only , MPEG-4, etc\": \"Open, modify and save video using popular codes H.264/AVC, VP8, MPEG-4, MPEG-2, MJPEG, H.263 etc. You can also open video files with modern codecs H.265/HEVC, AV1, VP9
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 68 65 20 70 72 69 63 65 20 74 68 69 73 20 69 73 20 63 65 72 74 61 69 6e 6c 79 20 67 72 65 61 74 20 76 61 6c 75 65 20 66 6f 72 20 6d 6f 6e 65 79 20 49 20 6d 6f 73 74 6c 79 20 75 73 65 20 41 56 53 20 56 69 64 65 6f 20 45 64 69 74 6f 72 20 61 6e 64 20 56 69 64 65 6f 20 43 6f 6e 76 65 72 74 65 72 20 61 6e 64 20 49 20 66 69 6e 64 20 74 68 65 6d 20 74 6f 20 62 65 20 62 6f 74 68 20 65 78 63 65 6c 6c 65 6e 74 20 65 61 73 79 20 74 6f 20 75 73 65 20 77 69 74 68 20 71 75 61 6c 69 74 79 20 72 65 73 75 6c 74 73 20 57 6f 75 6c 64 20 63 65 72 74 61 69 6e 6c 79 20 72 65 63 6f 6d 6d 65 6e 64 20 74 6f 20 61 6e 79 6f 6e 65 20 77 68 6f 20 77 61 6e 74 73 20 67 6f 6f 64 20 76 69 64 65 6f 20 73 6f 66 74 77 61 72 65 20 61 74 20 61 20 72 65 61 73 6f 6e 61 62 6c 65 20 70 72 69 63 Data Ascii: he price this is certainly great value for money I mostly use AVS Video Editor and Video Converter and I find them to be both excellent easy to use with quality results Would certainly recommend to anyone who wants good video software at a reasonable pric
2024-05-24 15:39:13 UTC	14808	IN	Data Raw: 46 61 64 65 20 69 6e 2c 20 46 61 64 65 20 6f 75 74 2c 20 4e 6f 72 6d 61 6c 69 7a 65 29 2e 5c 22 2c 5c 6e 5c 74 5c 22 4d 6f 64 69 66 79 20 61 75 64 69 6f 20 66 69 6c 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 54 69 74 6c 65 2c 20 41 75 74 68 6f 72 2c 20 41 72 74 69 73 74 20 61 6e 64 20 41 6c 62 75 6d 20 63 6f 76 65 72 5c 22 3a 20 5c 22 4d 6f 64 69 66 79 20 61 75 64 69 6f 20 66 69 6c 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 54 69 74 6c 65 2c 20 41 75 74 68 6f 72 2c 20 41 72 74 69 73 74 20 61 6e 64 20 41 6c 62 75 6d 20 63 6f 76 65 72 2e 5c 22 2c 5c 6e 5c 74 5c 22 43 72 65 61 74 65 20 61 75 64 69 6f 20 66 69 6c 65 73 20 66 6f 72 20 61 6e 79 20 70 75 72 70 6f 73 65 5c 22 3a 20 5c 22 43 72 65 61 74 65 20 61 75 64 69 6f 20 66 69 6c 65 73 20 66 6f 72 20 61 6e Data Ascii: Fade in, Fade out, Normalize).\",\n\t\"Modify audio file information Title, Author, Artist and Album cover\": \"Modify audio file information: Title, Author, Artist and Album cover.\",\n\t\"Create audio files for any purpose\": \"Create audio files for an
2024-05-24 15:39:13 UTC	7972	IN	Data Raw: 5c 6e 5c 74 5c 22 73 75 70 70 6f 72 74 20 61 76 73 34 79 6f 75 20 63 6f 6d 5c 22 20 3a 20 5c 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 61 76 73 34 79 6f 75 2e 63 6f 6d 2f 72 65 66 75 6e 64 2e 61 73 70 78 5c 22 2c 5c 6e 5c 74 5c 22 73 75 70 70 6f 72 74 20 61 76 73 34 79 6f 75 5c 22 20 3a 20 5c 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 61 76 73 34 79 6f 75 2e 63 6f 6d 2f 5c 22 2c 5c 6e 5c 74 5c 22 61 76 73 34 79 6f 75 20 67 75 69 64 65 73 20 69 6e 64 65 78 5c 22 20 3a 20 5c 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 76 73 34 79 6f 75 2e 63 6f 6d 2f 67 75 69 64 65 73 2f 69 6e 64 65 78 2e 61 73 70 78 5c 22 2c 5c 6e 5c 74 5c 22 6f 6e 6c 69 6e 65 68 65 6c 70 20 61 76 73 34 79 6f 75 20 69 6e 64 65 78 5c 22 20 3a 20 5c 22 68 74 74 70 73 3a 2f 2f Data Ascii: \n\t\"support avs4you com\" : \"https://support.avs4you.com/refund.aspx\",\n\t\"support avs4you\" : \"https://support.avs4you.com/\",\n\t\"avs4you guides index\" : \"https://www.avs4you.com/guides/index.aspx\",\n\t\"onlinehelp avs4you index\" : \"https://
2024-05-24 15:39:13 UTC	12792	IN	Data Raw: 55 20 73 75 69 74 65 20 69 73 20 66 65 61 74 75 72 65 20 72 69 63 68 20 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 70 65 72 66 6f 72 6d 20 61 6c 6c 20 6d 75 6c 74 69 6d 65 64 69 61 20 74 61 73 6b 73 20 65 66 66 69 63 69 65 6e 74 6c 79 5c 22 3a 20 5c 22 41 56 53 34 59 4f 55 20 6f 66 66 65 72 73 20 61 20 73 65 74 20 6f 66 20 70 72 6f 66 65 73 73 69 6f 6e 61 6c 20 70 72 6f 67 72 61 6d 73 2c 20 61 20 70 65 72 66 65 63 74 20 66 69 74 20 66 6f 72 20 62 6f 74 68 20 6e 6f 76 69 63 65 73 20 69 6e 20 6d 75 6c 74 69 6d 65 64 69 61 20 70 72 6f 63 65 73 73 69 6e 67 20 61 6e 64 20 65 78 70 65 72 74 73 2e 20 41 56 53 34 59 4f 55 20 73 75 69 74 65 20 69 73 20 66 65 61 74 75 72 65 20 72 69 63 68 20 61 6e 64 20 61 6c 6c 6f 77 73 20 74 6f 20 70 65 72 66 6f 72 6d 20 61 6c 6c Data Ascii: U suite is feature rich and allows to perform all multimedia tasks efficiently\": \"AVS4YOU offers a set of professional programs, a perfect fit for both novices in multimedia processing and experts. AVS4YOU suite is feature rich and allows to perform all
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 6b 5c 22 3a 20 5c 22 4d 61 6b 65 20 61 6e 20 65 78 61 63 74 20 63 6f 70 79 20 6f 66 20 74 68 65 20 73 6f 75 72 63 65 20 64 69 73 6b 20 69 6e 20 6f 6e 65 20 63 6c 69 63 6b 2e 5c 22 2c 5c 6e 5c 74 5c 22 42 75 72 6e 20 61 75 64 69 6f 20 61 6e 64 20 64 61 74 61 20 64 69 73 63 73 5c 22 3a 20 5c 22 42 75 72 6e 20 61 75 64 69 6f 20 61 6e 64 20 64 61 74 61 20 64 69 73 63 73 2e 5c 22 2c 5c 6e 5c 74 5c 22 57 72 69 74 65 20 79 6f 75 72 20 61 75 64 69 6f 20 6f 6e 74 6f 20 43 44 20 28 43 44 2d 52 2c 20 43 44 2d 52 57 29 20 64 69 73 63 73 5c 22 3a 20 5c 22 57 72 69 74 65 20 79 6f 75 72 20 61 75 64 69 6f 20 6f 6e 74 6f 20 43 44 20 28 43 44 2d 52 2c 20 43 44 2d 52 57 29 20 64 69 73 63 73 2e 5c 22 2c 5c 6e 5c 74 5c 22 43 72 65 61 74 65 20 61 75 64 69 6f 20 64 69 73 63 73 Data Ascii: k\": \"Make an exact copy of the source disk in one click.\",\n\t\"Burn audio and data discs\": \"Burn audio and data discs.\",\n\t\"Write your audio onto CD (CD-R, CD-RW) discs\": \"Write your audio onto CD (CD-R, CD-RW) discs.\",\n\t\"Create audio discs
2024-05-24 15:39:13 UTC	2804	IN	Data Raw: 69 61 20 54 6f 6f 6c 73 20 53 75 69 74 65 20 66 72 6f 20 61 75 64 69 6f 20 61 6e 64 20 76 69 64 65 6f 20 70 72 6f 63 65 73 73 69 6e 67 5c 22 3a 20 5c 22 35 20 4d 75 6c 74 69 6d 65 64 69 61 20 54 6f 6f 6c 73 20 53 75 69 74 65 20 66 6f 72 20 61 75 64 69 6f 20 61 6e 64 20 76 69 64 65 6f 20 70 72 6f 63 65 73 73 69 6e 67 5c 22 2c 5c 6e 5c 74 5c 22 53 70 65 63 69 61 6c 20 64 69 73 63 6f 75 6e 74 73 20 75 70 20 74 6f 20 37 30 25 20 6f 66 66 5c 22 3a 20 5c 22 53 70 65 63 69 61 6c 20 64 69 73 63 6f 75 6e 74 73 20 75 70 20 74 6f 20 37 30 25 20 6f 66 66 5c 22 2c 5c 6e 5c 74 5c 22 45 61 73 79 20 73 6f 66 74 77 61 72 65 20 61 64 6d 69 6e 69 73 74 72 61 74 69 6f 6e 5c 22 3a 20 5c 22 45 61 73 79 20 73 6f 66 74 77 61 72 65 20 61 64 6d 69 6e 69 73 74 72 61 74 69 6f 6e 5c Data Ascii: ia Tools Suite fro audio and video processing\": \"5 Multimedia Tools Suite for audio and video processing\",\n\t\"Special discounts up to 70% off\": \"Special discounts up to 70% off\",\n\t\"Easy software administration\": \"Easy software administration\
2024-05-24 15:39:13 UTC	6396	IN	Data Raw: 20 74 6f 20 62 65 20 61 63 63 65 70 74 65 64 2e 20 4d 61 78 20 66 69 6c 65 20 73 69 7a 65 20 35 20 4d 62 2e 5c 22 2c 5c 6e 5c 74 5c 22 42 79 20 63 6c 69 63 6b 69 6e 67 20 74 68 69 73 20 62 75 74 74 6f 6e 2c 20 79 6f 75 20 61 67 72 65 65 20 74 6f 20 6f 75 72 5c 22 3a 20 5c 22 42 79 20 63 6c 69 63 6b 69 6e 67 20 74 68 69 73 20 62 75 74 74 6f 6e 2c 20 79 6f 75 20 61 67 72 65 65 20 74 6f 20 6f 75 72 5c 22 2c 5c 6e 5c 74 5c 22 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 2e 5c 22 3a 20 5c 22 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 2e 5c 22 2c 5c 6e 5c 74 5c 22 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 5c 22 20 3a 20 5c 22 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 5c 22 2c 5c 6e 5c 74 5c 22 46 6f 72 20 6d 6f 72 65 20 64 65 74 61 69 6c 73 Data Ascii: to be accepted. Max file size 5 Mb.\",\n\t\"By clicking this button, you agree to our\": \"By clicking this button, you agree to our\",\n\t\"Terms of Service.\": \"Terms of Service.\",\n\t\"Terms of Service\" : \"Terms of Service\",\n\t\"For more details
2024-05-24 15:39:13 UTC	5894	IN	Data Raw: 72 20 6d 61 6b 65 20 64 65 72 69 76 61 74 69 76 65 20 77 6f 72 6b 73 20 62 61 73 65 64 20 6f 6e 20 41 56 53 34 59 4f 55 20 53 6f 66 74 77 61 72 65 20 65 78 63 65 70 74 20 61 6e 64 20 6f 6e 6c 79 20 74 6f 20 74 68 65 20 65 78 74 65 6e 74 20 74 68 61 74 20 73 75 63 68 20 61 63 74 69 76 69 74 79 20 69 73 20 65 78 70 72 65 73 73 6c 79 20 70 65 72 6d 69 74 74 65 64 20 62 79 20 61 70 70 6c 69 63 61 62 6c 65 20 6c 61 77 20 6e 6f 74 77 69 74 68 73 74 61 6e 64 69 6e 67 20 74 68 69 73 20 6c 69 6d 69 74 61 74 69 6f 6e 5c 22 3a 20 5c 22 52 65 76 65 72 73 65 20 65 6e 67 69 6e 65 65 72 2c 20 64 65 63 6f 6d 70 69 6c 65 2c 20 64 69 73 61 73 73 65 6d 62 6c 65 20 6f 72 20 6d 61 6b 65 20 64 65 72 69 76 61 74 69 76 65 20 77 6f 72 6b 73 20 62 61 73 65 64 20 6f 6e 20 41 56 53 Data Ascii: r make derivative works based on AVS4YOU Software except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation\": \"Reverse engineer, decompile, disassemble or make derivative works based on AVS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	60660	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:13 UTC	747	OUT	GET /page-data/index/page-data.json HTTP/1.1 Host: www.avs4you.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0
2024-05-24 15:39:13 UTC	441	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 214469 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:50 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:12 GMT ETag: "47ed8898bca3325add7230a5be6f7aae" X-Cache: Hit from cloudfront Via: 1.1 e9b7f6a49ef1905c7ce18301f0e01a9c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: BqYPK9V3zLA_q2XAfh4Ajd3zneepgoVoZMhgAH6UZFu6HQtrakAtFQ== Age: 2
2024-05-24 15:39:13 UTC	15943	IN	Data Raw: 7b 22 63 6f 6d 70 6f 6e 65 6e 74 43 68 75 6e 6b 4e 61 6d 65 22 3a 22 63 6f 6d 70 6f 6e 65 6e 74 2d 2d 2d 73 72 63 2d 70 61 67 65 73 2d 69 6e 64 65 78 2d 6a 73 22 2c 22 70 61 74 68 22 3a 22 2f 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 70 61 67 65 43 6f 6e 74 65 78 74 22 3a 7b 22 61 76 61 69 6c 61 62 6c 65 4c 6f 63 61 6c 65 73 22 3a 5b 7b 22 76 61 6c 75 65 22 3a 22 65 6e 22 2c 22 74 65 78 74 22 3a 22 45 6e 67 6c 69 73 68 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 64 65 22 2c 22 74 65 78 74 22 3a 22 44 65 75 74 73 63 68 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 69 74 22 2c 22 74 65 78 74 22 3a 22 49 74 61 6c 69 61 6e 6f 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 66 72 22 2c 22 74 65 78 74 22 3a 22 46 72 61 6e c3 a7 61 69 73 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 22 65 73 22 Data Ascii: {"componentChunkName":"component---src-pages-index-js","path":"/","result":{"pageContext":{"availableLocales":[{"value":"en","text":"English"},{"value":"de","text":"Deutsch"},{"value":"it","text":"Italiano"},{"value":"fr","text":"Franais"},{"value":"es"
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 6f 73 5c 22 2c 5c 6e 5c 74 5c 22 45 64 69 74 20 61 6e 64 20 73 61 76 65 20 76 69 64 65 6f 20 69 6e 20 61 6c 6c 20 70 6f 70 75 6c 61 72 20 66 6f 72 6d 61 74 73 20 4d 50 34 2c 20 44 56 44 2c 20 41 56 49 2c 20 4d 4f 56 2c 20 56 4f 42 2c 20 57 4d 56 2c 20 4d 4b 56 2c 20 46 4c 56 2c 20 57 45 42 4d 2c 20 65 74 63 5c 22 3a 20 5c 22 45 64 69 74 20 61 6e 64 20 73 61 76 65 20 76 69 64 65 6f 20 69 6e 20 61 6c 6c 20 70 6f 70 75 6c 61 72 20 66 6f 72 6d 61 74 73 20 28 4d 50 34 2c 20 4d 34 56 2c 20 4d 4f 56 2c 20 4d 4b 56 2c 20 57 45 42 4d 2c 20 41 56 49 2c 20 44 56 44 2c 20 56 4f 42 2c 20 4d 50 47 2c 20 57 4d 56 2c 20 33 47 50 2c 20 46 4c 56 2c 20 4d 32 54 53 2c 20 54 53 2c 20 65 74 63 2e 29 5c 22 2c 5c 6e 5c 74 5c 22 50 72 6f 63 65 73 73 20 76 69 64 65 6f 20 69 6e 20 Data Ascii: os\",\n\t\"Edit and save video in all popular formats MP4, DVD, AVI, MOV, VOB, WMV, MKV, FLV, WEBM, etc\": \"Edit and save video in all popular formats (MP4, M4V, MOV, MKV, WEBM, AVI, DVD, VOB, MPG, WMV, 3GP, FLV, M2TS, TS, etc.)\",\n\t\"Process video in
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 76 65 72 74 20 76 69 64 65 6f 73 20 66 6f 72 20 70 6f 70 75 6c 61 72 20 73 6f 63 69 61 6c 20 70 6c 61 74 66 6f 72 6d 73 5c 22 3a 20 5c 22 43 6f 6e 76 65 72 74 20 76 69 64 65 6f 73 20 66 6f 72 20 70 6f 70 75 6c 61 72 20 73 6f 63 69 61 6c 20 70 6c 61 74 66 6f 72 6d 73 5c 22 2c 5c 6e 5c 74 5c 22 55 73 65 20 72 65 61 64 79 20 70 72 65 73 65 74 73 20 77 69 74 68 20 6d 6f 73 74 20 61 70 70 72 6f 70 72 69 61 74 65 20 73 65 74 74 69 6e 67 73 20 74 6f 20 63 6f 6e 76 65 72 74 20 76 69 64 65 6f 20 66 6f 72 20 59 6f 75 54 75 62 65 2c 20 46 61 63 65 62 6f 6f 6b 2c 20 56 69 6d 65 6f 2c 20 44 61 69 6c 79 4d 6f 74 69 6f 6e 2c 20 54 65 6c 6c 79 2c 20 46 6c 69 63 6b 72 2c 20 44 72 6f 70 62 6f 78 5c 22 3a 20 5c 22 55 73 65 20 72 65 61 64 79 20 70 72 65 73 65 74 73 20 77 69 Data Ascii: vert videos for popular social platforms\": \"Convert videos for popular social platforms\",\n\t\"Use ready presets with most appropriate settings to convert video for YouTube, Facebook, Vimeo, DailyMotion, Telly, Flickr, Dropbox\": \"Use ready presets wi
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 72 61 6d 65 74 65 72 73 2c 20 75 73 65 20 62 61 74 63 68 20 6d 6f 64 65 2e 5c 22 2c 5c 6e 5c 74 5c 22 43 6f 6e 76 65 72 74 20 61 6e 64 20 65 64 69 74 20 61 6c 6c 20 6b 65 79 20 61 75 64 69 6f 20 66 6f 72 6d 61 74 73 5c 22 3a 20 5c 22 43 6f 6e 76 65 72 74 20 61 6e 64 20 65 64 69 74 20 61 6c 6c 20 6b 65 79 20 61 75 64 69 6f 20 66 6f 72 6d 61 74 73 5c 22 2c 5c 6e 5c 74 5c 22 43 6f 6e 76 65 72 74 20 4d 50 33 2c 20 57 4d 41 2c 20 57 41 56 2c 20 4d 34 41 2c 20 41 4d 52 2c 20 4f 47 47 2c 20 41 4c 41 43 2c 20 46 4c 41 43 2c 20 41 43 33 2c 20 4d 50 32 2c 20 65 74 63 5c 22 3a 20 5c 22 43 6f 6e 76 65 72 74 20 4d 50 33 2c 20 57 4d 41 2c 20 57 41 56 2c 20 4d 34 41 2c 20 41 4d 52 2c 20 4f 47 47 2c 20 41 4c 41 43 2c 20 46 4c 41 43 2c 20 41 43 33 2c 20 4d 50 32 2c 20 65 Data Ascii: rameters, use batch mode.\",\n\t\"Convert and edit all key audio formats\": \"Convert and edit all key audio formats\",\n\t\"Convert MP3, WMA, WAV, M4A, AMR, OGG, ALAC, FLAC, AC3, MP2, etc\": \"Convert MP3, WMA, WAV, M4A, AMR, OGG, ALAC, FLAC, AC3, MP2, e
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 4f 55 20 69 73 20 74 68 65 20 68 6f 6d 65 20 6f 66 20 75 6c 74 69 6d 61 74 65 20 6d 75 6c 74 69 6d 65 64 69 61 20 65 64 69 74 69 6e 67 20 66 61 6d 69 6c 79 2e 20 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 6f 75 72 20 63 6f 6d 70 61 6e 79 2c 20 69 74 73 20 68 69 73 74 6f 72 79 2c 20 77 68 6f 20 77 65 20 61 72 65 20 61 6e 64 20 77 68 61 74 20 77 65 20 76 61 6c 75 65 2e 5c 22 3a 20 5c 22 41 56 53 34 59 4f 55 20 69 73 20 74 68 65 20 68 6f 6d 65 20 6f 66 20 75 6c 74 69 6d 61 74 65 20 6d 75 6c 74 69 6d 65 64 69 61 20 65 64 69 74 69 6e 67 20 66 61 6d 69 6c 79 2e 20 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 6f 75 72 20 63 6f 6d 70 61 6e 79 2c 20 69 74 73 20 68 69 73 74 6f 72 79 2c 20 77 68 6f 20 77 65 20 61 72 65 20 61 6e 64 20 77 68 61 74 20 77 Data Ascii: OU is the home of ultimate multimedia editing family. Learn more about our company, its history, who we are and what we value.\": \"AVS4YOU is the home of ultimate multimedia editing family. Learn more about our company, its history, who we are and what w
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 63 65 20 74 68 65 6d 20 6f 6e 20 79 6f 75 72 20 77 65 62 73 69 74 65 2c 20 62 6c 6f 67 20 6f 72 20 59 54 20 63 68 61 6e 6e 65 6c 5c 22 20 3a 20 5c 22 47 65 6e 65 72 61 74 65 20 79 6f 75 72 20 61 66 66 69 6c 69 61 74 65 20 6c 69 6e 6b 73 20 61 6e 64 20 70 6c 61 63 65 20 74 68 65 6d 20 6f 6e 20 79 6f 75 72 20 77 65 62 73 69 74 65 2c 20 62 6c 6f 67 20 6f 72 20 59 54 20 63 68 61 6e 6e 65 6c 2e 5c 22 2c 5c 6e 5c 74 5c 22 52 65 63 65 69 76 65 20 61 20 35 30 25 20 63 6f 6d 6d 69 73 73 69 6f 6e 20 66 72 6f 6d 20 65 76 65 72 79 20 73 61 6c 65 20 61 6e 64 20 67 65 74 20 79 6f 75 72 20 6d 6f 6e 74 68 6c 79 20 70 61 79 6f 75 74 5c 22 20 3a 20 5c 22 52 65 63 65 69 76 65 20 61 20 35 30 25 20 63 6f 6d 6d 69 73 73 69 6f 6e 20 66 72 6f 6d 20 65 76 65 72 79 20 73 61 6c 65 Data Ascii: ce them on your website, blog or YT channel\" : \"Generate your affiliate links and place them on your website, blog or YT channel.\",\n\t\"Receive a 50% commission from every sale and get your monthly payout\" : \"Receive a 50% commission from every sale
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 68 65 20 72 65 61 64 79 20 64 69 73 63 20 69 6d 61 67 65 73 5c 22 3a 20 5c 22 45 64 69 74 2c 20 64 65 6c 65 74 65 20 6f 72 20 61 64 64 20 6e 65 77 20 66 69 6c 65 73 20 74 6f 20 74 68 65 20 72 65 61 64 79 20 64 69 73 63 20 69 6d 61 67 65 73 2e 5c 22 2c 5c 6e 5c 6e 5c 6e 5c 74 5c 22 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 46 72 65 65 20 41 56 53 20 52 65 67 69 73 74 72 79 20 43 6c 65 61 6e 65 72 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 5c 22 3a 20 5c 22 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 46 72 65 65 20 41 56 53 20 52 65 67 69 73 74 72 79 20 43 6c 65 61 6e 65 72 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a Data Ascii: he ready disc images\": \"Edit, delete or add new files to the ready disc images.\",\n\n\n\t\"***************************Free AVS Registry Cleaner****************************\": \"*************************Free AVS Registry Cleaner*************
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 57 68 79 20 41 56 53 34 59 4f 55 20 52 65 73 65 6c 6c 65 72 20 50 72 6f 67 72 61 6d 5c 22 2c 5c 6e 5c 74 5c 22 31 30 30 25 20 47 75 61 72 61 6e 74 65 65 64 20 50 72 6f 66 69 74 5c 22 3a 20 5c 22 31 30 30 25 20 47 75 61 72 61 6e 74 65 65 64 20 50 72 6f 66 69 74 5c 22 2c 5c 6e 5c 74 5c 22 59 6f 75 20 73 65 6c 6c 20 70 6f 77 65 72 66 75 6c 20 74 6f 6f 6c 73 20 66 6f 72 20 6d 75 6c 74 69 6d 65 64 69 61 20 70 72 6f 63 65 73 73 69 6e 67 20 70 6f 70 75 6c 61 72 20 61 6c 6c 20 6f 76 65 72 20 74 68 65 20 77 6f 72 6c 64 20 4f 76 65 72 20 31 30 30 30 30 30 30 20 70 65 6f 70 6c 65 20 64 6f 77 6e 6c 6f 61 64 20 61 6e 64 20 69 6e 73 74 61 6c 6c 20 41 56 53 34 59 4f 55 20 74 6f 6f 6c 73 20 6d 6f 6e 74 68 6c 79 5c 22 3a 20 5c 22 59 6f 75 20 73 65 6c 6c 20 70 6f 77 65 72 Data Ascii: Why AVS4YOU Reseller Program\",\n\t\"100% Guaranteed Profit\": \"100% Guaranteed Profit\",\n\t\"You sell powerful tools for multimedia processing popular all over the world Over 1000000 people download and install AVS4YOU tools monthly\": \"You sell power
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 65 20 77 69 6c 6c 20 70 72 6f 76 69 64 65 20 79 6f 75 20 77 69 74 68 20 61 6e 20 65 6c 65 63 74 72 6f 6e 69 63 20 66 69 6c 65 20 63 6f 6e 74 61 69 6e 69 6e 67 20 79 6f 75 72 20 44 61 74 61 5c 22 3a 20 5c 22 61 6e 64 20 77 65 20 77 69 6c 6c 20 70 72 6f 76 69 64 65 20 79 6f 75 20 77 69 74 68 20 61 6e 20 65 6c 65 63 74 72 6f 6e 69 63 20 66 69 6c 65 20 63 6f 6e 74 61 69 6e 69 6e 67 20 79 6f 75 72 20 44 61 74 61 2e 5c 22 2c 5c 6e 5c 74 5c 22 52 69 67 68 74 20 74 6f 20 72 65 63 74 69 66 69 63 61 74 69 6f 6e 5c 22 3a 20 5c 22 52 69 67 68 74 20 74 6f 20 72 65 63 74 69 66 69 63 61 74 69 6f 6e 5c 22 2c 5c 6e 5c 74 5c 22 59 6f 75 20 68 61 76 65 20 74 68 65 20 72 69 67 68 74 20 74 6f 20 6f 62 74 61 69 6e 20 74 68 65 20 72 65 63 74 69 66 69 63 61 74 69 6f 6e 20 6f 66 Data Ascii: e will provide you with an electronic file containing your Data\": \"and we will provide you with an electronic file containing your Data.\",\n\t\"Right to rectification\": \"Right to rectification\",\n\t\"You have the right to obtain the rectification of
2024-05-24 15:39:13 UTC	16384	IN	Data Raw: 20 6e 61 76 69 67 61 74 69 6f 6e 20 64 65 74 61 69 6c 73 20 69 6e 20 61 6e 20 61 6e 6f 6e 79 6d 6f 75 73 20 66 6f 72 6d 2e 20 54 68 69 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 67 69 76 65 73 20 75 73 20 61 20 62 65 74 74 65 72 20 75 6e 64 65 72 73 74 61 6e 64 69 6e 67 20 6f 66 20 74 68 65 20 77 61 79 20 75 73 65 72 73 20 69 6e 74 65 72 61 63 74 20 77 69 74 68 20 6f 75 72 20 77 65 62 73 69 74 65 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 74 68 65 79 20 70 65 72 66 6f 72 6d 2c 20 74 68 65 72 65 62 79 2c 20 68 65 6c 70 69 6e 67 20 75 73 20 69 64 65 6e 74 69 66 79 20 64 65 73 69 67 6e 20 66 6c 61 77 73 20 61 6e 64 20 66 69 78 20 74 68 65 6d 2e 5c 22 2c 5c 6e 5c 74 5c 22 59 61 6e 64 65 78 4d 65 74 72 69 63 61 5c 22 20 3a 20 5c 22 59 61 6e 64 65 78 2e Data Ascii: navigation details in an anonymous form. This information gives us a better understanding of the way users interact with our website and the actions they perform, thereby, helping us identify design flaws and fix them.\",\n\t\"YandexMetrica\" : \"Yandex.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	60667	74.125.206.156	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:13 UTC	815	OUT	POST /g/collect?v=2&tid=G-BWSZ9WEBRH&cid=1987730708.1716565152&gtm=45je45m0v9102177972z876934661za200zb76934661&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0 HTTP/1.1 Host: stats.g.doubleclick.net Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.avs4you.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:14 UTC	449	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: https://www.avs4you.com Date: Fri, 24 May 2024 15:39:14 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Access-Control-Allow-Credentials: true Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	60668	172.217.23.110	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:14 UTC	1284	OUT	POST /g/collect?v=2&tid=G-BWSZ9WEBRH&gtm=45je45m0v9102177972z876934661za200zb76934661&_p=1716565146506&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=1987730708.1716565152&ul=en-us&sr=1280x1024&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=Eg&_s=1&sid=1716565152&sct=1&seg=0&dl=https%3A%2F%2Fwww.avs4you.com%2Fregister.aspx%3FType%3DInstall%26ProgID%3D72%26URL%3DRegister&dt=AVS4YOU%20Get%20professionals%20multimedia%20tools&en=page_view&_fv=1&_nsi=1&_ss=1&ep.Referrer=&tfd=11303 HTTP/1.1 Host: analytics.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.avs4you.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:14 UTC	449	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: https://www.avs4you.com Date: Fri, 24 May 2024 15:39:14 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Access-Control-Allow-Credentials: true Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	60669	142.250.186.66	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:14 UTC	953	OUT	GET /td/ga/rul?tid=G-BWSZ9WEBRH&gacid=1987730708.1716565152&gtm=45je45m0v9102177972z876934661za200zb76934661&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=1807214805 HTTP/1.1 Host: td.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:14 UTC	785	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Fri, 24 May 2024 15:39:14 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe X-XSS-Protection: 0 Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 24-May-2024 15:54:14 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-05-24 15:39:14 UTC	18	IN	Data Raw: 64 0d 0a 3c 68 74 6d 6c 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: d<html></html>
2024-05-24 15:39:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	60671	13.107.253.67	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:14 UTC	597	OUT	GET /s/0.7.32/clarity.js HTTP/1.1 Host: www.clarity.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CLID=3de2ac6fe27f4600a8f7c15bf03c6d47.20240524.20250524
2024-05-24 15:39:14 UTC	619	IN	HTTP/1.1 200 OK Date: Fri, 24 May 2024 15:39:14 GMT Content-Type: application/javascript;charset=utf-8 Content-Length: 62397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Fri, 10 May 2024 17:30:20 GMT ETag: "0x8DC7116DE09E645" x-ms-request-id: b81a580a-101e-0065-3c57-ab809f000000 x-ms-version: 2018-03-28 Access-Control-Allow-Origin: * x-azure-ref: 20240524T153914Z-1546f96855fsqq5nvkd5yv23a400000005z0000000006xs8 Cache-Control: public, max-age=86400 x-fd-int-roxy-purgeid: 51562430 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-05-24 15:39:14 UTC	15765	IN	Data Raw: 2f 2a 20 63 6c 61 72 69 74 79 2d 6a 73 20 76 30 2e 37 2e 33 32 3a 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6d 69 63 72 6f 73 6f 66 74 2f 63 6c 61 72 69 74 79 20 28 4c 69 63 65 6e 73 65 3a 20 4d 49 54 29 20 2a 2f 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 6e 75 6c 6c 2c 67 65 74 20 71 75 65 75 65 28 29 7b 72 65 74 75 72 6e 20 46 61 7d 2c 67 65 74 20 73 74 61 72 74 28 29 7b 72 65 74 75 72 6e 20 55 61 7d 2c 67 65 74 20 73 74 6f 70 28 29 7b 72 65 74 75 72 6e 20 56 61 7d 2c 67 65 74 20 74 72 61 63 6b 28 29 7b 72 65 74 75 72 6e 20 50 61 7d 7d 29 2c 65 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 5f 5f 70 72 6f Data Ascii: /* clarity-js v0.7.32: https://github.com/microsoft/clarity (License: MIT) */!function(){"use strict";var t=Object.freeze({__proto__:null,get queue(){return Fa},get start(){return Ua},get stop(){return Va},get track(){return Pa}}),e=Object.freeze({__pro
2024-05-24 15:39:14 UTC	16384	IN	Data Raw: 3d 61 2e 74 61 67 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 3b 73 77 69 74 63 68 28 21 30 29 7b 63 61 73 65 20 50 74 2e 69 6e 64 65 78 4f 66 28 75 29 3e 3d 30 3a 76 61 72 20 63 3d 6f 2e 74 79 70 65 2c 73 3d 22 22 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 6f 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 73 2b 3d 6f 5b 74 5d 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 29 29 3b 76 61 72 20 6c 3d 7a 74 2e 73 6f 6d 65 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 73 2e 69 6e 64 65 78 4f 66 28 74 29 3e 3d 30 7d 29 29 3b 72 2e 70 72 69 76 61 63 79 3d 22 49 4e 50 55 54 22 3d 3d 3d 75 26 26 48 74 2e 69 6e 64 65 78 4f 66 28 63 29 3e 3d 30 3f 69 3a 6c 3f 34 3a 32 3b 62 72 65 61 6b 3b 63 61 73 65 22 64 61 74 Data Ascii: =a.tag.toUpperCase();switch(!0){case Pt.indexOf(u)>=0:var c=o.type,s="";Object.keys(o).forEach((function(t){return s+=o[t].toLowerCase()}));var l=zt.some((function(t){return s.indexOf(t)>=0}));r.privacy="INPUT"===u&&Ht.indexOf(c)>=0?i:l?4:2;break;case"dat
2024-05-24 15:39:14 UTC	16384	IN	Data Raw: 6e 67 22 29 3e 3d 30 3f 22 61 72 74 69 63 6c 65 22 3a 72 29 7b 63 61 73 65 22 61 72 74 69 63 6c 65 22 3a 63 61 73 65 22 72 65 63 69 70 65 22 3a 43 72 28 35 2c 74 5b 61 5d 29 2c 43 72 28 38 2c 74 2e 63 72 65 61 74 6f 72 29 2c 43 72 28 31 38 2c 74 2e 68 65 61 64 6c 69 6e 65 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 70 72 6f 64 75 63 74 22 3a 43 72 28 35 2c 74 5b 61 5d 29 2c 43 72 28 31 30 2c 74 2e 6e 61 6d 65 29 2c 43 72 28 31 32 2c 74 2e 73 6b 75 29 2c 74 2e 62 72 61 6e 64 26 26 43 72 28 36 2c 74 2e 62 72 61 6e 64 2e 6e 61 6d 65 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 61 67 67 72 65 67 61 74 65 72 61 74 69 6e 67 22 3a 74 2e 72 61 74 69 6e 67 56 61 6c 75 65 26 26 28 57 28 31 31 2c 72 61 28 74 2e 72 61 74 69 6e 67 56 61 6c 75 65 2c 31 30 30 29 29 2c 57 28 31 38 Data Ascii: ng")>=0?"article":r){case"article":case"recipe":Cr(5,t[a]),Cr(8,t.creator),Cr(18,t.headline);break;case"product":Cr(5,t[a]),Cr(10,t.name),Cr(12,t.sku),t.brand&&Cr(6,t.brand.name);break;case"aggregaterating":t.ratingValue&&(W(11,ra(t.ratingValue,100)),W(18
2024-05-24 15:39:14 UTC	13864	IN	Data Raw: 69 3d 5b 5d 2c 6f 3d 30 2c 75 3d 72 3b 6f 3c 75 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 7b 76 61 72 20 63 3d 75 5b 6f 5d 3b 69 66 28 77 72 28 63 2c 61 2e 63 6f 6e 64 69 74 69 6f 6e 29 29 7b 76 61 72 20 73 3d 79 72 28 74 2c 63 29 3b 73 26 26 69 2e 70 75 73 68 28 73 29 7d 7d 6e 3d 69 7d 72 65 74 75 72 6e 20 6e 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 77 72 28 74 2c 65 29 7b 69 66 28 65 29 7b 76 61 72 20 6e 3d 65 2e 73 70 6c 69 74 28 22 3a 22 29 3b 72 65 74 75 72 6e 20 6e 2e 6c 65 6e 67 74 68 3e 31 3f 74 5b 6e 5b 30 5d 5d 3d 3d 6e 5b 31 5d 3a 74 5b 6e 5b 30 5d 5d 7d 72 65 74 75 72 6e 21 30 7d 66 75 6e 63 74 69 6f 6e 20 6b 72 28 74 29 7b 76 61 72 20 65 3d 5b 73 28 29 2c 74 5d 3b 73 77 69 74 63 68 28 74 29 7b 63 61 73 65 20 34 3a 76 61 72 Data Ascii: i=[],o=0,u=r;o<u.length;o++){var c=u[o];if(wr(c,a.condition)){var s=yr(t,c);s&&i.push(s)}}n=i}return n}return null}function wr(t,e){if(e){var n=e.split(":");return n.length>1?t[n[0]]==n[1]:t[n[0]]}return!0}function kr(t){var e=[s(),t];switch(t){case 4:var

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	60674	74.125.206.156	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:15 UTC	835	OUT	POST /g/collect?v=2&tid=G-FEYVLL88YK&cid=1987730708.1716565152&gtm=45je45m0v9123194436za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0 HTTP/1.1 Host: stats.g.doubleclick.net Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.avs4you.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: test_cookie=CheckForPermission
2024-05-24 15:39:15 UTC	449	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: https://www.avs4you.com Date: Fri, 24 May 2024 15:39:15 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Access-Control-Allow-Credentials: true Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	60673	172.217.23.110	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:15 UTC	1246	OUT	POST /g/collect?v=2&tid=G-FEYVLL88YK&gtm=45je45m0v9123194436za200&_p=1716565146506&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=1987730708.1716565152&ul=en-us&sr=1280x1024&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1716565153&sct=1&seg=0&dl=https%3A%2F%2Fwww.avs4you.com%2Fregister.aspx%3FType%3DInstall%26ProgID%3D72%26URL%3DRegister&dt=AVS4YOU%20Get%20professionals%20multimedia%20tools&en=page_view&_fv=1&_ss=1&tfd=12673 HTTP/1.1 Host: analytics.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.avs4you.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:15 UTC	449	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: https://www.avs4you.com Date: Fri, 24 May 2024 15:39:15 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Access-Control-Allow-Credentials: true Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	60677	142.250.186.66	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:17 UTC	972	OUT	GET /td/ga/rul?tid=G-FEYVLL88YK&gacid=1987730708.1716565152&gtm=45je45m0v9123194436za200&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=845811239 HTTP/1.1 Host: td.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: test_cookie=CheckForPermission
2024-05-24 15:39:17 UTC	954	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Fri, 24 May 2024 15:39:17 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe X-XSS-Protection: 0 Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure Set-Cookie: IDE=AHWqTUmqpvDYlxfcWstlwcoqkKeD4dYxWfdNkHnYfEJyDppLZtaUrWLZz_LyGCWF; expires=Sun, 24-May-2026 15:39:17 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-05-24 15:39:17 UTC	18	IN	Data Raw: 64 0d 0a 3c 68 74 6d 6c 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: d<html></html>
2024-05-24 15:39:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	60678	74.125.206.156	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:18 UTC	905	OUT	POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&gjid=1175162250&_gid=46386595.1716565154&_u=YADAAUAAAAAAACAAI~&z=1129856423 HTTP/1.1 Host: stats.g.doubleclick.net Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://www.avs4you.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: test_cookie=CheckForPermission
2024-05-24 15:39:18 UTC	593	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://www.avs4you.com Strict-Transport-Security: max-age=10886400; includeSubDomains; preload Date: Fri, 24 May 2024 15:39:18 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Last-Modified: Sun, 17 May 1998 03:00:00 GMT Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 2 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-24 15:39:18 UTC	2	IN	Data Raw: 31 67 Data Ascii: 1g

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	60680	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:18 UTC	1312	OUT	GET /favicon.ico HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
2024-05-24 15:39:18 UTC	450	IN	HTTP/1.1 200 OK Content-Type: image/vnd.microsoft.icon Content-Length: 1359 Connection: close Date: Fri, 24 May 2024 13:32:34 GMT Last-Modified: Tue, 16 Apr 2024 09:58:35 GMT ETag: "f55eb5fe088895007e3e0aa4b5594de2" Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 80836ce32819cf946e10c3b85dbce514.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: ptOErBUxQ1z_d8dSkii2cN7_DCswUPdTByMvjEX4-1nTCHrDpQxtDQ== Age: 7605
2024-05-24 15:39:18 UTC	1359	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 06 00 00 00 1f f3 ff 61 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 Data Ascii: PNGIHDRatEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	60682	172.217.23.110	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:19 UTC	1262	OUT	POST /g/collect?v=2&tid=G-BWSZ9WEBRH&gtm=45je45m0v9102177972za200zb76934661&_p=1716565146506&gcd=13l3l3l3l1&npa=0&dma=0&cid=1987730708.1716565152&ul=en-us&sr=1280x1024&ir=1&are=1&frm=0&pscdl=noapi&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pae=1&_eu=AAg&_s=2&sid=1716565152&sct=1&seg=0&dl=https%3A%2F%2Fwww.avs4you.com%2Fregister.aspx%3FType%3DInstall%26ProgID%3D72%26URL%3DRegister&dt=AVS4YOU%20Get%20professionals%20multimedia%20tools&en=christmas_sale1&ep.Referrer=&_et=29&tfd=16355 HTTP/1.1 Host: analytics.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.avs4you.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:19 UTC	449	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: https://www.avs4you.com Date: Fri, 24 May 2024 15:39:19 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Access-Control-Allow-Credentials: true Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	60683	216.58.206.68	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:19 UTC	814	OUT	GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&_u=YADAAUAAAAAAACAAI~&z=87124993 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.avs4you.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:19 UTC	539	IN	HTTP/1.1 200 OK P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Fri, 24 May 2024 15:39:19 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Content-Type: image/gif X-Content-Type-Options: nosniff Server: cafe Content-Length: 42 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-24 15:39:19 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	60684	74.125.206.156	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:19 UTC	693	OUT	GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&gjid=1175162250&_gid=46386595.1716565154&_u=YADAAUAAAAAAACAAI~&z=1129856423 HTTP/1.1 Host: stats.g.doubleclick.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUmqpvDYlxfcWstlwcoqkKeD4dYxWfdNkHnYfEJyDppLZtaUrWLZz_LyGCWF
2024-05-24 15:39:19 UTC	531	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=10886400; includeSubDomains; preload Date: Fri, 24 May 2024 15:39:19 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Last-Modified: Sun, 17 May 1998 03:00:00 GMT X-Content-Type-Options: nosniff Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 2 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-24 15:39:19 UTC	2	IN	Data Raw: 31 67 Data Ascii: 1g

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	60686	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:19 UTC	1027	OUT	GET /favicon.ico HTTP/1.1 Host: www.avs4you.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
2024-05-24 15:39:20 UTC	450	IN	HTTP/1.1 200 OK Content-Type: image/vnd.microsoft.icon Content-Length: 1359 Connection: close Date: Fri, 24 May 2024 13:32:34 GMT Last-Modified: Tue, 16 Apr 2024 09:58:35 GMT ETag: "f55eb5fe088895007e3e0aa4b5594de2" Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 d71de6704e7765ee132e950c1dd97728.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: vzEp7P2Y2i8iOmicbmPtOeIea46dTpct-Agqh6EgRJu6UjrxrOQmWA== Age: 7606
2024-05-24 15:39:20 UTC	1359	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 06 00 00 00 1f f3 ff 61 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 Data Ascii: PNGIHDRatEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	60687	216.58.206.68	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:20 UTC	579	OUT	GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1338774-7&cid=1987730708.1716565152&jid=1454458642&_u=YADAAUAAAAAAACAAI~&z=87124993 HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-24 15:39:20 UTC	539	IN	HTTP/1.1 200 OK P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Fri, 24 May 2024 15:39:20 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Content-Type: image/gif X-Content-Type-Options: nosniff Server: cafe Content-Length: 42 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-05-24 15:39:20 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	60691	173.222.162.32	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:22 UTC	2301	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A4109000CC6 X-BM-CBT: 1696420817 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 60 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: 0912CF9094994CFA88DE52C6FB19D4E1 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109000CC6 X-MSEdge-ExternalExp: bfbwsbrs0830tf,d-thshldspcl40,msbdsborgv2co,msbwdsbi920t1,spofglclicksh-c2,webtophit0r_t,wsbmsaqfuxtc,wsbqfasmsall_t,wsbqfminiserp400,wsbref-t X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=0; DaylightBias=-60; TimeZoneKeyName=GMT Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2236 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=6666694284484FA1B35CCB433D42E997; _SS=SID=193A581F83766B4319784BBF829B6A16&CPID=1696420820117&AC=1&CPH=e5c79613&CBV=39942242; _EDGE_S=SID=193A581F83766B4319784BBF829B6A16; SRCHUID=V=2&GUID=BA43D82178364AEA9C1EE6C32BE93416&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231003; SRCHHPGUSR=SRCHLANG=en&LUT=1696420817741&IPMH=425591ef&IPMID=1696420817913&HV=1696417346; ANON=A=6D8F9DF00282E660E425530EFFFFFFFF; CortanaAppUID=4C9C2B2D0465FD7A42C74C7E93CFB630; MUIDB=6666694284484FA1B35CCB433D42E997
2024-05-24 15:39:22 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-05-24 15:39:22 UTC	2235	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 36 36 36 36 36 39 34 32 38 34 34 38 34 46 41 31 42 33 35 43 43 42 34 33 33 44 34 32 45 39 39 37 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 38 39 32 46 41 30 37 38 38 36 34 31 34 42 44 46 38 45 45 31 37 36 34 41 35 39 46 46 33 39 43 36 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>6666694284484FA1B35CCB433D42E997</CID><Events><E><T>Event.ClientInst</T><IG>892FA07886414BDF8EE1764A59FF39C6</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-05-24 15:39:22 UTC	479	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 581F13C916A444489AC6CFD5A3BBE684 Ref B: LAX311000113047 Ref C: 2024-05-24T15:39:22Z Date: Fri, 24 May 2024 15:39:22 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.20a6dc17.1716565162.47dc8bd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	60697	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:38 UTC	1305	OUT	GET /ed7f220203bc9be09c14ffd0c19f9a1d0b534e3f-82d027f8e710db6311dc.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
2024-05-24 15:39:39 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 58704 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:33 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:39 GMT ETag: "38191e85868aa537e274b9f3da65f548" X-Cache: RefreshHit from cloudfront Via: 1.1 cc2247fba5ef27d286a255150dad2710.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: gip9RQJpU01QIabrNldEdcAG9yXtgSKKpJUJGwb1Zscba_nX4Q83UA==
2024-05-24 15:39:39 UTC	16384	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 65 64 37 66 32 32 30 32 30 33 62 63 39 62 65 30 39 63 31 34 66 66 64 30 63 31 39 66 39 61 31 64 30 62 35 33 34 65 33 66 2d 38 32 64 30 32 37 66 38 65 37 31 30 64 62 36 33 31 31 64 63 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 34 5d 2c 7b 22 32 6f 51 41 22 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6e 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 3b 66 Data Ascii: /! For license information please see ed7f220203bc9be09c14ffd0c19f9a1d0b534e3f-82d027f8e710db6311dc.js.LICENSE.txt /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[4],{"2oQA":function(e,t,n){var r;!function(){"use strict";var n={}.hasOwnProperty;f
2024-05-24 15:39:39 UTC	15571	IN	Data Raw: 28 70 2c 66 29 2c 22 64 61 74 61 2d 69 6e 64 65 78 22 3a 66 2c 63 6c 61 73 73 4e 61 6d 65 3a 28 30 2c 69 2e 64 65 66 61 75 6c 74 29 28 6d 2c 77 29 2c 74 61 62 49 6e 64 65 78 3a 22 2d 31 22 2c 22 61 72 69 61 2d 68 69 64 64 65 6e 22 3a 21 6d 5b 22 73 6c 69 63 6b 2d 61 63 74 69 76 65 22 5d 2c 73 74 79 6c 65 3a 76 28 7b 6f 75 74 6c 69 6e 65 3a 22 6e 6f 6e 65 22 7d 2c 70 2e 70 72 6f 70 73 2e 73 74 79 6c 65 7c 7c 7b 7d 2c 7b 7d 2c 79 29 2c 6f 6e 43 6c 69 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 70 2e 70 72 6f 70 73 26 26 70 2e 70 72 6f 70 73 2e 6f 6e 43 6c 69 63 6b 26 26 70 2e 70 72 6f 70 73 2e 6f 6e 43 6c 69 63 6b 28 74 29 2c 65 2e 66 6f 63 75 73 4f 6e 53 65 6c 65 63 74 26 26 65 2e 66 6f 63 75 73 4f 6e 53 65 6c 65 63 74 28 68 29 7d 7d 29 29 2c 65 2e 69 6e Data Ascii: (p,f),"data-index":f,className:(0,i.default)(m,w),tabIndex:"-1","aria-hidden":!m["slick-active"],style:v({outline:"none"},p.props.style\|\|{},{},y),onClick:function(t){p.props&&p.props.onClick&&p.props.onClick(t),e.focusOnSelect&&e.focusOnSelect(h)}})),e.in
2024-05-24 15:39:39 UTC	16384	IN	Data Raw: 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 28 65 2c 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 73 28 6e 29 29 3a 62 28 6e 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 6e 2c 74 29 29 7d 29 29 7d 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 77 28 65 29 7b 72 65 74 75 72 6e 28 77 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 5f 5f 70 72 Data Ascii: ject.defineProperties(e,Object.getOwnPropertyDescriptors(n)):b(n).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function w(e){return(w=Object.setPrototypeOf?Object.getPrototypeOf:function(e){return e.__pr
2024-05-24 15:39:39 UTC	10365	IN	Data Raw: 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 76 61 6c 75 65 3a 6e 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 7d 29 3a 65 5b 74 5d 3d 6e 2c 65 7d 76 61 72 20 63 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 75 28 65 29 2c 72 3d 64 28 65 29 2c 69 3d 6e 3b 69 3c 72 3b 69 2b 2b 29 65 2e 6c 61 7a 79 4c 6f 61 64 65 64 4c 69 73 74 2e 69 6e 64 65 78 4f 66 28 69 29 3c 30 26 26 74 2e 70 75 73 68 28 69 29 3b 72 65 74 75 72 6e 20 74 7d 3b 74 2e 67 65 74 4f 6e 44 65 6d 61 6e 64 4c 61 7a 79 53 6c 69 64 65 73 3d 63 3b 74 2e 67 65 74 52 65 71 75 69 72 65 64 4c 61 7a 79 53 6c 69 64 65 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 Data Ascii: ct.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}var c=function(e){for(var t=[],n=u(e),r=d(e),i=n;i<r;i++)e.lazyLoadedList.indexOf(i)<0&&t.push(i);return t};t.getOnDemandLazySlides=c;t.getRequiredLazySlides=function(e){f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	60698	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:38 UTC	1305	OUT	GET /ead3ba2693165d7b73a42f285fc121a8252cf06a-642d45fdbaba40596fd0.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
2024-05-24 15:39:39 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 16608 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:33 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:39 GMT ETag: "7d8d30f6659dd3e1dfbe59502c38e59c" X-Cache: RefreshHit from cloudfront Via: 1.1 88d6646ed14bd90fdf5ea3462649e074.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: j5unZrp5tXmh23g1iNqbg0B-KEBSEFDiG-UDaXI6SQgGT82o5S29LQ==
2024-05-24 15:39:39 UTC	15939	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 65 61 64 33 62 61 32 36 39 33 31 36 35 64 37 62 37 33 61 34 32 66 32 38 35 66 63 31 32 31 61 38 32 35 32 63 66 30 36 61 2d 36 34 32 64 34 35 66 64 62 61 62 61 34 30 35 39 36 66 64 30 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 36 5d 2c 7b 46 54 34 34 3a 66 75 6e 63 74 69 6f 6e 28 69 2c 73 2c 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6f 3d 65 28 22 71 31 74 49 22 29 2c 72 3d 65 2e 6e 28 6f 29 2c 6e 3d 65 28 22 76 4f 6e 44 22 29 2c 61 3d 65 28 22 35 56 79 Data Ascii: /! For license information please see ead3ba2693165d7b73a42f285fc121a8252cf06a-642d45fdbaba40596fd0.js.LICENSE.txt /(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[6],{FT44:function(i,s,e){"use strict";var o=e("q1tI"),r=e.n(o),n=e("vOnD"),a=e("5Vy
2024-05-24 15:39:39 UTC	669	IN	Data Raw: 49 4f 4e 3a 77 7d 2c 68 2e 43 50 55 3d 7b 41 52 43 48 49 54 45 43 54 55 52 45 3a 22 61 72 63 68 69 74 65 63 74 75 72 65 22 7d 2c 68 2e 44 45 56 49 43 45 3d 7b 4d 4f 44 45 4c 3a 61 2c 56 45 4e 44 4f 52 3a 6c 2c 54 59 50 45 3a 64 2c 43 4f 4e 53 4f 4c 45 3a 22 63 6f 6e 73 6f 6c 65 22 2c 4d 4f 42 49 4c 45 3a 63 2c 53 4d 41 52 54 54 56 3a 62 2c 54 41 42 4c 45 54 3a 75 2c 57 45 41 52 41 42 4c 45 3a 22 77 65 61 72 61 62 6c 65 22 2c 45 4d 42 45 44 44 45 44 3a 22 65 6d 62 65 64 64 65 64 22 7d 2c 68 2e 45 4e 47 49 4e 45 3d 7b 4e 41 4d 45 3a 74 2c 56 45 52 53 49 4f 4e 3a 77 7d 2c 68 2e 4f 53 3d 7b 4e 41 4d 45 3a 74 2c 56 45 52 53 49 4f 4e 3a 77 7d 2c 76 6f 69 64 20 30 21 3d 3d 73 3f 28 76 6f 69 64 20 30 21 3d 3d 69 26 26 69 2e 65 78 70 6f 72 74 73 26 26 28 73 3d 69 Data Ascii: ION:w},h.CPU={ARCHITECTURE:"architecture"},h.DEVICE={MODEL:a,VENDOR:l,TYPE:d,CONSOLE:"console",MOBILE:c,SMARTTV:b,TABLET:u,WEARABLE:"wearable",EMBEDDED:"embedded"},h.ENGINE={NAME:t,VERSION:w},h.OS={NAME:t,VERSION:w},void 0!==s?(void 0!==i&&i.exports&&(s=i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	60696	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:38 UTC	1305	OUT	GET /1b9a2f2d6d29c30dd1e8760cd3a43981f2804204-435dd3d34a8fa193caf3.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
2024-05-24 15:39:39 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 18534 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:25 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:40 GMT ETag: "697cdf6166e7ef974d33221c0758ab87" X-Cache: RefreshHit from cloudfront Via: 1.1 9d213bbde01ff71af70e3a8fd7017940.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: rDCEUZpV9Xr8I5iWdViXKGSUL_yWd90ISuH08zyiEVlZ1clB8YPkcQ==
2024-05-24 15:39:39 UTC	15939	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 37 5d 2c 7b 22 2f 53 34 4b 22 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 74 2c 65 2c 72 2c 6e 2c 6f 2c 69 2c 61 29 7b 74 72 79 7b 76 61 72 20 63 3d 74 5b 69 5d 28 61 29 2c 73 3d 63 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 70 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 72 28 70 29 7d 63 2e 64 6f 6e 65 3f 65 28 73 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 73 29 2e 74 68 65 6e 28 6e 2c 6f 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 68 69 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[7],{"/S4K":function(t,e,r){"use strict";function n(t,e,r,n,o,i,a){try{var c=t[i](a),s=c.value}catch(p){return void r(p)}c.done?e(s):Promise.resolve(s).then(n,o)}function o(t){return function(){var e=thi
2024-05-24 15:39:39 UTC	2595	IN	Data Raw: 63 26 26 73 29 7b 69 66 28 74 68 69 73 2e 70 72 65 76 3c 69 2e 63 61 74 63 68 4c 6f 63 29 72 65 74 75 72 6e 20 6e 28 69 2e 63 61 74 63 68 4c 6f 63 2c 21 30 29 3b 69 66 28 74 68 69 73 2e 70 72 65 76 3c 69 2e 66 69 6e 61 6c 6c 79 4c 6f 63 29 72 65 74 75 72 6e 20 6e 28 69 2e 66 69 6e 61 6c 6c 79 4c 6f 63 29 7d 65 6c 73 65 20 69 66 28 63 29 7b 69 66 28 74 68 69 73 2e 70 72 65 76 3c 69 2e 63 61 74 63 68 4c 6f 63 29 72 65 74 75 72 6e 20 6e 28 69 2e 63 61 74 63 68 4c 6f 63 2c 21 30 29 7d 65 6c 73 65 7b 69 66 28 21 73 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 74 72 79 20 73 74 61 74 65 6d 65 6e 74 20 77 69 74 68 6f 75 74 20 63 61 74 63 68 20 6f 72 20 66 69 6e 61 6c 6c 79 22 29 3b 69 66 28 74 68 69 73 2e 70 72 65 76 3c 69 2e 66 69 6e 61 6c 6c 79 4c 6f Data Ascii: c&&s){if(this.prev<i.catchLoc)return n(i.catchLoc,!0);if(this.prev<i.finallyLoc)return n(i.finallyLoc)}else if(c){if(this.prev<i.catchLoc)return n(i.catchLoc,!0)}else{if(!s)throw new Error("try statement without catch or finally");if(this.prev<i.finallyLo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	60695	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:38 UTC	1305	OUT	GET /9dca3c060c98a2ec0e5a6368c886bb5833c66958-6c0ebfb674551fc6862e.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
2024-05-24 15:39:39 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 22234 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:26 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:39 GMT ETag: "2aaa7015496cc202f82d9bcede5aee1e" X-Cache: RefreshHit from cloudfront Via: 1.1 80836ce32819cf946e10c3b85dbce514.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: jDAbBHeTsQC9-fhe4m6yc-GzjwlCrlViWrjKQufq0EJHsEUvxeDjlA==
2024-05-24 15:39:39 UTC	16384	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 31 32 5d 2c 7b 41 4e 4a 73 3a 66 75 6e 63 74 69 6f 6e 28 66 2c 49 29 7b 66 2e 65 78 70 6f 72 74 73 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 4d 55 41 41 41 42 41 43 41 59 41 41 41 43 71 52 62 4f 62 41 41 41 41 43 58 42 49 57 58 4d 41 41 41 73 54 41 41 41 4c 45 77 45 41 6d 70 77 59 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 41 41 52 6e 51 55 31 42 41 41 43 78 6a 77 76 38 59 51 55 41 41 42 32 34 53 55 52 42 56 48 67 42 37 56 30 4a 58 46 54 56 39 2f 38 43 4d 2b 7a 37 4b 67 67 4b 69 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[12],{ANJs:function(f,I){f.exports="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMUAAABACAYAAACqRbObAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAB24SURBVHgB7V0JXFTV9/8CM+z7KggKi
2024-05-24 15:39:39 UTC	5850	IN	Data Raw: 76 76 38 48 46 32 52 6b 50 54 4a 36 45 6e 79 6e 50 61 56 67 35 31 71 31 4c 4c 41 4c 38 2f 62 42 6c 2b 30 35 52 66 75 4b 52 42 79 66 6a 71 32 38 57 31 50 6b 65 42 6b 38 4c 57 72 70 73 70 5a 69 4b 7a 6a 56 4e 62 75 67 63 49 32 62 72 6d 6d 4c 59 34 49 46 69 47 76 75 35 6d 76 78 70 6a 37 6a 75 47 44 4e 71 75 46 67 4c 76 47 58 72 44 75 77 37 65 4b 6a 56 70 68 65 31 46 4e 65 6c 68 4f 4d 46 76 35 47 52 74 59 56 6f 6f 71 49 69 45 52 74 62 75 35 72 70 77 66 76 75 46 68 57 41 46 69 33 2b 52 61 7a 6a 6e 44 37 74 4f 65 4d 2b 66 75 77 31 72 30 5a 61 74 33 36 6a 32 50 67 47 47 44 71 66 56 39 46 37 65 33 6d 4b 35 50 58 4f 33 58 73 78 59 65 78 4e 6f 6c 4b 53 4e 54 41 78 65 46 30 41 33 32 79 65 4d 63 73 4c 55 70 35 37 35 67 6e 6a 66 6c 35 64 6c 5a 65 62 5a 2f 77 65 77 38 Data Ascii: vv8HF2RkPTJ6EnynPaVg51q1LLAL8/bBl+05RfuKRByfjq28W1PkeBk8LWrpspZiKzjVNbugcI2brmmLY4IFiGvu5mvxpj7juGDNquFgLvGXrDuw7eKjVphe1FNelhOMFv5GRtYVooqIiERtbu5rpwfvuFhWAFi3+RazjnD7tOeM+fuw1r0Zat36j2PgGGDqfV9F7e3mK5PXO3XsxYexNolKSNTAxeF0A32yeMcsLUp575gnjfl5dlZebZ/wew8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	60694	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:38 UTC	1305	OUT	GET /dbfd5dde42d0c6776b28c56d4c3e613fa59d0324-5229893a2299067c0dab.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
2024-05-24 15:39:39 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 12693 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:31 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:39 GMT ETag: "6b93590ae1858dafc820d2af1bd29b9e" X-Cache: RefreshHit from cloudfront Via: 1.1 6cd1874959ee48e26855209aa18a4014.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: _Dza2mDAOXhEwqQp9cngYvQxrwOeZPyg6lKrPxaC5UZDkCC7CGxMjg==
2024-05-24 15:39:39 UTC	12693	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 31 37 5d 2c 7b 22 38 6f 32 6f 22 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 73 28 74 2c 65 29 7b 69 66 28 6e 75 6c 6c 3d 3d 74 29 72 65 74 75 72 6e 7b 7d 3b 76 61 72 20 6e 2c 73 2c 61 3d 7b 7d 2c 6f 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 74 29 3b 66 6f 72 28 73 3d 30 3b 73 3c 6f 2e 6c 65 6e 67 74 68 3b 73 2b 2b 29 6e 3d 6f 5b 73 5d 2c 65 2e 69 6e 64 65 78 4f 66 28 6e 29 3e 3d 30 7c 7c 28 61 5b 6e 5d 3d 74 5b 6e 5d 29 3b 72 65 74 75 72 6e 20 61 7d 6e 2e 64 28 65 2c 22 61 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[17],{"8o2o":function(t,e,n){"use strict";function s(t,e){if(null==t)return{};var n,s,a={},o=Object.keys(t);for(s=0;s<o.length;s++)n=o[s],e.indexOf(n)>=0\|\|(a[n]=t[n]);return a}n.d(e,"a",(function(){retur

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	60699	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:38 UTC	1305	OUT	GET /4a429f41750768c4912c7a69233f153b0200c016-b04f582e48009a30a2ad.js HTTP/1.1 Host: www.avs4you.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.avs4you.com/register.aspx?Type=Install&ProgID=72&URL=Register Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
2024-05-24 15:39:39 UTC	445	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 26486 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:26 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:39 GMT ETag: "2e4a4bb7e33843b1b6433a6e63082b02" X-Cache: RefreshHit from cloudfront Via: 1.1 4082bc3032224eec2bf8c66d45286576.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: 5_kpqAYJUYbcfXL2C5qY8L3KyoFmZZQEl7SekezJvXwDlL21gbKSVQ==
2024-05-24 15:39:39 UTC	15939	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 31 39 5d 2c 7b 22 2f 59 52 45 22 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 61 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6e 3d 74 28 22 71 31 74 49 22 29 2c 69 3d 74 2e 6e 28 6e 29 2c 72 3d 74 28 22 76 4f 6e 44 22 29 2c 6f 3d 74 28 22 35 56 79 30 22 29 2c 6c 3d 72 2e 63 2e 64 69 76 2e 77 69 74 68 43 6f 6e 66 69 67 28 7b 64 69 73 70 6c 61 79 4e 61 6d 65 3a 22 66 72 65 65 2d 66 6c 61 67 5f 5f 53 74 79 6c 65 64 46 72 65 65 46 6c 61 67 22 2c 63 6f 6d 70 6f 6e 65 6e 74 49 64 3a 22 73 63 2d 31 6f 70 64 69 75 7a 2d 30 22 7d 29 28 5b 22 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 2e 66 69 72 73 Data Ascii: (window.webpackJsonp=window.webpackJsonp\|\|[]).push([[19],{"/YRE":function(e,a,t){"use strict";var n=t("q1tI"),i=t.n(n),r=t("vOnD"),o=t("5Vy0"),l=r.c.div.withConfig({displayName:"free-flag__StyledFreeFlag",componentId:"sc-1opdiuz-0"})(["display:block;.firs
2024-05-24 15:39:39 UTC	10547	IN	Data Raw: 41 66 68 4f 2f 77 79 75 33 4d 48 4b 79 50 53 6c 75 62 4e 71 78 75 4f 68 67 73 4e 4d 78 30 6d 62 2b 43 2b 2b 36 6e 33 73 75 75 43 43 31 6d 63 43 2b 58 64 6a 72 33 31 32 38 4d 37 39 71 48 6a 38 53 6c 36 67 58 4d 6c 48 54 70 6c 41 64 4b 6d 64 48 6e 48 52 31 67 54 43 46 4b 74 70 75 6f 6a 70 7a 57 42 42 65 76 2f 31 69 32 42 34 35 6b 58 4e 34 6b 52 34 39 52 50 30 45 69 67 63 61 59 4c 69 52 78 38 65 46 6c 67 2f 74 6d 78 79 6f 44 71 38 6a 2b 4a 69 4e 2f 4b 47 4e 4f 39 59 68 73 31 42 57 67 36 46 4a 71 5a 58 46 51 4d 72 32 57 59 33 6b 42 59 51 58 73 4c 5a 59 50 30 48 66 7a 41 6f 6d 51 6f 50 2f 51 46 32 47 48 4d 41 76 53 70 34 56 63 4d 4a 35 6f 79 37 31 35 58 5a 2f 43 6c 33 4b 51 37 37 7a 58 34 73 49 38 39 39 71 43 51 34 46 39 42 47 2b 4e 78 4b 59 33 70 7a 49 69 73 Data Ascii: AfhO/wyu3MHKyPSlubNqxuOhgsNMx0mb+C++6n3suuCC1mcC+Xdjr3128M79qHj8Sl6gXMlHTplAdKmdHnHR1gTCFKtpuojpzWBBev/1i2B45kXN4kR49RP0EigcaYLiRx8eFlg/tmxyoDq8j+JiN/KGNO9Yhs1BWg6FJqZXFQMr2WY3kBYQXsLZYP0HfzAomQoP/QF2GHMAvSp4VcMJ5oy715XZ/Cl3KQ77zX4sI899qCQ4F9BG+NxKY3pzIis

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	60700	18.244.140.117	443	5212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:39:38 UTC	1039	OUT	GET /page-data/app-data.json HTTP/1.1 Host: www.avs4you.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _vwo_uuid_v2=D7089C87ED9985DECDFE20D474BE53994\|76d0d9c659f6f247740bd2ae94d457e2; _uetsid=c388127019e311efb3d623cf84c9eed1; _uetvid=c38841a019e311ef9afbc3bd4cc02f89; _gcl_au=1.1.781378790.1716565151; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; _vwo_uuid=D7089C87ED9985DECDFE20D474BE53994; _vwo_sn=0%3A1; _vwo_ds=3%3Aa_0%2Ct_0%3A0%241716565149%3A5.02819239%3A%3A%3A25_0%3A0; _ga_BWSZ9WEBRH=GS1.1.1716565152.1.0.1716565152.60.0.0; _gid=GA1.2.46386595.1716565154; _gat_gtag_UA_1338774_7=1; _clck=tuiybo%7C2%7Cfm1%7C0%7C1605; _ga_FEYVLL88YK=GS1.1.1716565153.1.0.1716565153.60.0.0; _ga=GA1.1.1987730708.1716565152; _clsk=93nkzx%7C1716565156761%7C1%7C1%7Cs.clarity.ms%2Fcollect
2024-05-24 15:39:38 UTC	438	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 50 Connection: close Last-Modified: Tue, 16 Apr 2024 09:58:44 GMT Server: AmazonS3 Date: Fri, 24 May 2024 15:39:10 GMT ETag: "b961a03fe5bb8eb7d3324058193aa444" X-Cache: Hit from cloudfront Via: 1.1 e0389dce33f3ab76770520feb1331814.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P7 X-Amz-Cf-Id: yA_V6UvWfHRma-jS-rbltkdEd72JTTIbucdBOqAgJI024aLvgZH5EQ== Age: 29
2024-05-24 15:39:38 UTC	50	IN	Data Raw: 7b 22 77 65 62 70 61 63 6b 43 6f 6d 70 69 6c 61 74 69 6f 6e 48 61 73 68 22 3a 22 31 37 62 36 61 35 32 30 36 37 36 31 32 35 62 66 65 36 61 32 22 7d 0a Data Ascii: {"webpackCompilationHash":"17b6a520676125bfe6a2"}

Target ID:	0
Start time:	11:38:02
Start date:	24/05/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe"
Imagebase:	0x400000
File size:	10'891'576 bytes
MD5 hash:	166DFFBE964C48C778E24617EC1A683D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	11:38:03
Start date:	24/05/2024
Path:	C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-C3A8T.tmp\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmp" /SL5="$1044A,10568020,53248,C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe"
Imagebase:	0x400000
File size:	685'056 bytes
MD5 hash:	52950AC9E2B481453082F096120E355A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000001.00000003.2227693678.0000000005190000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 4%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	11:38:41
Start date:	24/05/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\vcredist.msi"
Imagebase:	0xef0000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	11:38:41
Start date:	24/05/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff7fd2d0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	11:38:42
Start date:	24/05/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 82837F4300B66549CD108A749FF00E18
Imagebase:	0xef0000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	11:38:47
Start date:	24/05/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSYouTubeUploader.dll"
Imagebase:	0x600000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	11:38:47
Start date:	24/05/2024
Path:	C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en
Imagebase:	0x400000
File size:	5'800'072 bytes
MD5 hash:	23BF66DE2827671BB16D26A077D530B7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	11:38:47
Start date:	24/05/2024
Path:	C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-USLLL.tmp\Registration.tmp" /SL5="$304A0,5538535,53248,C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\Registration.exe" /VERYSILENT /SUPPRESSMSGBOXES /GROUP="AVS4YOU" /LANG=en
Imagebase:	0x400000
File size:	685'056 bytes
MD5 hash:	52950AC9E2B481453082F096120E355A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000000A.00000003.2170003066.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 4%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	11:38:49
Start date:	24/05/2024
Path:	C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Imagebase:	0x400000
File size:	1'714'544 bytes
MD5 hash:	097CF14425923F9A4A72C775E768F381
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	11:38:50
Start date:	24/05/2024
Path:	C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-BLQHA.tmp\AVS4YOUSoftwareNavigator.tmp" /SL5="$104D6,1455797,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVS4YOUSoftwareNavigator.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Imagebase:	0x400000
File size:	685'056 bytes
MD5 hash:	52950AC9E2B481453082F096120E355A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 4%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	11:38:52
Start date:	24/05/2024
Path:	C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Imagebase:	0x400000
File size:	1'947'336 bytes
MD5 hash:	C8814999AA2AAE4F1FF915C4B0B40912
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	11:38:53
Start date:	24/05/2024
Path:	C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-868GU.tmp\AVSUpdateManager.tmp" /SL5="$A04F2,1689432,53248,C:\Program Files (x86)\Common Files\AVSMedia\Registration\AVSUpdateManager.exe" /VERYSILENT /SUPPRESSMSGBOXES /LANG=en
Imagebase:	0x400000
File size:	685'056 bytes
MD5 hash:	52950AC9E2B481453082F096120E355A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000010.00000003.2165588256.0000000004E90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000010.00000003.2165588256.0000000005259000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 4%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	11:38:56
Start date:	24/05/2024
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ATL.dll"
Imagebase:	0x600000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	11:38:59
Start date:	24/05/2024
Path:	C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\AVS4YOU\AVSYouTubeUploader\AVSYouTubeUploader.exe"
Imagebase:	0x400000
File size:	4'329'032 bytes
MD5 hash:	9EE026F5D3E90F185BF63530B6EE430F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000012.00000000.2223269311.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	11:39:00
Start date:	24/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.avs4you.com/Register.aspx?Type=Install&ProgID=72&URL=Register
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	11:39:01
Start date:	24/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1968,i,9419666226059867181,14086244882520364381,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	11:39:04
Start date:	24/05/2024
Path:	C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe
Wow64 process (32bit):	true
Commandline:	C:\PROGRA~2\AVS4YOU\AVSUPD~1\AVSUPD~1.EXE 78
Imagebase:	0x400000
File size:	4'413'000 bytes
MD5 hash:	944C112343725E72E627CF8DBC5C4AE0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000016.00000000.2272634371.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	22.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.4%
Total number of Nodes:	1523
Total number of Limit Nodes:	27

Executed Functions

Function 00409948 Relevance: 7.6, APIs: 5, Instructions: 78
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?), ref: 0040995A
VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409965
VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 004099A6
VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 004099D8
VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 004099E8

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Virtual$ProtectQuery$InfoSystem
String ID:
API String ID: 2441996862-0
Opcode ID: 2c2c90e72dc40e46b51dc553d84ebc029875cc2798a18ec57c7a7b28b8fc0619
Instruction ID: c51dc94dc7e70e4f078c95023904a162ea503a2a47d9e89981edb447ffe3f24e
Opcode Fuzzy Hash: 2c2c90e72dc40e46b51dc553d84ebc029875cc2798a18ec57c7a7b28b8fc0619
Instruction Fuzzy Hash: 5F216DF12002046BDA309A598D85E6BB7D89B45360F08492FFA89E37C3D738ED40D669

Function 0040515C Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 8ef9b48ed96d6a8df8db933101511442404bdd0abec70889978d036278c5d13e
Instruction ID: b78bf48cff894a3999656c5243e329942f020ab22272e2e872fdbeeaebf0035e
Opcode Fuzzy Hash: 8ef9b48ed96d6a8df8db933101511442404bdd0abec70889978d036278c5d13e
Instruction Fuzzy Hash: EDE09271B0021426D711A9699C86AEB735DDB58310F0006BFB904EB3C6EDB49E8046ED

Function 00408EFC Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00408F95,?,?,?,?,00000000,?,00409A87), ref: 00408F1C
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408F22
GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,Wow64DisableWow64FsRedirection,00000000,00408F95,?,?,?,?,00000000,?,00409A87), ref: 00408F36
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408F3C

Strings

Wow64DisableWow64FsRedirection, xrefs: 00408F12
shell32.dll, xrefs: 00408F68
Wow64RevertWow64FsRedirection, xrefs: 00408F2C
kernel32.dll, xrefs: 00408F17, 00408F31

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
API String ID: 1646373207-2130885113
Opcode ID: 8f04cc14bccfcdb17213992c023d8f7c3ecead8bf0913e3ac44b7e7d270b511d
Instruction ID: ef4badd54955bda93fd7c631ce084268f05c1d5093e10ec72b10b69b713a5d4b
Opcode Fuzzy Hash: 8f04cc14bccfcdb17213992c023d8f7c3ecead8bf0913e3ac44b7e7d270b511d
Instruction Fuzzy Hash: D701F770108301EEE700BB72DE57B163A59D745718F60443FF248761C2CE7C4904CA2D

Function 00409EE4 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00409F40
SetWindowLongA.USER32(0001044A,000000FC,00409730), ref: 00409F57

Part of subcall function 00406AB8: GetCommandLineA.KERNEL32(00000000,00406AFC,?,?,?,?,00000000,?,00409FC8,?), ref: 00406AD0

Part of subcall function 004097BC: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020A0090,004098A8,00000000,0040988F), ref: 0040982C
Part of subcall function 004097BC: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020A0090,004098A8,00000000), ref: 00409840
Part of subcall function 004097BC: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409859
Part of subcall function 004097BC: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 0040986B
Part of subcall function 004097BC: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020A0090,004098A8), ref: 00409874

RemoveDirectoryA.KERNEL32(00000000,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A043
73A25CF0.USER32(0001044A,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A057

Strings

STATIC, xrefs: 00409F39
/SL5="$%x,%d,%d,, xrefs: 00409F97
InnoSetupLdrWindow, xrefs: 00409F34

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryExitLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 978128352-3001827809
Opcode ID: 236cca2b7f0ad913bc20f36f3a7df695144f04c2335042181becfcebe84b62ef
Instruction ID: 4f29ae81ace6c5531c846cbde0b22070d88524e95894dc47e3de1b2ea254153d
Opcode Fuzzy Hash: 236cca2b7f0ad913bc20f36f3a7df695144f04c2335042181becfcebe84b62ef
Instruction Fuzzy Hash: 19412A70600205DFD711EBA9EE85B9E7BA5EB88304F10427BF510B72E2DB789805DB5D

Function 00409F08 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00409394: GetLastError.KERNEL32(00000000,00409437,?,0040B240,?,020A0090), ref: 004093B8

CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00409F40
SetWindowLongA.USER32(0001044A,000000FC,00409730), ref: 00409F57

Part of subcall function 00406AB8: GetCommandLineA.KERNEL32(00000000,00406AFC,?,?,?,?,00000000,?,00409FC8,?), ref: 00406AD0

Part of subcall function 004097BC: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020A0090,004098A8,00000000,0040988F), ref: 0040982C
Part of subcall function 004097BC: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020A0090,004098A8,00000000), ref: 00409840
Part of subcall function 004097BC: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409859
Part of subcall function 004097BC: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 0040986B
Part of subcall function 004097BC: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020A0090,004098A8), ref: 00409874

RemoveDirectoryA.KERNEL32(00000000,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A043
73A25CF0.USER32(0001044A,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A057

Strings

STATIC, xrefs: 00409F39
/SL5="$%x,%d,%d,, xrefs: 00409F97
InnoSetupLdrWindow, xrefs: 00409F34

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryErrorExitLastLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 240127915-3001827809
Opcode ID: cecf565c0961afba62185dae83a1111a0a24350c08567557d89fa88e41d9bdcc
Instruction ID: 8d10768f6f352a97fd7f45d9d75da35781c42c574274e542ef9de71c66c7d0f2
Opcode Fuzzy Hash: cecf565c0961afba62185dae83a1111a0a24350c08567557d89fa88e41d9bdcc
Instruction Fuzzy Hash: 26410B70A00205DBD711EBA9EE86B9E7BA5EB48304F10427BF510B73E2DB789805DB5D

Function 004097BC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020A0090,004098A8,00000000,0040988F), ref: 0040982C
CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020A0090,004098A8,00000000), ref: 00409840
MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409859
GetExitCodeProcess.KERNEL32(?,0040B240), ref: 0040986B
CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020A0090,004098A8), ref: 00409874

Part of subcall function 00409394: GetLastError.KERNEL32(00000000,00409437,?,0040B240,?,020A0090), ref: 004093B8

Strings

D, xrefs: 00409806

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
String ID: D
API String ID: 3356880605-2746444292
Opcode ID: c5e523d568ed87ab69b8de1fa4de2ba8e9d12516204b82cc72ca68b77ef72ee6
Instruction ID: 4b44df64f6e4367ebc453b3e314358db19e806afbd12f45635a8daf6f5489de3
Opcode Fuzzy Hash: c5e523d568ed87ab69b8de1fa4de2ba8e9d12516204b82cc72ca68b77ef72ee6
Instruction Fuzzy Hash: F71145716102086EDB10FBE6CC52F9E77ACDF49714F50413BBA04F72C6DA785D048669

Function 004019DC Relevance: 9.1, APIs: 6, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
LocalFree.KERNEL32(00000000,00000000,00401AB4), ref: 00401A1B
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401AB4), ref: 00401A3A
LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401AB4), ref: 00401A79
RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
String ID:
API String ID: 3782394904-0
Opcode ID: 2760f6fc436d2282df077fa3fe2c561b0ff429e9c23b98cc44d100e589fe962f
Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
Opcode Fuzzy Hash: 2760f6fc436d2282df077fa3fe2c561b0ff429e9c23b98cc44d100e589fe962f
Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D

Function 00409EF6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00409F40
SetWindowLongA.USER32(0001044A,000000FC,00409730), ref: 00409F57
RemoveDirectoryA.KERNEL32(00000000,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A043
73A25CF0.USER32(0001044A,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A057

Strings

/SL5="$%x,%d,%d,, xrefs: 00409F97

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$CreateDirectoryLongRemove
String ID: /SL5="$%x,%d,%d,
API String ID: 3138356250-3932573195
Opcode ID: b613a7ce4edcb41dc67f34e270572c8bd45005561bf10fdcf5b8ae4482e344bf
Instruction ID: 92da378220fa86c3d7769582b63b95c30d1cbd5b696cf01c1bf744cbf4438da8
Opcode Fuzzy Hash: b613a7ce4edcb41dc67f34e270572c8bd45005561bf10fdcf5b8ae4482e344bf
Instruction Fuzzy Hash: B6313870A00205DFC715EBA9EE85B9E3BA5EB48304F10427BE450B73E2DB789805DB9D

Function 00403D02 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
ExitProcess.KERNEL32 ref: 00403DE5

Strings

Runtime error at 00000000, xrefs: 00403D96, 00403DA9
Error, xrefs: 00403D91

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExitMessageProcess
String ID: Error$Runtime error at 00000000
API String ID: 1220098344-2970929446
Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E

Function 00409188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00409277,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091CE
GetLastError.KERNEL32(00000000,00000000,?,00000000,00409277,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091D7

Strings

.tmp, xrefs: 004091B7

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: 2a9b5b531dfd0466f51cddb5784c326d8b9171bad11d05e807471eb9e268ae76
Instruction ID: b3c939f821d6d3b02d73a6ffc60c10d65ff6e2c1a1ef0f9f166dc2fc0ea9728e
Opcode Fuzzy Hash: 2a9b5b531dfd0466f51cddb5784c326d8b9171bad11d05e807471eb9e268ae76
Instruction Fuzzy Hash: 16214774A00209ABDB01EFA1C9429DFB7B9EB88304F50457FE501B73C2DA7C9E058BA5

Function 00409330 Relevance: 5.0, APIs: 4, Instructions: 45
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040934F
Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040935F
GetLastError.KERNEL32(?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 00409372
GetLastError.KERNEL32(?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040937C

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: 3a4a69ca31a42f451232f6dfa0c76d71d3bd0a4d90442bfbcbe60d550a1314de
Instruction ID: e54841d902c556b0a825a3a9b48dc11fcb5fd53647a295a33fe7abc41a02d5de
Opcode Fuzzy Hash: 3a4a69ca31a42f451232f6dfa0c76d71d3bd0a4d90442bfbcbe60d550a1314de
Instruction Fuzzy Hash: C6F0B472A0031497CB34A5EF9986A6F628DEADA768710403BFD04F73C3D538DD014AAD

Function 00409C56 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409CBA

Strings

.tmp, xrefs: 00409D00

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message
String ID: .tmp
API String ID: 2030045667-2986845003
Opcode ID: e37c67d54dac57feaabedb1cd41a5786e804cc8be819c9315e680249df306dc9
Instruction ID: 59ccd3a8e5ff0a6346b3f4a7db234678dac937939a17de0d6313a761c5d443a3
Opcode Fuzzy Hash: e37c67d54dac57feaabedb1cd41a5786e804cc8be819c9315e680249df306dc9
Instruction Fuzzy Hash: B141C130604241DFD715EF29DE92A5A7BA6FB49308B11457AF800B73E2CB79AC01DB9D

Function 00409C71 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409CBA

Strings

.tmp, xrefs: 00409D00

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message
String ID: .tmp
API String ID: 2030045667-2986845003
Opcode ID: f91dc667a2d24a60a81ae003db88dd446dde78fb0bef1b00c0f9948de59b2fab
Instruction ID: 097be32f3f4cb42389ad5c0a501b1885a0adcc09f85d4dbd7a75a59d9c7c1898
Opcode Fuzzy Hash: f91dc667a2d24a60a81ae003db88dd446dde78fb0bef1b00c0f9948de59b2fab
Instruction Fuzzy Hash: 6A41AF30600245DFD715EF29DE92A5A7BA6FB49308B10457AF800B73E2CB79AC01DB9D

Function 00408E14 Relevance: 3.0, APIs: 2, Instructions: 42
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileA.KERNEL32(00000000,00000000,00408E71,?,0000000D,00000000), ref: 00408E4B
GetLastError.KERNEL32(00000000,00000000,00408E71,?,0000000D,00000000), ref: 00408E53

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID:
API String ID: 2018770650-0
Opcode ID: 5ad5950806733bcf976988d4047345537b4de7b768f241e6fe6ec66469b23289
Instruction ID: 8e3a3489f19a851cbc55d1ffa575bc1ec5a38ce87ee949def71102c7139105aa
Opcode Fuzzy Hash: 5ad5950806733bcf976988d4047345537b4de7b768f241e6fe6ec66469b23289
Instruction Fuzzy Hash: 6FF0AF71A04308AACB01DBB59D4189EB3A8EB4871875049BBE804F36C1EA385E0095D8

Function 0040A091 Relevance: 3.0, APIs: 2, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RemoveDirectoryA.KERNEL32(00000000,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A043
73A25CF0.USER32(0001044A,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A057

Part of subcall function 00409330: Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040934F
Part of subcall function 00409330: GetLastError.KERNEL32(?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 00409372
Part of subcall function 00409330: GetLastError.KERNEL32(?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040937C

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$DirectoryRemoveSleep
String ID:
API String ID: 936953547-0
Opcode ID: 0a9a254d274ac92dca22db73f0530a1f3c1fd5e301e13facd71e410900e3005e
Instruction ID: e699c83f6f305330f0c2698d9d65548414d6799202a3aea6d5bad6df6870d186
Opcode Fuzzy Hash: 0a9a254d274ac92dca22db73f0530a1f3c1fd5e301e13facd71e410900e3005e
Instruction Fuzzy Hash: FBF03170641201DBD725EB69EEC9B1637A5AF84309F00413BA101B62F1CB7C8851DB4E

Function 00406EC4 Relevance: 3.0, APIs: 2, Instructions: 33
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNEL32(00008000), ref: 00406ECE
LoadLibraryA.KERNEL32(00000000,00000000,00406F18,?,00000000,00406F36,?,00008000), ref: 00406EFD

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: 730de3fdc093f184fd2de9ac27439434a3bd3e782f0b7281efe78e7bb3385372
Instruction ID: 5e20ffdb52ff7e8261d23daca573ea8644dcd49689b218f11c6781c5bce8f48d
Opcode Fuzzy Hash: 730de3fdc093f184fd2de9ac27439434a3bd3e782f0b7281efe78e7bb3385372
Instruction Fuzzy Hash: D7F089705147047EDB119F769C6241ABBECD749B047534875F910A26D2E53C4C208568

Function 00407544 Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0040755B
GetLastError.KERNEL32(?,?,?,?,00000000), ref: 0040756A

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastRead
String ID:
API String ID: 1948546556-0
Opcode ID: 92944724dee91b38b7ee5b374f910e74d6c8544434624f4b14ecda59d71e3572
Instruction ID: 34e576fd7e6559e3ef6c853e67441063c40c11266019ec046b6cc2e4d5471cd5
Opcode Fuzzy Hash: 92944724dee91b38b7ee5b374f910e74d6c8544434624f4b14ecda59d71e3572
Instruction Fuzzy Hash: ABE06DA1A081507AEB20965AAC85FAB66DC8BC5314F04417BF904DB282C678DC00C27A

Function 00407584 Relevance: 3.0, APIs: 2, Instructions: 30COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,?,?,00000000), ref: 004075A3
GetLastError.KERNEL32(?,?,?,00000000), ref: 004075AB

Part of subcall function 004073A4: GetLastError.KERNEL32(004072A4,00407442,?,?,020903AC,?,00409AE1,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 004073A7

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: 64234936368745cadff0884a95fa07edb9d6d799bdb4626fca8da24a174aceff
Instruction ID: 1215520e40270bbf1c42edbfe5ddbfad2f0444ede1f1e4d22e24bec04403dad1
Opcode Fuzzy Hash: 64234936368745cadff0884a95fa07edb9d6d799bdb4626fca8da24a174aceff
Instruction Fuzzy Hash: 6FE092B66081006BD700D55DC881A9B33DCDFC5364F044136BA54EB2C1D6B5EC008376

Function 004074DC Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 004074F3
GetLastError.KERNEL32(?,00000000,?,00000001), ref: 004074FF

Part of subcall function 004073A4: GetLastError.KERNEL32(004072A4,00407442,?,?,020903AC,?,00409AE1,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 004073A7

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: 7dcdc125b41699120aae8acb46450914bebfaac92dc1c1f3d4146a6219e6b847
Instruction ID: 3a188f8a391a656106576682ef5fc0e36605e971047c99b326a67709d18e7f8b
Opcode Fuzzy Hash: 7dcdc125b41699120aae8acb46450914bebfaac92dc1c1f3d4146a6219e6b847
Instruction Fuzzy Hash: B4E04FB1600210AFEB20EEB98981B9272D89F44364F0485B6EA14DF2C6D274DC00C766

Function 00401430 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: c2c164bf1270d4a813d1c1f6386065a20bb20e5e17a0c6be31043b1a06862ade
Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
Opcode Fuzzy Hash: c2c164bf1270d4a813d1c1f6386065a20bb20e5e17a0c6be31043b1a06862ade
Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9

Function 004051D0 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,00405306), ref: 004051EF

Part of subcall function 00404C2C: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404C49

Part of subcall function 0040515C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DefaultInfoLoadLocaleStringSystem
String ID:
API String ID: 1658689577-0
Opcode ID: 9ea3c66d670cb0c44a2644de082ff92dfdb36693542507e19320d23b5394a13d
Instruction ID: c760dbbb10683706500036a577470844d35ac6ab0c013c9c95042e4326961867
Opcode Fuzzy Hash: 9ea3c66d670cb0c44a2644de082ff92dfdb36693542507e19320d23b5394a13d
Instruction Fuzzy Hash: 3B313D75E00119ABCB00EF95C8C19EEB779FF84304F158977E815BB285E739AE058B98

Function 004068B4 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

CharPrevA.USER32(00000000,00000000,?,?,?,00000000,0040693A,00000000,00406960,?,?,?,?,00000000,?,00406975), ref: 004068DC

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: 71189d5fdb67734adcc989176e972d73cabe0a8508cd7dda32cb2fd1e54b45a1
Instruction ID: 028ce23b60034aad2079abf39c8673be77ca980571763ae766079fdae63e366f
Opcode Fuzzy Hash: 71189d5fdb67734adcc989176e972d73cabe0a8508cd7dda32cb2fd1e54b45a1
Instruction Fuzzy Hash: 59F0BE523019341BC6117A7F18815AFA7888B86709752417FF506FB382DE3EAE6352AE

Function 0040748E Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004074D0

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 15eb5b8bcf830c4b195572af03a6c999168ba8d47e453751ce572d84692466fb
Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
Opcode Fuzzy Hash: 15eb5b8bcf830c4b195572af03a6c999168ba8d47e453751ce572d84692466fb
Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8

Function 00407490 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004074D0

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 460f9172ef9680e9bf065e809d42603cad769bb4ead04fe75bdd308fccde6f1f
Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
Opcode Fuzzy Hash: 460f9172ef9680e9bf065e809d42603cad769bb4ead04fe75bdd308fccde6f1f
Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8

Function 00406918 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

Part of subcall function 004068B4: CharPrevA.USER32(00000000,00000000,?,?,?,00000000,0040693A,00000000,00406960,?,?,?,?,00000000,?,00406975), ref: 004068DC

GetFileAttributesA.KERNEL32(00000000,00000000,00406960,?,?,?,?,00000000,?,00406975,00406CA3,00000000,00406CE8,?,?,?), ref: 00406943

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AttributesCharFilePrev
String ID:
API String ID: 4082512850-0
Opcode ID: ce07a51bfea017e2e55e9614cb9ba507b4cfa1873d9ff840f51688b3279052b8
Instruction ID: 89044d1ea86e4fdb03922753e0a58770fdf95516ab6f2bcb8662fa4781c06fed
Opcode Fuzzy Hash: ce07a51bfea017e2e55e9614cb9ba507b4cfa1873d9ff840f51688b3279052b8
Instruction Fuzzy Hash: 04E09B713043047FD701EFB2DD53E59B7ECD789704B524476B501F7682D5785E108468

Function 004075E0 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004075F7

Part of subcall function 004073A4: GetLastError.KERNEL32(004072A4,00407442,?,?,020903AC,?,00409AE1,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 004073A7

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 40637416ea930bd2570c4396363680a61cc257afb866cc0a67376a26f5c88c76
Instruction ID: cd18fb99e22355188e9d2f817127a110343b64b119c62ac1cd4bac3fbb067e43
Opcode Fuzzy Hash: 40637416ea930bd2570c4396363680a61cc257afb866cc0a67376a26f5c88c76
Instruction Fuzzy Hash: 66E06D726081106BEB10A65ED880E6B67DCCFC6364F04447BBA04EB241C575AC0096B6

Function 004071A8 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00408F7F,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,Wow64DisableWow64FsRedirection,00000000,00408F95), ref: 004071C7

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: b5d7a52e02d208d464bf7f6ecdaab9899475a573c382e68083ca8db3329c0493
Instruction ID: 5be2c53bb0bc0b7205463fa080de9070734fc39b970025fcf129f6524892d52e
Opcode Fuzzy Hash: b5d7a52e02d208d464bf7f6ecdaab9899475a573c382e68083ca8db3329c0493
Instruction Fuzzy Hash: F8E0D8B179830135F22500A44C87B76160E4780700F20403A3B10EE3D2D9BEA50A415F

Function 004075C4 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNEL32(?,020C0000,00409E9B,00000000), ref: 004075CB

Part of subcall function 004073A4: GetLastError.KERNEL32(004072A4,00407442,?,?,020903AC,?,00409AE1,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 004073A7

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLast
String ID:
API String ID: 734332943-0
Opcode ID: db8739a5fd2cf61c38ac8d555984da3fa994a5017d3c1d655494e9af8eb405ba
Instruction ID: 3dced8f94abca6fd64a7c9696b134c452ef52fe1396460a469a389ba9e9200de
Opcode Fuzzy Hash: db8739a5fd2cf61c38ac8d555984da3fa994a5017d3c1d655494e9af8eb405ba
Instruction Fuzzy Hash: 78C04CA160410057DB50A7BE8AC2A0672D85F5820430441B6B908DB287D678EC009615

Function 00406F1F Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,00406F3D), ref: 00406F30

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 3473aa6fdb671349066f074fc3b2aebd5c1d3b8cb352d1e979c386aa55b3b604
Instruction ID: f94a5d2238f2ee5303b4d558b5d93000027bb0092eeb8c65c9d9a83f01a259cd
Opcode Fuzzy Hash: 3473aa6fdb671349066f074fc3b2aebd5c1d3b8cb352d1e979c386aa55b3b604
Instruction Fuzzy Hash: A4B09BB661C2015DE705DAD5745153863D4D7C47103E14577F114D25C0D53C94154518

Function 00406F3B Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,00406F3D), ref: 00406F30

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 5557acf2148e23312bf2bdc7768f633380236e382c485dac7de260305449c299
Instruction ID: 8ce709a7dcc0858879a49907ae7d49f16bd3fabbd46d8b550b3201db24fc95e8
Opcode Fuzzy Hash: 5557acf2148e23312bf2bdc7768f633380236e382c485dac7de260305449c299
Instruction Fuzzy Hash: 46A022B8C00003B2CE80E2F08080A3C23282A883003C00AA2320EB2080C23EC0000A0A

Function 00407DB4 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407E44

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4b604b7c04c55a97cf12a425da2613599e639526dade8246110179d0dcd9af86
Instruction ID: e346e479d4e19dc6fbf4ec70e04c611644565a823529d475df5ed673f567dbda
Opcode Fuzzy Hash: 4b604b7c04c55a97cf12a425da2613599e639526dade8246110179d0dcd9af86
Instruction Fuzzy Hash: 521172716082059BDB10FF19C881B5B3794AF84359F04847AF958AB3C6DA38EC008B6B

Function 00401658 Relevance: 1.3, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(00000000,00000000,00004000,?,?,?,?,?,004018BF), ref: 004016B2

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: a2f32dd8ef58eb042d1926e7c5d87192c2fb778a874e681f692e1318d4ea2181
Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
Opcode Fuzzy Hash: a2f32dd8ef58eb042d1926e7c5d87192c2fb778a874e681f692e1318d4ea2181
Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8

Function 00407460 Relevance: 1.3, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 00407470

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 57bb830fb3630d9a83ec57f7eac22a277ae175c199a92d969abe11a9c095749b
Instruction ID: 0a303eee8e17872e34e3f08f3f74197a254d67d3e0467507f6d8b9a4d6bdce8a
Opcode Fuzzy Hash: 57bb830fb3630d9a83ec57f7eac22a277ae175c199a92d969abe11a9c095749b
Instruction Fuzzy Hash: 9FD0A7C1B00A6017D315F6BF498865B96C85F88685F08843BF684E73D1D67CAC00C3CD

Function 00407D5C Relevance: 1.3, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,00407E3A), ref: 00407D73

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: f18d662fc38f0284a7c8bdb2170b2a8644905928442529ab0c2341243e9dd2c5
Instruction ID: 987a95dec6bedafdacc6f30d71d69a0298e18a8a9a30f6cccb61f0e346f0d057
Opcode Fuzzy Hash: f18d662fc38f0284a7c8bdb2170b2a8644905928442529ab0c2341243e9dd2c5
Instruction Fuzzy Hash: 6FD0E9B17557045BDB90EEB94CC1B1237D97F48600F5044B66904EB296E674E800D614

Non-executed Functions

Function 004092A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028), ref: 004092AF
OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004092B5
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004092CE
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 004092F5
GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004092FA
ExitWindowsEx.USER32(00000002,00000000), ref: 0040930B

Strings

SeShutdownPrivilege, xrefs: 004092C7

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: 2a0162333a77e08806ee048c8adb2592b0adbd8e17023ac1d43b711a23017a7c
Instruction ID: 46e638963846eb8b1a8eef1e5041d40b59806408d3aca7422040dec9ba119927
Opcode Fuzzy Hash: 2a0162333a77e08806ee048c8adb2592b0adbd8e17023ac1d43b711a23017a7c
Instruction Fuzzy Hash: 3FF012B079430276E620AAB58D07F6B62885BC5B48F50493EBA51FA1D3D7BCD8044A6E

Function 00409A04 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409A0E
SizeofResource.KERNEL32(00000000,00000000,?,00409AF9,00000000,0040A08C,?,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 00409A21
LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,00409AF9,00000000,0040A08C,?,00000001,00000000,00000002,00000000,0040A0D4,?,00000000), ref: 00409A33
LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00409AF9,00000000,0040A08C,?,00000001,00000000,00000002,00000000,0040A0D4), ref: 00409A44

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: 13ffe1952f0d95e29d084444e35be522072a07585fb49b2685a126b429e6487b
Instruction ID: d67f3324bf52c58dde7a17cbdb2efc6a036c8c105ddb558a6a56d7c7a7ea3d45
Opcode Fuzzy Hash: 13ffe1952f0d95e29d084444e35be522072a07585fb49b2685a126b429e6487b
Instruction Fuzzy Hash: 30E07E913A434225FA6036F708C3B6A014C8BA670EF04503BBB00792C3DEBC8C04452E

Function 004051A8 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004053AA,?,?,?,00000000,0040555C), ref: 004051BB

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 5ea09b3054f78be8d61aadd1ef4a431fb4c5ee7ddbf8397ee2588b1f4940bcb7
Instruction ID: dec8dcb9893e8432c944e1b70884c8cc40709e939aac0c2d0d2241257bb7fc31
Opcode Fuzzy Hash: 5ea09b3054f78be8d61aadd1ef4a431fb4c5ee7ddbf8397ee2588b1f4940bcb7
Instruction Fuzzy Hash: D3D05EB631E6502AE210519B2D85EBB4EACCAC57A4F14443BF648DB242D2248C069776

Function 004026C4 Relevance: 1.5, APIs: 1, Instructions: 20timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 004026CE

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: SystemTime
String ID:
API String ID: 2656138-0
Opcode ID: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
Instruction ID: 69442b1fa125f02c17f5f00667ba5619268a94e84ed87230136e9e38920861ba
Opcode Fuzzy Hash: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
Instruction Fuzzy Hash: 14E04F21E0010A82C704ABA5CD435EDF7AEAB95600B044272A418E92E0F631C251C748

Function 00405C44 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,00406540,00000000,0040654E,?,?,?,?,?,00409A78), ref: 00405C52

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: b3c8fce3f516c1eeee7654ac00498b0e6f5204205adccd6d1250d5bfc2945711
Instruction ID: 6a84e84a5bdb2c7c5b206d002f2a3fc227ad50a79849cf1aa773f1ea3c1cbc6a
Opcode Fuzzy Hash: b3c8fce3f516c1eeee7654ac00498b0e6f5204205adccd6d1250d5bfc2945711
Instruction Fuzzy Hash: 5AC0126040470186E7109B319C42B1672D4A744310F4805396DA4953C2E73C81018A5A

Function 004082E8 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
Instruction ID: bf64fe3dbf7489daa5b396f442bfdc43c732794851cc1dd68f6a4bedb61b4a1f
Opcode Fuzzy Hash: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
Instruction Fuzzy Hash: 7F32E875E00219DFCB14CF99CA80A9DB7B2BF88314F24816AD855B7395DB34AE42CF54

Function 00406F48 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0040704D), ref: 00406F71
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00406F77
RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0040704D), ref: 00406FC5

Strings

GetUserDefaultUILanguage, xrefs: 00406F67
kernel32.dll, xrefs: 00406F6C
Control Panel\Desktop\ResourceLocale, xrefs: 00406FD4
.DEFAULT\Control Panel\International, xrefs: 00406F9C
Locale, xrefs: 00406FB4

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: f607686cc0d7273f9df9d94dd6e76e9aefdf0fdd96e28e4fed3be5d0e4603d73
Instruction ID: 82a514a35929d101a3f87db01d263b67a2005a07a92a8f1bbb0e3c876c3699bd
Opcode Fuzzy Hash: f607686cc0d7273f9df9d94dd6e76e9aefdf0fdd96e28e4fed3be5d0e4603d73
Instruction Fuzzy Hash: F3214130E44209AFDB10EAA1CC56B9F77B8AB44304F60857BA605F72C1D77CAA05C79E

Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
GetLastError.KERNEL32(000000F5), ref: 00403C1E

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
String ID:
API String ID: 1694776339-0
Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D

Function 00405314 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,0040555C,?,?,?,?,00000000,00000000,00000000,?,0040653B,00000000,0040654E), ref: 0040532E

Part of subcall function 0040515C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A

Part of subcall function 004051A8: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004053AA,?,?,?,00000000,0040555C), ref: 004051BB

Strings

AMPM, xrefs: 004054F9
m/d/yy, xrefs: 004053FD
mmmm d, yyyy, xrefs: 0040541F
:mm, xrefs: 00405510
:mm:ss, xrefs: 0040552A

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: InfoLocale$DefaultSystem
String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
API String ID: 1044490935-665933166
Opcode ID: 161572950381ad7cbc257d6fe5eb76d638651fb1e2415ab537dea70fc89fa197
Instruction ID: f22f4b18e1885e1925b87b286fa486de3d96a381b4aec2b7527aff107c54c5fa
Opcode Fuzzy Hash: 161572950381ad7cbc257d6fe5eb76d638651fb1e2415ab537dea70fc89fa197
Instruction Fuzzy Hash: 8E514234B00648ABDB00EBA59C91B9F776ADB89304F50957BB514BB3C6CA3DCA058B5C

Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide$AllocString
String ID:
API String ID: 262959230-0
Opcode ID: daf431a3c2bb6397145c0312c95092c7dd6e0c4ca2be07fc82856b41fd6094de
Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
Opcode Fuzzy Hash: daf431a3c2bb6397145c0312c95092c7dd6e0c4ca2be07fc82856b41fd6094de
Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD

Function 00401918 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,020903FC,?,00000000,?,?,00401B95,00401BAA,00401CEE), ref: 0040192E
RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,020903FC,?,00000000,?,?,00401B95,00401BAA,00401CEE), ref: 00401941
LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,020903FC,?,00000000,?,?,00401B95,00401BAA,00401CEE), ref: 0040196B
RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,020903FC,?,00000000,?,?,00401B95,00401BAA,00401CEE), ref: 004019C8

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$AllocEnterInitializeLeaveLocal
String ID:
API String ID: 730355536-0
Opcode ID: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
Opcode Fuzzy Hash: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D

Function 004030DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00409A6E), ref: 004030E3
GetCommandLineA.KERNEL32(00000000,00409A6E), ref: 004030EE

Strings

U1hd.@, xrefs: 00403103

Memory Dump Source

Source File: 00000000.00000002.2245719739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2245513344.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245763568.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2245802563.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CommandHandleLineModule
String ID: U1hd.@
API String ID: 2123368496-2904493091
Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD

Analysis Process: SecuriteInfo.com.Adware.InstallCore.768.3584.23489.tmpPID: 6008, Parent PID: 6896COMMON

Execution Graph

Execution Coverage:	19.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	7.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	127

Executed Functions

Function 00485FE0 Relevance: 136.6, APIs: 22, Strings: 55, Instructions: 1871COMMON

Download Yara Rule

Strings

GETINISTRING, xrefs: 004860D2
REGGETSUBKEYNAMES, xrefs: 00486B8F
STRINGCHANGE, xrefs: 00486752
SETINIINT, xrefs: 00486349
REGVALUEEXISTS, xrefs: 00486992
SETNTFSCOMPRESSION, xrefs: 004875B9
DELETEINIENTRY, xrefs: 0048641F
REGQUERYDWORDVALUE, xrefs: 00486DED
GETUILANGUAGE, xrefs: 0048751B
REMOVEBACKSLASHUNLESSROOT, xrefs: 004865CD
GETSYSTEMDIR, xrefs: 004866DA
FILEEXISTS, xrefs: 00486027
REGQUERYMULTISTRINGVALUE, xrefs: 00486D2B
GETINIINT, xrefs: 00486146
REMOVEBACKSLASH, xrefs: 00486595
GETINIBOOL, xrefs: 004861CB
ISINISECTIONEMPTY, xrefs: 00486292
REGWRITEEXPANDSTRINGVALUE, xrefs: 00487100
GETCMDTAIL, xrefs: 004864DF
REGQUERYBINARYVALUE, xrefs: 00486ECA
PARAMCOUNT, xrefs: 00486507
REGWRITEDWORDVALUE, xrefs: 004872EB
DIREXISTS, xrefs: 00486060
REGDELETEKEYIFEMPTY, xrefs: 00486A8F
GETWINDIR, xrefs: 004866B2
ISPOWERUSERLOGGEDON, xrefs: 004874C3
ADDBACKSLASH, xrefs: 0048655D
REMOVEQUOTES, xrefs: 0048663D
USINGWINNT, xrefs: 0048682D
CONVERTPERCENTSTRING, xrefs: 004868D4
REGWRITESTRINGVALUE, xrefs: 00486FE9
DELETEINISECTION, xrefs: 0048646D
ADDQUOTES, xrefs: 00486605
GETENV, xrefs: 004864A7
PARAMSTR, xrefs: 0048652B
ISADMINLOGGEDON, xrefs: 0048749F
GETSYSWOW64DIR, xrefs: 00486702
GETTEMPDIR, xrefs: 0048672A
INIKEYEXISTS, xrefs: 00486236
REGWRITEBINARYVALUE, xrefs: 004873BF
FILECOPY, xrefs: 00486851
REGDELETEVALUE, xrefs: 00486AEA
FILEORDIREXISTS, xrefs: 00486099
REGKEYEXISTS, xrefs: 00486915
FONTEXISTS, xrefs: 004874E7
ADDPERIOD, xrefs: 00487540
REGQUERYSTRINGVALUE, xrefs: 00486C69
REGDELETEKEYINCLUDINGSUBKEYS, xrefs: 00486A34
SETINISTRING, xrefs: 004862DA
GETSHORTNAME, xrefs: 00486675
REGGETVALUENAMES, xrefs: 00486BFC
REGWRITEMULTISTRINGVALUE, xrefs: 004871E1
SETINIBOOL, xrefs: 004863B4
STRINGCHANGEEX, xrefs: 004867B9
CHARLENGTH, xrefs: 00487578

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ADDBACKSLASH$ADDPERIOD$ADDQUOTES$CHARLENGTH$CONVERTPERCENTSTRING$DELETEINIENTRY$DELETEINISECTION$DIREXISTS$FILECOPY$FILEEXISTS$FILEORDIREXISTS$FONTEXISTS$GETCMDTAIL$GETENV$GETINIBOOL$GETINIINT$GETINISTRING$GETSHORTNAME$GETSYSTEMDIR$GETSYSWOW64DIR$GETTEMPDIR$GETUILANGUAGE$GETWINDIR$INIKEYEXISTS$ISADMINLOGGEDON$ISINISECTIONEMPTY$ISPOWERUSERLOGGEDON$PARAMCOUNT$PARAMSTR$REGDELETEKEYIFEMPTY$REGDELETEKEYINCLUDINGSUBKEYS$REGDELETEVALUE$REGGETSUBKEYNAMES$REGGETVALUENAMES$REGKEYEXISTS$REGQUERYBINARYVALUE$REGQUERYDWORDVALUE$REGQUERYMULTISTRINGVALUE$REGQUERYSTRINGVALUE$REGVALUEEXISTS$REGWRITEBINARYVALUE$REGWRITEDWORDVALUE$REGWRITEEXPANDSTRINGVALUE$REGWRITEMULTISTRINGVALUE$REGWRITESTRINGVALUE$REMOVEBACKSLASH$REMOVEBACKSLASHUNLESSROOT$REMOVEQUOTES$SETINIBOOL$SETINIINT$SETINISTRING$SETNTFSCOMPRESSION$STRINGCHANGE$STRINGCHANGEEX$USINGWINNT
API String ID: 0-3658119371
Opcode ID: b434523eb168ee03eaef9ef245450aa823e66c88ab52aaaa5705c0b94c299196
Instruction ID: 1f533a3817926901e21f115ced2a71318d89b1f82f9318c6f77aeb51c9d307cf
Opcode Fuzzy Hash: b434523eb168ee03eaef9ef245450aa823e66c88ab52aaaa5705c0b94c299196
Instruction Fuzzy Hash: E6D24174B042155BDB00FF79C8925AEB6A5AF99704F21883FF401AB346DE3CED068799

Function 0046AC90 Relevance: 76.2, APIs: 4, Strings: 39, Instructions: 906timeCOMMON

Download Yara Rule

APIs

LocalFileTimeToFileTime.KERNEL32(-00000034,?,00000000,0046BC78,?,00000000,0046BCC1,?,00000000,0046BDFA,?,00000000,?,00000000,?,0046C7BA), ref: 0046AEF6

Part of subcall function 00453230: FindClose.KERNEL32(00000000,000000FF,0046AF0D,00000000,0046BC78,?,00000000,0046BCC1,?,00000000,0046BDFA,?,00000000,?,00000000), ref: 00453246

Part of subcall function 00468DA4: FileTimeToLocalFileTime.KERNEL32(?), ref: 00468DAC
Part of subcall function 00468DA4: FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00468DBB

Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720

Part of subcall function 00452B60: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,00452D37,?,00000000,00452DFB), ref: 00452C87

Strings

Existing file is protected by Windows File Protection. Skipping., xrefs: 0046B384
Version of existing file: %u.%u.%u.%u, xrefs: 0046B11D
Uninstaller requires administrator: %s, xrefs: 0046B70D
Incrementing shared file count (32-bit)., xrefs: 0046BB14
Incrementing shared file count (64-bit)., xrefs: 0046BAFB
Existing file is a newer version. Skipping., xrefs: 0046B1A3
Existing file's MD5 sum matches our file. Skipping., xrefs: 0046B24D
InUn, xrefs: 0046B6DD
Version of our file: (none), xrefs: 0046B09D
Time stamp of our file: (failed to read), xrefs: 0046AF48
Failed to strip read-only attribute., xrefs: 0046B46B
Skipping due to "onlyifdoesntexist" flag., xrefs: 0046AF6F
.tmp, xrefs: 0046B54F
Version of our file: %u.%u.%u.%u, xrefs: 0046B091
Existing file has a later time stamp. Skipping., xrefs: 0046B367
-- File entry --, xrefs: 0046ACE3
User opted not to strip the existing file's read-only attribute. Skipping., xrefs: 0046B42E
Time stamp of existing file: %s, xrefs: 0046AFCC
User opted not to overwrite the existing file. Skipping., xrefs: 0046B3E5
Version of existing file: (none), xrefs: 0046B292
Will register the file (a type library) later., xrefs: 0046BA82
Dest filename: %s, xrefs: 0046AE35
Failed to read existing file's MD5 sum. Proceeding., xrefs: 0046B268
, xrefs: 0046B170, 0046B338, 0046B3B6
@, xrefs: 0046AD90
Couldn't read time stamp. Skipping., xrefs: 0046B2CD
Dest file exists., xrefs: 0046AF5C
Time stamp of our file: %s, xrefs: 0046AF3C
Dest file is protected by Windows File Protection., xrefs: 0046AE8E
Will register the file (a DLL/OCX) later., xrefs: 0046BA8E
Existing file's MD5 sum is different from our file. Proceeding., xrefs: 0046B25C
Stripped read-only attribute., xrefs: 0046B45F
Non-default bitness: 64-bit, xrefs: 0046AE50
Non-default bitness: 32-bit, xrefs: 0046AE5C
Installing the file., xrefs: 0046B4A1
Skipping due to "onlyifdestfileexists" flag., xrefs: 0046B492
Same version. Skipping., xrefs: 0046B27D
Same time stamp. Skipping., xrefs: 0046B2ED
Time stamp of existing file: (failed to read), xrefs: 0046AFD8

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Time$File$Local$CloseFindFullNamePathQuerySystemValue
String ID: $-- File entry --$.tmp$@$Couldn't read time stamp. Skipping.$Dest file exists.$Dest file is protected by Windows File Protection.$Dest filename: %s$Existing file has a later time stamp. Skipping.$Existing file is a newer version. Skipping.$Existing file is protected by Windows File Protection. Skipping.$Existing file's MD5 sum is different from our file. Proceeding.$Existing file's MD5 sum matches our file. Skipping.$Failed to read existing file's MD5 sum. Proceeding.$Failed to strip read-only attribute.$InUn$Incrementing shared file count (32-bit).$Incrementing shared file count (64-bit).$Installing the file.$Non-default bitness: 32-bit$Non-default bitness: 64-bit$Same time stamp. Skipping.$Same version. Skipping.$Skipping due to "onlyifdestfileexists" flag.$Skipping due to "onlyifdoesntexist" flag.$Stripped read-only attribute.$Time stamp of existing file: %s$Time stamp of existing file: (failed to read)$Time stamp of our file: %s$Time stamp of our file: (failed to read)$Uninstaller requires administrator: %s$User opted not to overwrite the existing file. Skipping.$User opted not to strip the existing file's read-only attribute. Skipping.$Version of existing file: %u.%u.%u.%u$Version of existing file: (none)$Version of our file: %u.%u.%u.%u$Version of our file: (none)$Will register the file (a DLL/OCX) later.$Will register the file (a type library) later.
API String ID: 2131814033-2943590984
Opcode ID: fd0b7c8735f9589938daf859f8948afa3b9deae8fca4884cdc9e9a05fceeea4a
Instruction ID: f65b5c2ab3d31a984aea8a7ca3a316d928a56dcdaf1079f5525a9e75dbf3fe7a
Opcode Fuzzy Hash: fd0b7c8735f9589938daf859f8948afa3b9deae8fca4884cdc9e9a05fceeea4a
Instruction Fuzzy Hash: F0926030A042489BDB11DFA5C495BDDBBB5EF05308F1440ABE844AB392E7789E85CF5A

Function 00423BB4 Relevance: 21.4, APIs: 14, Instructions: 395
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c619cfdb2417a1dd765c9684dc00ff7da98e4790b272c6bac34776b85a7bb18
Instruction ID: b3874c0ebfa8e5c98eb4c3a27b14194d81e346ea4a69c1a5551916dd99319231
Opcode Fuzzy Hash: 7c619cfdb2417a1dd765c9684dc00ff7da98e4790b272c6bac34776b85a7bb18
Instruction Fuzzy Hash: E4E1B134704125EFD710DF6AE585A5E77B0EB44304FA580A6E5069B362CB7CEE82DB18

Function 00422804 Relevance: 18.3, APIs: 12, Instructions: 255
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 0042299C
ShowWindow.USER32(00000000,00000003,00000000,00000223,00000000,00000000,00000000,00422B66), ref: 004229AC

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSendShowWindow
String ID:
API String ID: 1631623395-0
Opcode ID: 3185f68e2960f78681de3eb66a82df137bb422f01df1fa01dc8aff28185cee34
Instruction ID: 8c826587ba7af474f7b14690d684e7097f8878018e5f7bac2df75c57de2d2bfa
Opcode Fuzzy Hash: 3185f68e2960f78681de3eb66a82df137bb422f01df1fa01dc8aff28185cee34
Instruction Fuzzy Hash: 1791A471B00214FFD710EFA9DA86F9E77F4AB15304F5500B6F500AB2A2C7B8AE419B58

Function 00462994 Relevance: 13.9, APIs: 4, Strings: 3, Instructions: 1620windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0048DA54: GetWindowRect.USER32(00000000), ref: 0048DA6A

LoadBitmapA.USER32(00400000,STOPIMAGE), ref: 00462D63

Part of subcall function 0041D658: GetObjectA.GDI32(?,00000018,00462D7D), ref: 0041D683

Part of subcall function 004627F0: SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 0046288D
Part of subcall function 004627F0: ExtractIconA.SHELL32(00400000,00000000,?), ref: 004628B3
Part of subcall function 004627F0: SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 0046290F
Part of subcall function 004627F0: ExtractIconA.SHELL32(00400000,00000000,?), ref: 00462935

Part of subcall function 004621AC: KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00462E18,00000000,00000000,00000000,0000000C,00000000), ref: 004621C4

Part of subcall function 0048DCB0: MulDiv.KERNEL32(0000000D,?,0000000D), ref: 0048DCBA

Part of subcall function 0048D9A4: 73A1A570.USER32(00000000,?,?,?), ref: 0048D9C6
Part of subcall function 0048D9A4: SelectObject.GDI32(?,00000000), ref: 0048D9EC
Part of subcall function 0048D9A4: 73A1A480.USER32(00000000,?,0048DA4A,0048DA43,?,00000000,?,?,?), ref: 0048DA3D

Part of subcall function 0048DCA0: MulDiv.KERNEL32(0000004B,?,00000006), ref: 0048DCAA

GetSystemMenu.USER32(00000000,00000000,0000000C,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,00000000,?), ref: 004639DB
AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 004639EC
AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 00463A04

Strings

STOPIMAGE, xrefs: 00462D58
(Default), xrefs: 00463F97
, xrefs: 00462E25

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$AppendExtractFileIconInfoObject$A480A570BitmapCallbackDispatcherLoadRectSelectSystemUserWindow
String ID: $(Default)$STOPIMAGE
API String ID: 798199749-770201673
Opcode ID: edd87f1fb70ff78689207597ef215f3f1d8daab5004934605c616b6dfe41ea42
Instruction ID: 0ce2a7c8654b4bda645b85becf187eb8cd9f620879433755a56cf3d7b5830d6a
Opcode Fuzzy Hash: edd87f1fb70ff78689207597ef215f3f1d8daab5004934605c616b6dfe41ea42
Instruction Fuzzy Hash: 97F2E4386005609FCB00EF59D9D9F9A73F1BF8A304F1542B6E5049B36AD774AC46CB8A

Function 00454320 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA,00000000,00454454), ref: 00454350
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00454356
GetDiskFreeSpaceExA.KERNEL32(00000000,?,?,00000000,00000000,00454432,?,00000000,kernel32.dll,GetDiskFreeSpaceExA,00000000,00454454), ref: 004543A1

Strings

kernel32.dll, xrefs: 0045434B
GetDiskFreeSpaceExA, xrefs: 00454346

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressDiskFreeHandleModuleProcSpace
String ID: GetDiskFreeSpaceExA$kernel32.dll
API String ID: 1197914913-3712701948
Opcode ID: b0b659b2d070814a0368f486c3293326616746fdd3269bbd203ed0c9b07b7e5a
Instruction ID: 308890e583471f7d729b9dc2fcd7aa40e9e9c611359b8057d7b1245ba4b987a9
Opcode Fuzzy Hash: b0b659b2d070814a0368f486c3293326616746fdd3269bbd203ed0c9b07b7e5a
Instruction Fuzzy Hash: E6318871A44259AFCF01DFA5C882AEEB7B8EF49704F508566F800F7252D63C5D49CB64

Function 00478B6C Relevance: 9.1, APIs: 6, Instructions: 149fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000,?,?,00479E8F,?,?,00000000), ref: 00478BCC
FindNextFileA.KERNEL32(000000FF,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000,?,?,00479E8F,?), ref: 00478C15
FindClose.KERNEL32(000000FF,000000FF,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000,?,?,00479E8F), ref: 00478C22
FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000,?,?,00479E8F,?), ref: 00478C6E
FindNextFileA.KERNEL32(000000FF,?,00000000,00478D3B,?,00000000,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000), ref: 00478D17
FindClose.KERNEL32(000000FF,00478D42,00478D3B,?,00000000,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000), ref: 00478D35

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 6ed92f0fea0ac89c8cdbf20db8b1306b27f1a3291d9e11ea1e7371d37058444b
Instruction ID: 54e57abadac26bdf6b50859d29d6f630f81932fdc3dee25b4239eb6d38c32597
Opcode Fuzzy Hash: 6ed92f0fea0ac89c8cdbf20db8b1306b27f1a3291d9e11ea1e7371d37058444b
Instruction Fuzzy Hash: 9C512171900658AFCB21EF65CC49ADEB7B8EB48315F1084BAA408E7391DA389F45CF58

Function 0046F16C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000000,0046F2BE,?,?,00000001,0049307C), ref: 0046F1C5
FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,0046F2BE,?,?,00000001,0049307C), ref: 0046F28A
FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,0046F2BE,?,?,00000001,0049307C), ref: 0046F298

Strings

unins, xrefs: 0046F218
unins???.*, xrefs: 0046F1AF

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID: unins$unins???.*
API String ID: 3541575487-1009660736
Opcode ID: 4656920c8c39f0ce8d8b672e99f1185c7c030a5e2c2d26b5023d7781f6a8c35e
Instruction ID: 3c9c22acd9639b612fd9d01020641e4b72dcc3c09d6e577180f12476a66c67e0
Opcode Fuzzy Hash: 4656920c8c39f0ce8d8b672e99f1185c7c030a5e2c2d26b5023d7781f6a8c35e
Instruction Fuzzy Hash: 2831D474600108AFDB50EB69D891ADEB7BCEF05308F5044F6E848E72A2E7399F458F19

Function 004511DC Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000000,0045123F,?,?,-00000001,00000000), ref: 00451219
GetLastError.KERNEL32(00000000,?,00000000,0045123F,?,?,-00000001,00000000), ref: 00451221

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileFindFirstLast
String ID:
API String ID: 873889042-0
Opcode ID: a602d2efdf960d6167be496792d274a39b8ae1fe5526e10b942367c2e78b3dad
Instruction ID: 48b66b5ea5a2bd036d7052275c493811c4e0670e4fb7de4650a4648509248124
Opcode Fuzzy Hash: a602d2efdf960d6167be496792d274a39b8ae1fe5526e10b942367c2e78b3dad
Instruction Fuzzy Hash: B0F0F971A04604AB8B10DB6AAC4249EB7ECDB45725B6046BBFC14F3292DA784E048559

Function 00408508 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,004924C0,00000001,?,004085D3,?,00000000,004086B2), ref: 00408526

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e78cb18e13a677ec314dcfb13bf641d8481e9719d632e97f187bed88d7cfff22
Instruction ID: fb41a53da0808811ac7d324c7af8f56b416e217676924749333d5f26c846bbbb
Opcode Fuzzy Hash: e78cb18e13a677ec314dcfb13bf641d8481e9719d632e97f187bed88d7cfff22
Instruction Fuzzy Hash: 84E0927170022466D711A95A9C86AF6B35C9758314F00427FB948EB3C2EDB89E8046A9

Function 00423B2C Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON

Download Yara Rule

APIs

NtdllDefWindowProc_A.USER32(?,?,?,?,?,004240F9,?,00000000,00424104), ref: 00423B56

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: NtdllProc_Window
String ID:
API String ID: 4255912815-0
Opcode ID: e1688769fd7bd0d6dab607fe8fc3e2e26ffd360abf5a591b42ec6747995d87bd
Instruction ID: 62037174fb3a4e63d39f4d80a9d1e591ad15120c94b51c82d4663250cb3dbf53
Opcode Fuzzy Hash: e1688769fd7bd0d6dab607fe8fc3e2e26ffd360abf5a591b42ec6747995d87bd
Instruction Fuzzy Hash: A0F0C579205608AFCB40DF9DC588D4AFBE8FB4C260B158295B988CB321C234FE808F94

Function 00453AB0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?), ref: 00453AC6

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 5296a1f906bcaa54e59ae334d9b19b6ea28d15cb2d3d13e924c6b19246622dfc
Instruction ID: 059ce6dee4a85458501d0894a56d11df68a23133cc4b2401fd590ab7d757c589
Opcode Fuzzy Hash: 5296a1f906bcaa54e59ae334d9b19b6ea28d15cb2d3d13e924c6b19246622dfc
Instruction Fuzzy Hash: 5AD0C2B120420053C701AE68DC8269B358C8B84316F10483E7CC6DA2C3E67DDF48A75A

Function 004696B4 Relevance: 65.1, APIs: 1, Strings: 36, Instructions: 391
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004695AC: RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,?,?,0049307C,?,004697A3,?,00000000,00469BEA,?,_is1), ref: 004695CF

RegCloseKey.ADVAPI32(?,00469BF1,?,_is1,?,Software\Microsoft\Windows\CurrentVersion\Uninstall\,00000000,00469C39,?,?,00000001,0049307C), ref: 00469BE4

Strings

QuietUninstallString, xrefs: 004699F8
UninstallString, xrefs: 004699BE
Inno Setup: User Info: Organization, xrefs: 00469903
DisplayIcon, xrefs: 00469984
Inno Setup: User Info: Name, xrefs: 004698EE
Inno Setup: Icon Group, xrefs: 004697F5
Publisher, xrefs: 00469A32
HelpLink, xrefs: 00469A89
5.2.3, xrefs: 00469796
Inno Setup: App Path, xrefs: 004697C6
URLUpdateInfo, xrefs: 00469AA6
Software\Microsoft\Windows\CurrentVersion\Uninstall\, xrefs: 004696F6
Inno Setup: Selected Components, xrefs: 00469870
Inno Setup: Selected Tasks, xrefs: 004698B7
RegisterPreviousData, xrefs: 00469B9A
" /SILENT, xrefs: 004699EB
Contact, xrefs: 00469AE0
Inno Setup: Setup Version, xrefs: 00469791
Inno Setup: Deselected Components, xrefs: 0046988F
InstallDate, xrefs: 00469B64
_is1, xrefs: 004696FC
URLInfoAbout, xrefs: 00469A4F
Inno Setup: User, xrefs: 00469832
Inno Setup: Setup Type, xrefs: 00469851
Inno Setup: User Info: Serial, xrefs: 00469918
Inno Setup: Deselected Tasks, xrefs: 004698D6
DisplayVersion, xrefs: 00469A15
Inno Setup: No Icons, xrefs: 00469813
DisplayName, xrefs: 00469967
InstallLocation, xrefs: 004697E6
Comments, xrefs: 00469AFD
HelpTelephone, xrefs: 00469A6C
NoModify, xrefs: 00469B31
Readme, xrefs: 00469AC3
ModifyPath, xrefs: 00469B1D
NoRepair, xrefs: 00469B45

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseValue
String ID: " /SILENT$5.2.3$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$HelpLink$HelpTelephone$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: Setup Version$Inno Setup: User$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$InstallDate$InstallLocation$ModifyPath$NoModify$NoRepair$Publisher$QuietUninstallString$Readme$RegisterPreviousData$Software\Microsoft\Windows\CurrentVersion\Uninstall\$URLInfoAbout$URLUpdateInfo$UninstallString$_is1
API String ID: 3132538880-1148470211
Opcode ID: 0ede5ed0ab6cd7b616f57d7534fb7694127365910f13d98445d5ed4257e18410
Instruction ID: b10ae86822701baf94b0909050c6c73479acdbc000c85b0031fe9b3e7e797c5a
Opcode Fuzzy Hash: 0ede5ed0ab6cd7b616f57d7534fb7694127365910f13d98445d5ed4257e18410
Instruction Fuzzy Hash: BEE13475A00109ABCB04EF55D98199F73BDEB44304F60847BE4056B395EBB9BE01CB6E

Function 0047C39C Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 68
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0047C3AD
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0047C3BA
GetNativeSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 0047C3C8
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0047C3D0
GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 0047C3DC
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 0047C3FD
GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 0047C410
GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0047C416
GetSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 0047C42D

Strings

kernel32.dll, xrefs: 0047C3A8
GetNativeSystemInfo, xrefs: 0047C3B4
IsWow64Process, xrefs: 0047C3CA
RegDeleteKeyExA, xrefs: 0047C406
advapi32.dll, xrefs: 0047C40B
GetSystemWow64DirectoryA, xrefs: 0047C3F7

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$HandleInfoModuleSystem$CurrentNativeProcess
String ID: GetNativeSystemInfo$GetSystemWow64DirectoryA$IsWow64Process$RegDeleteKeyExA$advapi32.dll$kernel32.dll
API String ID: 2230631259-2623177817
Opcode ID: 88536f7c12e65bd0d8273b1485407be1152ee2236569315de8ce4967890ede1f
Instruction ID: 06dcc6403529f5206617775aef830b133aa19bd788f334af9eebe881936bbdd9
Opcode Fuzzy Hash: 88536f7c12e65bd0d8273b1485407be1152ee2236569315de8ce4967890ede1f
Instruction Fuzzy Hash: 0511E255044341A8CB20B3B55DE6BFB26488B51B18F68C43F688C762D3D67CCC888AAF

Function 00464310 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 155
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegCloseKey.ADVAPI32(?,0046452A,?,?,00000001,00000000,00000000,00464545,?,00000000,00000000,?), ref: 00464513

Strings

Inno Setup: Icon Group, xrefs: 004643EE
Inno Setup: Deselected Tasks, xrefs: 004644A1
Inno Setup: Deselected Components, xrefs: 00464454
Inno Setup: No Icons, xrefs: 004643FB
Inno Setup: User Info: Name, xrefs: 004644CF
Inno Setup: App Path, xrefs: 004643D2
Inno Setup: Setup Type, xrefs: 00464422
%s\%s_is1, xrefs: 0046438D
Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0046436F
Inno Setup: User Info: Serial, xrefs: 004644F5
Inno Setup: Selected Components, xrefs: 00464432
Inno Setup: Selected Tasks, xrefs: 0046447F
Inno Setup: User Info: Organization, xrefs: 004644E2

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpen
String ID: %s\%s_is1$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$Software\Microsoft\Windows\CurrentVersion\Uninstall
API String ID: 47109696-1093091907
Opcode ID: da52ca3c07eec67e3a71c249a625a344edc3886d0bb8355508e894d35cb1a976
Instruction ID: fc5077364d37a5906c2ffbe53c2f2339136cb7e8b2833831ee8049aef900e6f6
Opcode Fuzzy Hash: da52ca3c07eec67e3a71c249a625a344edc3886d0bb8355508e894d35cb1a976
Instruction Fuzzy Hash: 1D51D070A00244ABDF11DB64C552BDEBBF4EF85304F6080ABE941A7391E738AF01CB59

Function 0046DA44 Relevance: 23.3, APIs: 8, Strings: 5, Instructions: 554
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegDeleteValueA.ADVAPI32(?,00000000,?,00000002,00000000,00000000,0046DFBB,?,?,?,?,00000000,0046E115,?,?,00000001), ref: 0046DBCC
RegCloseKey.ADVAPI32(?,?,00000000,?,00000002,00000000,00000000,0046DFBB,?,?,?,?,00000000,0046E115,?,?), ref: 0046DBD5

Part of subcall function 0046D898: GetLastError.KERNEL32(00000000,00000000,00000000,0046D96C,?,?,00000001,0049307C), ref: 0046D925

RegDeleteValueA.ADVAPI32(?,00000000,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?,?,00000000,0046E115,?,?), ref: 0046DCF3

Part of subcall function 0042DC0C: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DC38

RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?,?), ref: 0046DDC8
RegSetValueExA.ADVAPI32(?,00000000,00000000,00000002,00000000,00000001,?,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?), ref: 0046DEBC
RegSetValueExA.ADVAPI32(?,00000000,00000000,00000004,?,00000004,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?,?), ref: 0046DF1E

Part of subcall function 0046D898: GetLastError.KERNEL32(00000000,00000000,00000000,0046D96C,?,?,00000001,0049307C), ref: 0046D93B

RegSetValueExA.ADVAPI32(?,00000000,00000000,00000003,00000000,00000000,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?,?), ref: 0046DF6E
RegCloseKey.ADVAPI32(?,0046DFB1,?,00000000,0046DFBB,?,?,?,?,00000000,0046E115,?,?,00000001,0049307C), ref: 0046DFA4

Strings

|0I, xrefs: 0046DE59, 0046DE8F
Cannot access 64-bit registry keys on this version of Windows, xrefs: 0046DB22
{olddata}, xrefs: 0046DD79, 0046DE10
break, xrefs: 0046DE51
olddata, xrefs: 0046DDE4, 0046DE43

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Value$CloseDeleteErrorLast$CreateQuery
String ID: Cannot access 64-bit registry keys on this version of Windows$break$olddata${olddata}$|0I
API String ID: 2797102135-3741232538
Opcode ID: b7eda52d969baada89a0318ce30ff8b5739a0b3fa26fed285dd7e98b939795a3
Instruction ID: e94ff9ff62352b89d827cbe010cb1ec31ebc1fc567b363989c2fb2b4bcf8395d
Opcode Fuzzy Hash: b7eda52d969baada89a0318ce30ff8b5739a0b3fa26fed285dd7e98b939795a3
Instruction Fuzzy Hash: 90222974F01248AFDB10DF99D981B9EBBF9AF08304F504066F904AB392D778AE05CB19

Function 0046CE64 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 317
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720

WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0046CFF7
SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046D0EA
SHChangeNotify.SHELL32(00000002,00000001,00000000,00000000), ref: 0046D100
SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046D125

Strings

Desktop.ini, xrefs: 0046D1A6
target.lnk, xrefs: 0046D16F
.url, xrefs: 0046CF33
.lnk, xrefs: 0046CEED
Filename: %s, xrefs: 0046CF99
{group}\, xrefs: 0046CEBB
.pif, xrefs: 0046CF10, 0046D06E

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ChangeNotify$FullNamePathPrivateProfileStringWrite
String ID: .lnk$.pif$.url$Desktop.ini$Filename: %s$target.lnk${group}\
API String ID: 971782779-3668018701
Opcode ID: f1617ab6b71b35178ead2c9d1e8d3e2785dbb240c4cc6a8745c954e4cd1abf1d
Instruction ID: 7241237f7b2753aa4bad096b30eb67052993fe11f1c9b15bd1d8ff4051f223ab
Opcode Fuzzy Hash: f1617ab6b71b35178ead2c9d1e8d3e2785dbb240c4cc6a8745c954e4cd1abf1d
Instruction Fuzzy Hash: E5D10174E002499FDB01EF99D885BDDBBF5AF08318F14406AF804B7392D678AE45CB69

Function 0042381C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041F36C: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041ED4C,?,00423837,00423BB4,0041ED4C), ref: 0041F38A

GetClassInfoA.USER32(00400000,00423624), ref: 00423847
RegisterClassA.USER32(00491630), ref: 0042385F
GetSystemMetrics.USER32(00000000), ref: 00423881
GetSystemMetrics.USER32(00000001), ref: 00423890
SetWindowLongA.USER32(004105F8,000000FC,00423634), ref: 004238EC
SendMessageA.USER32(004105F8,00000080,00000001,00000000), ref: 0042390D
GetSystemMenu.USER32(004105F8,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4,0041ED4C), ref: 00423918
DeleteMenu.USER32(00000000,0000F030,00000000,004105F8,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4,0041ED4C), ref: 00423927
DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,004105F8,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 00423934
DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,004105F8,00000000,00000000,00400000,00000000,00000000,00000000), ref: 0042394A

Strings

$6B, xrefs: 0042383B, 004238BC

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$DeleteSystem$ClassMetrics$AllocInfoLongMessageRegisterSendVirtualWindow
String ID: $6B
API String ID: 183575631-3519776487
Opcode ID: c243faa105f484f8994615a9e18f86ab08e10570189d0b0026668523fc81ff00
Instruction ID: 44122239756f869d7af1fdba3570d6082de878778f6117c7260872992629901f
Opcode Fuzzy Hash: c243faa105f484f8994615a9e18f86ab08e10570189d0b0026668523fc81ff00
Instruction Fuzzy Hash: 2B31A1B17402107AEB10BF659C82F663698AB14708F10007BFA41EF2E7DABDED04876C

Function 00452B60 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 228
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0042DC0C: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DC38

RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,00452D37,?,00000000,00452DFB), ref: 00452C87
RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,00000001,?,00000000,?,00000000,00452D37,?,00000000,00452DFB), ref: 00452DC3

Part of subcall function 0042E660: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004519EF,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E67F

Strings

RegCreateKeyEx, xrefs: 00452BFB
, xrefs: 00452BE9
Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00452BCF
Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00452B9F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreateFormatMessageQueryValue
String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
API String ID: 2481121983-1280779767
Opcode ID: 90f53306fae23df6d368745b68eb80768dd38445430ad86b4d03a6d8be63e8c8
Instruction ID: 541388b9b65ddcc629600b839954f269b6f8816a0d78520760673cf251dcd2db
Opcode Fuzzy Hash: 90f53306fae23df6d368745b68eb80768dd38445430ad86b4d03a6d8be63e8c8
Instruction Fuzzy Hash: A381ED75A00209ABDB01DFD5D941BEEB7B9EF49305F50442BF900F7282D778AA09CB69

Function 004760F0 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 95
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(00000000,SHGetFolderPathA), ref: 004761F2

Strings

SHGetFolderPathA, xrefs: 004761E7
Failed to get address of SHGetFolderPathA function, xrefs: 00476203
Failed to load DLL "%s", xrefs: 004761D5
shell32.dll, xrefs: 0047619D
SHFOLDERDLL, xrefs: 0047612F
shfolder.dll, xrefs: 00476155, 0047618E
Failed to get version numbers of _shfoldr.dll, xrefs: 00476148
_isetup\_shfoldr.dll, xrefs: 00476122

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc
String ID: Failed to get address of SHGetFolderPathA function$Failed to get version numbers of _shfoldr.dll$Failed to load DLL "%s"$SHFOLDERDLL$SHGetFolderPathA$_isetup\_shfoldr.dll$shell32.dll$shfolder.dll
API String ID: 190572456-1072092678
Opcode ID: a2d535c16ed515cbd8098ffcc1ef3c8eebb3befa93ef48f17ab6feb59f006cbe
Instruction ID: 226347d15c1c5d11692c613386f90c3546301fb27c77df9f9534ec7b1eb9fe62
Opcode Fuzzy Hash: a2d535c16ed515cbd8098ffcc1ef3c8eebb3befa93ef48f17ab6feb59f006cbe
Instruction Fuzzy Hash: 68312130A009499FCB50EF95D9819DEB7B6EB45304F91C4B7E808E7252D738AE09CB59

Function 0042ED78 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 90
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetActiveWindow.USER32 ref: 0042EDA7
GetFocus.USER32 ref: 0042EDAF
RegisterClassA.USER32(004917AC), ref: 0042EDD0
CreateWindowExA.USER32(00000000,TWindowDisabler-Window,0042EEA4,88000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0042EE0E
CreateWindowExA.USER32(00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000), ref: 0042EE54
ShowWindow.USER32(00000000,00000008,00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000,00000000,TWindowDisabler-Window), ref: 0042EE65
SetFocus.USER32(00000000,00000000,0042EE87,?,?,?,00000001,00000000,?,004564AE,00000000,00492628), ref: 0042EE6C

Strings

(&I, xrefs: 0042EE7E, 0042EE37, 0042EE44
TWindowDisabler-Window, xrefs: 0042EE07, 0042EE4D

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$CreateFocus$ActiveClassRegisterShow
String ID: (&I$TWindowDisabler-Window
API String ID: 3167913817-491212620
Opcode ID: 510e926be6cddd0211adbfb4469153b5284f3bcdfc9007fb221ede7ccf605718
Instruction ID: 82027174cfd9f418450fe8ca69ab33f3320fea0b1784bdf35dac21ea3b2746f1
Opcode Fuzzy Hash: 510e926be6cddd0211adbfb4469153b5284f3bcdfc9007fb221ede7ccf605718
Instruction Fuzzy Hash: E0218171740710BAE710EB62ED02F1B76A8EB04B04F62453BF604AB6D1D7B86D50C6ED

Function 00401A90 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlEnterCriticalSection.KERNEL32(00492420,00000000,00401B68), ref: 00401ABD
LocalFree.KERNEL32(00000000,00000000,00401B68), ref: 00401ACF
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401B68), ref: 00401AEE
LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401B68), ref: 00401B2D
RtlLeaveCriticalSection.KERNEL32(00492420,00401B6F), ref: 00401B58
RtlDeleteCriticalSection.KERNEL32(00492420,00401B6F), ref: 00401B62

Strings

@$I, xrefs: 00401ADB, 00401AF5, 00401AFD
P$I, xrefs: 00401B07
|$I, xrefs: 00401B11

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
String ID: @$I$P$I$|$I
API String ID: 3782394904-2452420409
Opcode ID: 13d60d6258edcbf522f01d7291c019f1f170a7a552ba6335bbe69aef08fb1927
Instruction ID: fb38efb60124e33bd0d6d544a4e8ce278d04d8a52801059130394851150c0a80
Opcode Fuzzy Hash: 13d60d6258edcbf522f01d7291c019f1f170a7a552ba6335bbe69aef08fb1927
Instruction Fuzzy Hash: C611BF30A017407AEB15AB659E82F263BE8A76170CF44007BF40067AF2D7FC9840C7AE

Function 0047A510 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 167windowCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000), ref: 0047A6B8
FreeLibrary.KERNEL32(00000000), ref: 0047A6CC
SendNotifyMessageA.USER32(0001044A,00000496,00002710,00000000), ref: 0047A731

Strings

GetCustomSetupExitCode, xrefs: 0047A56D
Deinitializing Setup., xrefs: 0047A52E
Restarting Windows., xrefs: 0047A70C
DeinitializeSetup, xrefs: 0047A5C9
Not restarting Windows because Setup is being run from the debugger., xrefs: 0047A6ED

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FreeLibrary$MessageNotifySend
String ID: DeinitializeSetup$Deinitializing Setup.$GetCustomSetupExitCode$Not restarting Windows because Setup is being run from the debugger.$Restarting Windows.
API String ID: 3817813901-1884538726
Opcode ID: 906930f48ca3b9452faa23a034853e71332c079e42cb4fd09f61ec2819aafa22
Instruction ID: f287f9a6f42f295c8f4485c9d1258599c6f04b79e283e83c7e33560143f14427
Opcode Fuzzy Hash: 906930f48ca3b9452faa23a034853e71332c079e42cb4fd09f61ec2819aafa22
Instruction Fuzzy Hash: 8C51D034600200AFD315DF65D885B9EBBA4FB9A315F61C4BBE808C73A1CB389D55CB5A

Function 0045196C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00451A05,?,?,?,?,00000000,?,00490B53), ref: 0045198C
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00451992
GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00451A05,?,?,?,?,00000000,?,00490B53), ref: 004519A6
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004519AC

Strings

shell32.dll, xrefs: 004519D8
Wow64DisableWow64FsRedirection, xrefs: 00451982
Wow64RevertWow64FsRedirection, xrefs: 0045199C
kernel32.dll, xrefs: 00451987, 004519A1

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
API String ID: 1646373207-2130885113
Opcode ID: 3bf36bcfd98ce10bad23e2f9ae0128a2780410d433234e43a73a8982a17feb5d
Instruction ID: bc30ab95aa3e68d9a300d6e2b8d7baffeb65242bdbb5e2da560ca488e233ca82
Opcode Fuzzy Hash: 3bf36bcfd98ce10bad23e2f9ae0128a2780410d433234e43a73a8982a17feb5d
Instruction Fuzzy Hash: AF0184B0241744FEDB12EB729C56B5A3A98D711B19F60487BF840A51A3D7FC4D08CA6D

Function 00455D18 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 0042D7A8: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D7BB

CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00455ECC,?, /s ",?,regsvr32.exe",?,00455ECC), ref: 00455E3E

Strings

/u, xrefs: 00455D7A
CreateProcess, xrefs: 00455E30
/s ", xrefs: 00455D87
Spawning 64-bit RegSvr32: , xrefs: 00455DA3
0x%x, xrefs: 00455E61
Spawning 32-bit RegSvr32: , xrefs: 00455DC5
D, xrefs: 00455DF4
regsvr32.exe", xrefs: 00455D5F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseDirectoryHandleSystem
String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
API String ID: 2051275411-1862435767
Opcode ID: 15bbd20fef45fe809c9dd098546e4c7aa726e49eae5d2c2609861c944904b2e1
Instruction ID: 20fae124b9662d37c7335df2d5232179d222b48998ad5ae4538026d20c86275f
Opcode Fuzzy Hash: 15bbd20fef45fe809c9dd098546e4c7aa726e49eae5d2c2609861c944904b2e1
Instruction Fuzzy Hash: 71413771E007086BDB11EFD5C852BDDB7F9AF48305F50803BA808BB296D7789A09CB58

Function 00475DC4 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 108COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00475F37,?,?,00000000,00492628,00000000,00000000,?,00490529,00000000,004906D2,?,00000000), ref: 00475E57
GetLastError.KERNEL32(00000000,00000000,00000000,00475F37,?,?,00000000,00492628,00000000,00000000,?,00490529,00000000,004906D2,?,00000000), ref: 00475E60

Strings

Created temporary directory: , xrefs: 00475DF9
_isetup, xrefs: 00475E42
\_RegDLL.tmp, xrefs: 00475EC4
\_setup64.tmp, xrefs: 00475EEF
REGDLL_EXE, xrefs: 00475ED4

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: Created temporary directory: $REGDLL_EXE$\_RegDLL.tmp$\_setup64.tmp$_isetup
API String ID: 1375471231-1421604804
Opcode ID: d971e988ddd947d72368aaad927c191851754868bdd5cef345a65f7cfcfe1743
Instruction ID: 2992479d9a41277d4ba3c51ea03d54e21519c43d7d484cf0d062ff4dd53bb91c
Opcode Fuzzy Hash: d971e988ddd947d72368aaad927c191851754868bdd5cef345a65f7cfcfe1743
Instruction Fuzzy Hash: 0E415674A105099BDB00EF91D881ADEB7B9FF44305F50843BE815BB396DB78AE058B58

Function 00430158 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23registryclipboardthreadCOMMON

Download Yara Rule

APIs

RegisterClipboardFormatA.USER32(commdlg_help), ref: 00430160
RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 0043016F
GetCurrentThreadId.KERNEL32 ref: 00430189
GlobalAddAtomA.KERNEL32(00000000), ref: 004301AA

Strings

commdlg_FindReplace, xrefs: 0043016A
commdlg_help, xrefs: 0043015B
WndProcPtr%.8X%.8X, xrefs: 0043019B

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClipboardFormatRegister$AtomCurrentGlobalThread
String ID: WndProcPtr%.8X%.8X$commdlg_FindReplace$commdlg_help
API String ID: 4130936913-2943970505
Opcode ID: 28029589c3db21dee67d6af112ea14edfd7444fd649c35e836976e13e9a64ada
Instruction ID: 59c811c4a41a2c0c62e5dc841fd9799240dd828c67306f5793c7ecde0d0b434c
Opcode Fuzzy Hash: 28029589c3db21dee67d6af112ea14edfd7444fd649c35e836976e13e9a64ada
Instruction Fuzzy Hash: F0F0A7705483409AD700EB35C902B1A7BE4AB58708F004A3FF458A63E1D77A9900CB1F

Function 00422DF8 Relevance: 12.1, APIs: 8, Instructions: 119windowCOMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 00422E4C
GetCapture.USER32 ref: 00422E5B
SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00422E61
ReleaseCapture.USER32 ref: 00422E66
GetActiveWindow.USER32 ref: 00422E75
SendMessageA.USER32(00000000,0000B000,00000000,00000000), ref: 00422EF4
SendMessageA.USER32(00000000,0000B001,00000000,00000000), ref: 00422F58
GetActiveWindow.USER32 ref: 00422F67

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CaptureMessageSend$ActiveWindow$Release
String ID:
API String ID: 862346643-0
Opcode ID: fab0767262203ab9b8eef4ea09c7b9bd12ecfbe98aad2e612e19eb807ad95d19
Instruction ID: 0cb4f9409eeca59ffb975aedecb23b840502150724600c34407ecb599f309318
Opcode Fuzzy Hash: fab0767262203ab9b8eef4ea09c7b9bd12ecfbe98aad2e612e19eb807ad95d19
Instruction Fuzzy Hash: BA416270B00254BFDB10EB69DA42B9EB7F1EB44304F5540BAF444AB292D7B89E40DB1C

Function 004547A4 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 178COMMON

Download Yara Rule

APIs

756FE550.OLE32(00491A3C,00000000,00000001,00491774,?,00000000,0045499A), ref: 004547E0

Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9

756FE550.OLE32(00491764,00000000,00000001,00491774,?,00000000,0045499A), ref: 00454804
SysFreeString.OLEAUT32(00000000), ref: 0045495F

Strings

IPersistFile::Save, xrefs: 00454931
CoCreateInstance, xrefs: 0045480F
IShellLink::QueryInterface, xrefs: 004548D7

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: E550String$AllocByteCharFreeMultiWide
String ID: CoCreateInstance$IPersistFile::Save$IShellLink::QueryInterface
API String ID: 2757340368-615220198
Opcode ID: 30c84a6b22ae8ec60ba87615f6782f2ed58e1117184a8e9cdc9aaee44ca2ff94
Instruction ID: 20b93dc07a47b2b5ead177be154b0c5a355cf91e616f5ebb89302d411650f3f2
Opcode Fuzzy Hash: 30c84a6b22ae8ec60ba87615f6782f2ed58e1117184a8e9cdc9aaee44ca2ff94
Instruction Fuzzy Hash: F15120B5A00105AFDB50EFA9C885F9F77F8AF49309F044066B904EB262D778DD88CB19

Function 00453578 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 155COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,D:"G,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,00453794,00453794,?,00453794,00000000), ref: 00453720
CloseHandle.KERNEL32(?,?,D:"G,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,00453794,00453794,?,00453794), ref: 0045372D

Part of subcall function 004534E4: WaitForInputIdle.USER32(?,00000032), ref: 00453510
Part of subcall function 004534E4: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00453532
Part of subcall function 004534E4: GetExitCodeProcess.KERNEL32(?,?), ref: 00453541
Part of subcall function 004534E4: CloseHandle.KERNEL32(?,0045356E,00453567,?,?,?,00000000,?,?,00453741,?,?,?,D:"G,00000000,00000000), ref: 00453561

Strings

.bat, xrefs: 00453608
cmd.exe" /C ", xrefs: 00453655
D:"G, xrefs: 004536F8, 004536FB
.cmd, xrefs: 00453623
COMMAND.COM" /C , xrefs: 0045368C

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
String ID: .bat$.cmd$COMMAND.COM" /C $D:"G$cmd.exe" /C "
API String ID: 854858120-4270494884
Opcode ID: bccf3e7cba150ee1aae3b47e09a506dfff9cf5ab091d589901dc61c2f7b9f919
Instruction ID: e48de0c09470f56e814a1eaeb461330263aa011ed8558adaef5bf8b5374a4d6d
Opcode Fuzzy Hash: bccf3e7cba150ee1aae3b47e09a506dfff9cf5ab091d589901dc61c2f7b9f919
Instruction Fuzzy Hash: AD517874A0034DABCB11EF95C881B9DBBB9AF48746F50403BBC04B7382D7789B198B58

Function 00423634 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96windowCOMMON

Download Yara Rule

APIs

LoadIconA.USER32(00400000,MAINICON), ref: 004236C4
GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418F8E,00000000,?,?,?,00000001), ref: 004236F1
OemToCharA.USER32(?,?), ref: 00423704
CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418F8E,00000000,?,?,?,00000001), ref: 00423744

Strings

MAINICON, xrefs: 004236B9
2, xrefs: 00423692

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Char$FileIconLoadLowerModuleName
String ID: 2$MAINICON
API String ID: 3935243913-3181700818
Opcode ID: 224cf75db4ea10a89a7eebe0d84fc4cc31f478398fb3606dfc63747a48c8d72c
Instruction ID: 65266eba4a5d446380783eb4ad5427bb3c2b6e1eaca800c785880fb46d02af3b
Opcode Fuzzy Hash: 224cf75db4ea10a89a7eebe0d84fc4cc31f478398fb3606dfc63747a48c8d72c
Instruction Fuzzy Hash: E53193B0A042559ADB10EF29C8C57C67BE89F14308F4441BAE944DB393D7BED988CB59

Function 00418EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55threadCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(00000000), ref: 00418EE5
GlobalAddAtomA.KERNEL32(00000000), ref: 00418F06
GetCurrentThreadId.KERNEL32 ref: 00418F21
GlobalAddAtomA.KERNEL32(00000000), ref: 00418F42

Part of subcall function 00423070: 73A1A570.USER32(00000000,?,?,00000000,?,00418F7B,00000000,?,?,?,00000001), ref: 004230C6
Part of subcall function 00423070: EnumFontsA.GDI32(00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000,?,?,?,00000001), ref: 004230D9
Part of subcall function 00423070: 73A24620.GDI32(00000000,0000005A,00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000), ref: 004230E1
Part of subcall function 00423070: 73A1A480.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000), ref: 004230EC

Part of subcall function 00423634: LoadIconA.USER32(00400000,MAINICON), ref: 004236C4
Part of subcall function 00423634: GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418F8E,00000000,?,?,?,00000001), ref: 004236F1
Part of subcall function 00423634: OemToCharA.USER32(?,?), ref: 00423704
Part of subcall function 00423634: CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418F8E,00000000,?,?,?,00000001), ref: 00423744

Part of subcall function 0041F0C0: GetVersion.KERNEL32(?,00418F98,00000000,?,?,?,00000001), ref: 0041F0CE
Part of subcall function 0041F0C0: SetErrorMode.KERNEL32(00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F0EA
Part of subcall function 0041F0C0: LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F0F6
Part of subcall function 0041F0C0: SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F104
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F134
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F15D
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F172
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F187
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F19C
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F1B1
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F1C6
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F1DB
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F1F0
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F205

Strings

ControlOfs%.8X%.8X, xrefs: 00418F33
Delphi%.8X, xrefs: 00418EF7

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$AtomCharCurrentErrorGlobalLoadMode$A24620A480A570EnumFileFontsIconLibraryLowerModuleNameProcessThreadVersion
String ID: ControlOfs%.8X%.8X$Delphi%.8X
API String ID: 3864787166-2767913252
Opcode ID: ef7e27ba16645ad8f4c699e646a7607366e766e332a0da38ca4bd420b63be1db
Instruction ID: b182b06b3bcb1b2e8c3ba80a322d5fe38ad1e868bfed4ce1d31fb71d0c0c557e
Opcode Fuzzy Hash: ef7e27ba16645ad8f4c699e646a7607366e766e332a0da38ca4bd420b63be1db
Instruction Fuzzy Hash: 051142B06142406AC740FF36998274A76E1EBA4308F40853FF448EB3E1DB7D9945CB6E

Function 004135E4 Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

SetWindowLongA.USER32(?,000000FC,?), ref: 0041360C
GetWindowLongA.USER32(?,000000F0), ref: 00413617
GetWindowLongA.USER32(?,000000F4), ref: 00413629
SetWindowLongA.USER32(?,000000F4,?), ref: 0041363C
SetPropA.USER32(?,00000000,00000000), ref: 00413653
SetPropA.USER32(?,00000000,00000000), ref: 0041366A

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LongWindow$Prop
String ID:
API String ID: 3887896539-0
Opcode ID: 0a6263d03eac2d2bce2c4b1186c1d291e8e55930424baaf96426919c90c6d239
Instruction ID: f31fb67a9e11a3f95cb2897c8c98fc4a52a333ae5d38a5fa38f8a355adb326ca
Opcode Fuzzy Hash: 0a6263d03eac2d2bce2c4b1186c1d291e8e55930424baaf96426919c90c6d239
Instruction Fuzzy Hash: C911CC75500245BFDB00EF99DC84E9A37E8AB19364F104266F918DB2A1D738D9908B64

Function 0047087C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146windowCOMMON

Download Yara Rule

APIs

GetClassInfoW.USER32(00000000,COMBOBOX,?), ref: 004708D2
73A259E0.USER32(00000000,000000FC,00470830,00000000,00470A62,?,00000000,00470A87), ref: 004708F9
GetACP.KERNEL32(00000000,00470A62,?,00000000,00470A87), ref: 00470936
SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0047097C

Strings

COMBOBOX, xrefs: 004708CB

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: A259ClassInfoMessageSend
String ID: COMBOBOX
API String ID: 3217714596-1136563877
Opcode ID: 4db748e39614629576759290719755d4f62f5ff744c25c03a842ef39f5d171c9
Instruction ID: ada8455a1527fb003519a52fc9fb8cd1e3de5cb64bb436e33c8ec601d2d438b3
Opcode Fuzzy Hash: 4db748e39614629576759290719755d4f62f5ff744c25c03a842ef39f5d171c9
Instruction Fuzzy Hash: 63514D74A01205EFDB10DF69D885A9EB7B5EB49304F1481BAE808DB762C778AD41CB98

Function 004627F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115windowCOMMON

Download Yara Rule

APIs

SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 0046288D
ExtractIconA.SHELL32(00400000,00000000,?), ref: 004628B3

Part of subcall function 00462730: DrawIconEx.USER32(00000000,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000003), ref: 004627C8
Part of subcall function 00462730: DestroyCursor.USER32(00000000), ref: 004627DE

SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 0046290F
ExtractIconA.SHELL32(00400000,00000000,?), ref: 00462935

Strings

c:\directory, xrefs: 00462888

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Icon$ExtractFileInfo$CursorDestroyDraw
String ID: c:\directory
API String ID: 2926980410-3984940477
Opcode ID: 29e0c85cb7bbc84e991fe9b864147cbcc3941f6a1fa61eb28117cfda4f6013bc
Instruction ID: 427904fd0b382b2f05c77991b1ac4ddebc586400d5837c21677a4a344efa396e
Opcode Fuzzy Hash: 29e0c85cb7bbc84e991fe9b864147cbcc3941f6a1fa61eb28117cfda4f6013bc
Instruction Fuzzy Hash: CD418D70700644BFDB10DB55CD8AFDBBBE8AB49304F1040A6F90497291D6B8AE84CA59

Function 00455C4C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON

Download Yara Rule

APIs

MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00455C7C
GetExitCodeProcess.KERNEL32(?,00490736), ref: 00455C9D
CloseHandle.KERNEL32(?,00455CD0,?,?,dE,00000000,00000000), ref: 00455CC3

Strings

GetExitCodeProcess, xrefs: 00455CA6
MsgWaitForMultipleObjects, xrefs: 00455C89

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCodeExitHandleMultipleObjectsProcessWait
String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
API String ID: 2573145106-3235461205
Opcode ID: bb15eb2d202201f45358253f8be246735ac0c7ca0382cf4378f9f11bf6c10fb6
Instruction ID: e42cd4710a2bc55cfeee88e204bbff949c6156d41efd27b396eab6340a6db490
Opcode Fuzzy Hash: bb15eb2d202201f45358253f8be246735ac0c7ca0382cf4378f9f11bf6c10fb6
Instruction Fuzzy Hash: 2001DB30644B04AFDB12DB99CD51F3A73A8EB45714F604477F910E73D3D679AD048658

Function 0047BB48 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 213COMMON

Download Yara Rule

APIs

SetActiveWindow.USER32(?,?,00000000,0047BE5D,?,?,00000001,?), ref: 0047BC59
SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 0047BCCE

Strings

, xrefs: 0047BD8B
Need to restart Windows? %s, xrefs: 0047BD0B

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ActiveChangeNotifyWindow
String ID: $Need to restart Windows? %s
API String ID: 1160245247-4200181552
Opcode ID: c6b7e151218f9a3e81b02511d21a3cfdf4c44bdaad14f60efa502530b76d30ff
Instruction ID: f4c1e1fff3503470ea18fdaabc6d14c851de77ee15ab21044676623dc6a244ae
Opcode Fuzzy Hash: c6b7e151218f9a3e81b02511d21a3cfdf4c44bdaad14f60efa502530b76d30ff
Instruction Fuzzy Hash: 0F9170346042449FCB01EF69D886B9A77F5EF56308F1080BBE8049B366DB78AD45CB99

Function 00469F80 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON

Download Yara Rule

APIs

Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720

Part of subcall function 0042CAA4: CharPrevA.USER32(?,00000000,?,00000001,?,?,0042CBD2,00000000,0042CBF8,?,00000001,?,?,00000000,?,0042CC4A), ref: 0042CACC

GetLastError.KERNEL32(00000000,0046A17D,?,?,00000001,0049307C), ref: 0046A05A
SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046A0D4
SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046A0F9

Strings

Creating directory: %s, xrefs: 0046A042

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ChangeNotify$CharErrorFullLastNamePathPrev
String ID: Creating directory: %s
API String ID: 2168629741-483064649
Opcode ID: f0ea55da9561c7475a5743fab90f50c64dd7051ef843fcce111b49f539560e2f
Instruction ID: 39b67aeb1d7855c22aabfe2f82cf891ef9e94af442bcdac43ae26702b455444b
Opcode Fuzzy Hash: f0ea55da9561c7475a5743fab90f50c64dd7051ef843fcce111b49f539560e2f
Instruction Fuzzy Hash: 8A512374E00248ABDB01DFA9C982BDEB7F5AF49304F50846AE851B7382D7785E04CF5A

Function 0045333C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 004533EA
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,004534B0), ref: 00453454

Strings

sfc.dll, xrefs: 004533AC
SfcIsFileProtected, xrefs: 004533E4

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressByteCharMultiProcWide
String ID: SfcIsFileProtected$sfc.dll
API String ID: 2508298434-591603554
Opcode ID: 4b50ca8e1327cf77ffaefa782f18a20e389156e08d40e3b6f393e5ded95c096a
Instruction ID: 1adb4bde248a8b19f2f304064bd770535e454300abe4aaf5ea9dda1ac3de6c9a
Opcode Fuzzy Hash: 4b50ca8e1327cf77ffaefa782f18a20e389156e08d40e3b6f393e5ded95c096a
Instruction Fuzzy Hash: C741B470A00218ABEB21DF55DD85B9DB7B8AB0534AF5040BBF808A3292D7785F48DA5C

Function 00450C8C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

74D41520.VERSION(00000000,?,?,?,0048F996), ref: 00450CAC
74D41500.VERSION(00000000,?,00000000,?,00000000,00450D27,?,00000000,?,?,?,0048F996), ref: 00450CD9
74D41540.VERSION(?,00450D50,?,?,00000000,?,00000000,?,00000000,00450D27,?,00000000,?,?,?,0048F996), ref: 00450CF3

Strings

aE, xrefs: 00450D37, 00450CFF

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: D41500D41520D41540
String ID: aE
API String ID: 2153611984-88912727
Opcode ID: 5f4df345e488c05fd5bd4e33c36db4a7a4bcf57642fa48d89191aa24049eff36
Instruction ID: fa6cca6fee997d329f140acf62b9c68117f89c9724db0c09afd566eb7417e920
Opcode Fuzzy Hash: 5f4df345e488c05fd5bd4e33c36db4a7a4bcf57642fa48d89191aa24049eff36
Instruction Fuzzy Hash: 66215379A00649AFDB01DAE98C41DBFB7FCEB49301F55407AFD04E3242D679AE088769

Function 00404D2A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404DC5
ExitProcess.KERNEL32 ref: 00404E0D

Strings

Runtime error at 00000000, xrefs: 00404DBE, 00404DD1
Error, xrefs: 00404DB9

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExitMessageProcess
String ID: Error$Runtime error at 00000000
API String ID: 1220098344-2970929446
Opcode ID: cb3f50221c7fc4a280dd17ceecd31964af7b7a4f5716c995046d60236483f2a1
Instruction ID: 54305f10cd77fd258ec0cbb2b3b89b3afa079266c0d37f3845e7031a68d66c88
Opcode Fuzzy Hash: cb3f50221c7fc4a280dd17ceecd31964af7b7a4f5716c995046d60236483f2a1
Instruction Fuzzy Hash: 1E21C560A44281AAEB16A775EE817163B9197E5348F048177E700B73F3C6FC8C84C7AE

Function 00453F24 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegCloseKey.ADVAPI32(?,00453F8F,?,00000001,00000000), ref: 00453F82

Strings

SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00453F30
PendingFileRenameOperations, xrefs: 00453F54
PendingFileRenameOperations2, xrefs: 00453F63

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpen
String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
API String ID: 47109696-2115312317
Opcode ID: 21250b3f59e8a1b3ab45e49100b6a533c2958c5d03e63bbb63f4184d55fa8918
Instruction ID: 2fe5d9dd412f96f0258c427e8e9e7532a7d77a38f3856869fbc3dabfb8f5c388
Opcode Fuzzy Hash: 21250b3f59e8a1b3ab45e49100b6a533c2958c5d03e63bbb63f4184d55fa8918
Instruction Fuzzy Hash: 1DF0C233B443087FDB09DA62AC07A1AB3ECD744B56FA0446BF80086582DA79AE04922C

Function 0046C624 Relevance: 6.3, APIs: 4, Instructions: 263fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(000000FF,?,00000000,0046C7F5,?,00000000,?,00000001,00000000,0046C9C3,?,00000000,?,00000000,?,0046CB7E), ref: 0046C7D1
FindClose.KERNEL32(000000FF,0046C7FC,0046C7F5,?,00000000,?,00000001,00000000,0046C9C3,?,00000000,?,00000000,?,0046CB7E,?), ref: 0046C7EF
FindNextFileA.KERNEL32(000000FF,?,00000000,0046C917,?,00000000,?,00000001,00000000,0046C9C3,?,00000000,?,00000000,?,0046CB7E), ref: 0046C8F3
FindClose.KERNEL32(000000FF,0046C91E,0046C917,?,00000000,?,00000001,00000000,0046C9C3,?,00000000,?,00000000,?,0046CB7E,?), ref: 0046C911

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CloseFileNext
String ID:
API String ID: 2066263336-0
Opcode ID: 0f960cb1112d21006a9c127ae61e0f4d16613c63928aaaa408fce4eab3408d2c
Instruction ID: 1dd2fae92c3a96226fdad02eb244197cfc035410fb76892232ec07de3388933a
Opcode Fuzzy Hash: 0f960cb1112d21006a9c127ae61e0f4d16613c63928aaaa408fce4eab3408d2c
Instruction Fuzzy Hash: 21B12D7490424D9FCF11DFA5C881ADEBBB9BF4C304F5081AAE848B3251E7389A45CF59

Function 0042121C Relevance: 6.1, APIs: 4, Instructions: 127windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(00000000), ref: 00421309
SetMenu.USER32(00000000,00000000), ref: 00421326
SetMenu.USER32(00000000,00000000), ref: 0042135B
SetMenu.USER32(00000000,00000000), ref: 00421377

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu
String ID:
API String ID: 3711407533-0
Opcode ID: 69c3d24cbd3908ab398b23ff4996bcca6d71d6d9efd1b021582025e8ce73b4a6
Instruction ID: 0f81d55959a1cf47e4f4fbe1fb89748b5e36cc62268cbc8ca2fac5ad34181ecf
Opcode Fuzzy Hash: 69c3d24cbd3908ab398b23ff4996bcca6d71d6d9efd1b021582025e8ce73b4a6
Instruction Fuzzy Hash: 1341C37070025557EB20BB3AA88579A76924F65308F4901BFBC44DF3A7CA7DCC4683AC

Function 004171C3 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetCursorPos.USER32 ref: 00417208
SetCursor.USER32(00000000), ref: 0041724B
GetLastActivePopup.USER32(?), ref: 00417275
GetForegroundWindow.USER32(?), ref: 0041727C

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Cursor$ActiveForegroundLastPopupWindow
String ID:
API String ID: 1959210111-0
Opcode ID: 31a9e7ed65d1c6a10f15c6d0b6e52d74fbafc79933164b7f4b16210c0427c26c
Instruction ID: c6d496dfd2e179b176722755b72bbf9acc304802cb498c635dadf3855441ee16
Opcode Fuzzy Hash: 31a9e7ed65d1c6a10f15c6d0b6e52d74fbafc79933164b7f4b16210c0427c26c
Instruction Fuzzy Hash: AF21B0302042108ACB10EB6AD9446D733B1AB58724B5649BFF8449B392D77CCCC2CB89

Function 00416AEA Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,?,?,?), ref: 00416B2C
SetTextColor.GDI32(?,00000000), ref: 00416B46
SetBkColor.GDI32(?,00000000), ref: 00416B60
CallWindowProcA.USER32(?,?,?,?,?), ref: 00416B88

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Color$CallMessageProcSendTextWindow
String ID:
API String ID: 601730667-0
Opcode ID: 94d5e14a106f4ce483550bedbdeace2163082f32d69035d86e8ad094192f6645
Instruction ID: b033cece6509217f2327ce801b750aa6be190e92d4bc00e16b2453bc82832c42
Opcode Fuzzy Hash: 94d5e14a106f4ce483550bedbdeace2163082f32d69035d86e8ad094192f6645
Instruction Fuzzy Hash: DA112EB2204610AFC710EE6ECDC5E9777ECEF49314715882AB59ADB612D638F8418B29

Function 00423A2C Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

EnumWindows.USER32(004239C4), ref: 00423A50
GetWindow.USER32(?,00000003), ref: 00423A65
GetWindowLongA.USER32(?,000000EC), ref: 00423A74
SetWindowPos.USER32(00000000,00424104,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,00424153,?,?,00423D1B), ref: 00423AAA

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$EnumLongWindows
String ID:
API String ID: 4191631535-0
Opcode ID: 2ac3058ad058fb58bc43d272a33111b98432a4fbb6a4c2e0798833925aa94dac
Instruction ID: 2aa942e0144c2f66fd74dad5558343876cb1daa91c8e5ea9adb7241dccc7aa7f
Opcode Fuzzy Hash: 2ac3058ad058fb58bc43d272a33111b98432a4fbb6a4c2e0798833925aa94dac
Instruction Fuzzy Hash: C9112E70704610ABDB10DF68DD85F5A77E4EB08725F11066AF994AB2E2C3789D41CB58

Function 00423070 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,?,?,00000000,?,00418F7B,00000000,?,?,?,00000001), ref: 004230C6
EnumFontsA.GDI32(00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000,?,?,?,00000001), ref: 004230D9
73A24620.GDI32(00000000,0000005A,00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000), ref: 004230E1
73A1A480.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000), ref: 004230EC

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: A24620A480A570EnumFonts
String ID:
API String ID: 2630238358-0
Opcode ID: 541138733ee3697c01f8c81797123c03923b2bd4d964166bd9626717c6dd975c
Instruction ID: afad048246e6630919bdfa9f1eb422a1972ed3af21ea5203bed7575143a0f70f
Opcode Fuzzy Hash: 541138733ee3697c01f8c81797123c03923b2bd4d964166bd9626717c6dd975c
Instruction Fuzzy Hash: 9D01D2717043002AE700BF7A5C82B9B3A549F05319F44023BF804AF2C2D6BE9905876E

Function 004534E4 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

WaitForInputIdle.USER32(?,00000032), ref: 00453510
MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00453532
GetExitCodeProcess.KERNEL32(?,?), ref: 00453541
CloseHandle.KERNEL32(?,0045356E,00453567,?,?,?,00000000,?,?,00453741,?,?,?,D:"G,00000000,00000000), ref: 00453561

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
String ID:
API String ID: 4071923889-0
Opcode ID: cb2ec6e2e327cbe717a960b84219f2604a12aee98f16707f6853b19b6914ee48
Instruction ID: 976b375f78923eada3d8d1f25cef2af6e5c381faa9b0e8b7c45c7f6a29b52fc4
Opcode Fuzzy Hash: cb2ec6e2e327cbe717a960b84219f2604a12aee98f16707f6853b19b6914ee48
Instruction Fuzzy Hash: 48019670A4060C7AEB209BA98C06E6B7AACDB057A1F610167B904D72C2E5789E008A68

Function 00475FC4 Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00475FE5
GetLastError.KERNEL32 ref: 00475FEF
GetTickCount.KERNEL32 ref: 00475FF9
Sleep.KERNEL32(00000032), ref: 00476009

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$CountSleepTick
String ID:
API String ID: 2227064392-0
Opcode ID: aadb22e46f36e2e7530594f2afb87a8d879590c282ab00bcab08a1c1c09b4d0e
Instruction ID: ac2bc92c64288a8ae8ad87d3879801b84766de851918f2f303a3950bd66c2a85
Opcode Fuzzy Hash: aadb22e46f36e2e7530594f2afb87a8d879590c282ab00bcab08a1c1c09b4d0e
Instruction Fuzzy Hash: E8E02B31309D8045CE2879BE18827FF458AEB85324B35493FF0CED6282CC1C4C05A92E

Function 004598F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166COMMON

Download Yara Rule

APIs

Part of subcall function 0044FC44: SetEndOfFile.KERNEL32(?,?,004599C5,00000000,00459B68,?,00000000,00000002,00000002), ref: 0044FC4B

FlushFileBuffers.KERNEL32(?), ref: 00459B34

Strings

EndOffset range exceeded, xrefs: 00459A56
NumRecs range exceeded, xrefs: 00459A1F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$BuffersFlush
String ID: EndOffset range exceeded$NumRecs range exceeded
API String ID: 3593489403-659731555
Opcode ID: ef07b891dab5b5a605824b16cda2af0af612d2c73a3dda369383fcccd61e714c
Instruction ID: 995539901c97ad68f5746cda8c194ef6f3d3db8d93705507f5965892a0295e18
Opcode Fuzzy Hash: ef07b891dab5b5a605824b16cda2af0af612d2c73a3dda369383fcccd61e714c
Instruction Fuzzy Hash: D2613E34A00258CBDB25DF15C881ADAB3B5EB49305F0081EAED49AB352D778AEC9CF54

Function 00490B04 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 00403344: GetModuleHandleA.KERNEL32(00000000,00490B12), ref: 0040334B
Part of subcall function 00403344: GetCommandLineA.KERNEL32(00000000,00490B12), ref: 00403356

Part of subcall function 00409B20: 6F571CD0.COMCTL32(00490B21), ref: 00409B20

Part of subcall function 004108FC: GetCurrentThreadId.KERNEL32 ref: 0041094A

Part of subcall function 00418FE8: GetVersion.KERNEL32(00490B35), ref: 00418FE8

Part of subcall function 0044EE30: GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00490B49), ref: 0044EE6B
Part of subcall function 0044EE30: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044EE71

Part of subcall function 0045196C: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00451A05,?,?,?,?,00000000,?,00490B53), ref: 0045198C
Part of subcall function 0045196C: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00451992
Part of subcall function 0045196C: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00451A05,?,?,?,?,00000000,?,00490B53), ref: 004519A6
Part of subcall function 0045196C: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004519AC

Part of subcall function 0045FCBC: LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,00490B67), ref: 0045FCCB
Part of subcall function 0045FCBC: GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 0045FCD1

Part of subcall function 004678D8: GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 004678ED

Part of subcall function 00472434: GetModuleHandleA.KERNEL32(kernel32.dll,?,00490B71), ref: 0047243A
Part of subcall function 00472434: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00472447
Part of subcall function 00472434: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00472457

Part of subcall function 0048DD14: RegisterClipboardFormatA.USER32(QueryCancelAutoPlay), ref: 0048DD2D

SetErrorMode.KERNEL32(00000001,00000000,00490BB9), ref: 00490B8B

Part of subcall function 00490914: GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00490B95,00000001,00000000,00490BB9), ref: 0049091E
Part of subcall function 00490914: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00490924

Part of subcall function 0042447C: SendMessageA.USER32(?,0000B020,00000000,?), ref: 0042449B

Part of subcall function 0042426C: SetWindowTextA.USER32(?,00000000), ref: 00424284

ShowWindow.USER32(?,00000005,00000000,00490BB9), ref: 00490BFC

Part of subcall function 0047B260: SetActiveWindow.USER32(?), ref: 0047B304

Strings

Setup, xrefs: 00490BE2

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$HandleModule$Window$ActiveClipboardCommandCurrentErrorF571FormatLibraryLineLoadMessageModeRegisterSendShowTextThreadVersion
String ID: Setup
API String ID: 4284711697-3839654196
Opcode ID: 3561114a63be54c54d2a43fb7e17f87302581483f476b44515a49fd14d45fc66
Instruction ID: 93c4262b2fd0981b4a3bf9bbc89b82d5fe8812d296d35f6d6b268422da34e6e8
Opcode Fuzzy Hash: 3561114a63be54c54d2a43fb7e17f87302581483f476b44515a49fd14d45fc66
Instruction Fuzzy Hash: CC31C635204204AED605BBB7ED1391E3BA4EB8971CB61447FF404929A3DE7C5C518A7E

Function 0042DA40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(?,ProductType,00000000,?,00000000,?,00000000,0042DB61), ref: 0042DA78
RegQueryValueExA.ADVAPI32(?,ProductType,00000000,?,00000000,00000000,?,ProductType,00000000,?,00000000,?,00000000,0042DB61), ref: 0042DAD0

Strings

ProductType, xrefs: 0042DA76, 0042DACE

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: QueryValue
String ID: ProductType
API String ID: 3660427363-120863269
Opcode ID: 8c6d5992717354f1742f6db3e008b622ea29168f52289f9bc266ec88e5d19502
Instruction ID: 22425fb9ba400e549f89719797a15a519fe31236383ac1a1c9c2ba634efda0a6
Opcode Fuzzy Hash: 8c6d5992717354f1742f6db3e008b622ea29168f52289f9bc266ec88e5d19502
Instruction Fuzzy Hash: 67416934E04128EFDF21DF95D890BEFBBB8EB45304F9185A7E510A7280D778AA44CB58

Function 004521A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0045228F,?,?,00000000,00492628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004521E6
GetLastError.KERNEL32(00000000,00000000,?,00000000,0045228F,?,?,00000000,00492628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004521EF

Strings

.tmp, xrefs: 004521CF

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: 95b321a80a7f49f3410ff19ad884a03b5149450dce792f72d1a7e619d8ed1185
Instruction ID: 1cc7738378c32de01c08681629a8df9cd6432d6ac9a10e78220417a5cd0dd7bd
Opcode Fuzzy Hash: 95b321a80a7f49f3410ff19ad884a03b5149450dce792f72d1a7e619d8ed1185
Instruction Fuzzy Hash: 68213579A002089BDB01EFA1C9529DFB7B9EF49305F50457BF801B7342DA7C9E058A65

Function 004537F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

ShellExecuteEx.SHELL32(0000003C), ref: 0045388C
GetLastError.KERNEL32(0000003C,00000000,004538D5,?,?,?), ref: 0045389D

Part of subcall function 004534E4: WaitForInputIdle.USER32(?,00000032), ref: 00453510
Part of subcall function 004534E4: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00453532
Part of subcall function 004534E4: GetExitCodeProcess.KERNEL32(?,?), ref: 00453541
Part of subcall function 004534E4: CloseHandle.KERNEL32(?,0045356E,00453567,?,?,?,00000000,?,?,00453741,?,?,?,D:"G,00000000,00000000), ref: 00453561

Strings

<, xrefs: 00453840

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Wait$CloseCodeErrorExecuteExitHandleIdleInputLastMultipleObjectsProcessShell
String ID: <
API String ID: 35504260-4251816714
Opcode ID: c2e03b5e4e67f27838c983cd3523d5033eb2743868d95f269161821d711f8d89
Instruction ID: a48743936d6917b30e90ea1336603dc98d5f36d007a8bf71f63bee0ab98bf73b
Opcode Fuzzy Hash: c2e03b5e4e67f27838c983cd3523d5033eb2743868d95f269161821d711f8d89
Instruction Fuzzy Hash: 95218670A00209AFDB14EF65D88269E7BF8EF04356F50443AF844E7381D7789E49CB98

Function 0042DB8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(?,Inno Setup: No Icons,00000000,00000000,00000000,00000000), ref: 0042DBA0
RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,Inno Setup: No Icons,00000000,00000000,00000000), ref: 0042DBE0

Strings

Inno Setup: No Icons, xrefs: 0042DB9E

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Value$EnumQuery
String ID: Inno Setup: No Icons
API String ID: 1576479698-2016326496
Opcode ID: e9fb7db7dcf6cda393c86093116ee764db1e6ac8556277773d8aad4419d6b52b
Instruction ID: 963321e0e52aed92ccfb8a2f54d21a93e2c319f999d6bed2d0c39c2fe313cf58
Opcode Fuzzy Hash: e9fb7db7dcf6cda393c86093116ee764db1e6ac8556277773d8aad4419d6b52b
Instruction Fuzzy Hash: 7201F731B4536069F73085166D11B7BA9889B41B64F65003BF940EA3C0D2D9AC04E36E

Function 004758D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,00475B5A,00000000,00475B70,?,?,?,?,00000000), ref: 00475936

Strings

RegisteredOwner, xrefs: 00475913
RegisteredOrganization, xrefs: 00475925

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Close
String ID: RegisteredOrganization$RegisteredOwner
API String ID: 3535843008-1113070880
Opcode ID: b3b711482d8e628ec3f61362cfc892467dbb757c2662bd40f62ad5005f9431cc
Instruction ID: 48b656342ec2bd2b5ab7dbcfa9b326a46bbbd2cb26f9bcc12124a5356ca6e139
Opcode Fuzzy Hash: b3b711482d8e628ec3f61362cfc892467dbb757c2662bd40f62ad5005f9431cc
Instruction Fuzzy Hash: 63F0F6B0B04144EBEB00DA72AC9279B3759D742304F60807BA2058F251D6B9AF01D74C

Function 0046F3F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,0046F62F), ref: 0046F41D
CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,0046F62F), ref: 0046F434

Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B

Strings

CreateFile, xrefs: 0046F429

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreateErrorFileHandleLast
String ID: CreateFile
API String ID: 2528220319-823142352
Opcode ID: 3ce17224c3612957bb3ea8d08732bab1b9a40189034164cbbb7ae18b77d7767e
Instruction ID: 8566c0baceda2c5727a8425b1213297a8e6c3c46ac1f7708f5e95aedaf673be2
Opcode Fuzzy Hash: 3ce17224c3612957bb3ea8d08732bab1b9a40189034164cbbb7ae18b77d7767e
Instruction Fuzzy Hash: EDE065342843047FDA10E669DCC6F0677989B14728F108161F6446F3E2C5B5EC448659

Function 0046961C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24registryCOMMON

Download Yara Rule

APIs

RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,|0I,00000004,00000001,?,00469B43,?,?,00000000,00469BEA,?,_is1,?), ref: 0046962F

Strings

|0I, xrefs: 00469625, 00469628
NoModify, xrefs: 0046962D

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Value
String ID: NoModify$|0I
API String ID: 3702945584-1260956942
Opcode ID: 0d9706f44497321b252fea2b85b5cd2d87d273d46e8ee44f3976ba521d4fd78f
Instruction ID: 2bef48f429356fc4da1bc079aaf13935e8d13ae686911c9cef0d84ca04fc1d48
Opcode Fuzzy Hash: 0d9706f44497321b252fea2b85b5cd2d87d273d46e8ee44f3976ba521d4fd78f
Instruction Fuzzy Hash: 59E04FB0604304BFEB04DB95CD4AF6B77ACDB48714F108059BA049B381EAB4EE00C668

Function 004678D8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 0042E1E0: SetErrorMode.KERNEL32(00008000), ref: 0042E1EA
Part of subcall function 0042E1E0: LoadLibraryA.KERNEL32(00000000,00000000,0042E234,?,00000000,0042E252,?,00008000), ref: 0042E219

GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 004678ED

Strings

shell32.dll, xrefs: 004678E2
SHPathPrepareForWriteA, xrefs: 004678D8

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressErrorLibraryLoadModeProc
String ID: SHPathPrepareForWriteA$shell32.dll
API String ID: 2492108670-2683653824
Opcode ID: c944a9074854445ab3124fdf5b50c6e0e0c2ff548dc294e090d25f8eecb682ac
Instruction ID: fa085d398d84bf6bdc376de8b0adffa78d8cd9c0cd14655664e75f653ebd6975
Opcode Fuzzy Hash: c944a9074854445ab3124fdf5b50c6e0e0c2ff548dc294e090d25f8eecb682ac
Instruction Fuzzy Hash: 90B092E0B0474092EF0077BA584AB1A1454D78079CB64883BB040AB289EE7C8A18EB9E

Function 00485E2C Relevance: 4.6, APIs: 3, Instructions: 142registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegEnumKeyExA.ADVAPI32(?,00000001,00000000,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00485EDD
RegEnumValueA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00485FA7,?,?,?,00000000,00000000,00485FCD), ref: 00485EFE
RegCloseKey.ADVAPI32(?,00485FAE,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00485FA1

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Enum$CloseOpenValue
String ID:
API String ID: 167947723-0
Opcode ID: 3d0eebe6ab03815436d53a31e4101c5214dc10002319203a952b045cef38cb6a
Instruction ID: 9daad1761f1e283d4217273ad70bf6c4399887ee59538191eb732a55a8fee4c0
Opcode Fuzzy Hash: 3d0eebe6ab03815436d53a31e4101c5214dc10002319203a952b045cef38cb6a
Instruction Fuzzy Hash: D941A870A045059FDB01EFA6CC82BAFB7FDEB48304F50483BB610E72D1DA78AA018759

Function 0047A918 Relevance: 4.6, APIs: 3, Instructions: 98windowCOMMON

Download Yara Rule

APIs

GetSystemMenu.USER32(00000000,00000000,00000000,0047AA50), ref: 0047A9E8
AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 0047A9F9
AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 0047AA11

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$Append$System
String ID:
API String ID: 1489644407-0
Opcode ID: f080a53e69ae36a7c53ecc201a6def57175b7aa651597f400192a04eb8f0c766
Instruction ID: 9416a2e69f94d1bacdcd5589100605e7a17a6fee69d6532038c11be2b18ca1fe
Opcode Fuzzy Hash: f080a53e69ae36a7c53ecc201a6def57175b7aa651597f400192a04eb8f0c766
Instruction Fuzzy Hash: BB31E5B07043442AE711EB359C82BAE3B945B91308F40843FB940AB2E3C67C9D18879E

Function 0044AA68 Relevance: 4.6, APIs: 3, Instructions: 74COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,?,00000000,00000000,0044AB69,?,0047B27B,?,?), ref: 0044AADD
SelectObject.GDI32(?,00000000), ref: 0044AB00
73A1A480.USER32(00000000,?,0044AB40,00000000,0044AB39,?,00000000,?,00000000,00000000,0044AB69,?,0047B27B,?,?), ref: 0044AB33

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: A480A570ObjectSelect
String ID:
API String ID: 1230475511-0
Opcode ID: 6206e762a1325ba623ac8cb259efe5e16e8ff7365d7f6aa6f873279f897fc210
Instruction ID: 5ebdf1d2f2544012dfa55b31c85aaba12dd464d1382fd60bb62d336af458de0c
Opcode Fuzzy Hash: 6206e762a1325ba623ac8cb259efe5e16e8ff7365d7f6aa6f873279f897fc210
Instruction Fuzzy Hash: 6E21C170E44248AFEB11DFA5C841B9EBBB9EB48304F4180BAF500A7281C77C9950CB2A

Function 0044A79C Relevance: 4.6, APIs: 3, Instructions: 72COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0044A828,?,0047B27B,?,?), ref: 0044A7FA
DrawTextW.USER32(?,?,00000000,?,?), ref: 0044A80D
DrawTextA.USER32(?,00000000,00000000,?,?), ref: 0044A841

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DrawText$ByteCharMultiWide
String ID:
API String ID: 65125430-0
Opcode ID: 8317c523276f314509038111108d47a2590dbd1258818dab6b6b76e6ad298f5c
Instruction ID: 547ddd58e113f665f2c4bd30cca118ef6da0f4e8a03e0e68a63751e0d3c3e5d9
Opcode Fuzzy Hash: 8317c523276f314509038111108d47a2590dbd1258818dab6b6b76e6ad298f5c
Instruction Fuzzy Hash: 2F1108B27406047FEB00EBAA8C82D6FB7ECDB48724F10813BF504E72C0D5389E018A69

Function 004243A4 Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004243BA
TranslateMessage.USER32(?), ref: 00424437
DispatchMessageA.USER32(?), ref: 00424441

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$DispatchPeekTranslate
String ID:
API String ID: 4217535847-0
Opcode ID: 5ba890f0d626e851ae5eb072c17b98b7617e900c1ccbace483623866fa51125f
Instruction ID: 29ec6bb2c2fe33ce96073087ef8f049612c87f0656b6e82933878d2f51458537
Opcode Fuzzy Hash: 5ba890f0d626e851ae5eb072c17b98b7617e900c1ccbace483623866fa51125f
Instruction Fuzzy Hash: 1F11C43030435056DA20E6A4B94179B73D4CFC1708F85485EF9C957382D7BD9E4487AB

Function 004165EC Relevance: 4.5, APIs: 3, Instructions: 39COMMON

Download Yara Rule

APIs

SetPropA.USER32(00000000,00000000), ref: 00416612
SetPropA.USER32(00000000,00000000), ref: 00416627
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,00000000,00000000,?,00000000,00000000), ref: 0041664E

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Prop$Window
String ID:
API String ID: 3363284559-0
Opcode ID: b31ba192d97bc2a8128d85a50ffa45febb98a78fe245b4b5ec301087639eabad
Instruction ID: 675018db8e1bdf4ebffe2da0d9b09b3c9fe28390eae3e6cfa7bb9a74213a9f8e
Opcode Fuzzy Hash: b31ba192d97bc2a8128d85a50ffa45febb98a78fe245b4b5ec301087639eabad
Instruction Fuzzy Hash: 9DF0B271701210BFDB109B599C85FA632DCBB19B15F160176BE08EF286D6B8DD40C7A8

Function 004014E4 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004017ED), ref: 00401513
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004017ED), ref: 0040153A

Strings

@$I, xrefs: 00401522

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Virtual$AllocFree
String ID: @$I
API String ID: 2087232378-1899187264
Opcode ID: 08da3f0d1e78bfe9c634c9aa4f5f35e672582809eb99289594877bc0e4020af2
Instruction ID: 725a70dfb87e22c3967cff80d89a5dac4b2b1bb1b28326949d670fe9fc14322f
Opcode Fuzzy Hash: 08da3f0d1e78bfe9c634c9aa4f5f35e672582809eb99289594877bc0e4020af2
Instruction Fuzzy Hash: 82F0A772B0073067EB60596A4C81F5359C49FC5794F154076FD0DFF3E9D6B58C0142A9

Function 0041EDFC Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 0041EE0C
IsWindowEnabled.USER32(?), ref: 0041EE16
EnableWindow.USER32(?,00000000), ref: 0041EE3C

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$EnableEnabledVisible
String ID:
API String ID: 3234591441-0
Opcode ID: 26f15855b103a5989d821e845a8b5a76b466f6557515be23c42bc0ec7e566d17
Instruction ID: 96e98aa39eb8546384e417ef666d490cadeddd778781aa4cd60f09ebcc6840ac
Opcode Fuzzy Hash: 26f15855b103a5989d821e845a8b5a76b466f6557515be23c42bc0ec7e566d17
Instruction Fuzzy Hash: 65E0EDB42003016AEB11AB27DCC1B5B769CBB54354F468477AD169B2A3DA3DD8408A78

Function 004062A0 Relevance: 4.5, APIs: 3, Instructions: 7COMMON

Download Yara Rule

APIs

GlobalHandle.KERNEL32 ref: 004062A1
GlobalUnWire.KERNEL32(00000000), ref: 004062A8
GlobalFree.KERNEL32(00000000), ref: 004062AD

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$FreeHandleWire
String ID:
API String ID: 318822183-0
Opcode ID: 811b5650058efd060b0480522622cea17f29fa46ba8acc2a698c355084a7e242
Instruction ID: 232b5a29dca1329e6ee8fbf729e049d74cb9239d0bdd557acda0a77be920d3a5
Opcode Fuzzy Hash: 811b5650058efd060b0480522622cea17f29fa46ba8acc2a698c355084a7e242
Instruction Fuzzy Hash: 73A001C4804A04A9D80072B2080BA2F244CD8413283D0496B7440B2183883C8C40593A

Function 0047B260 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetActiveWindow.USER32(?), ref: 0047B304

Strings

InitializeWizard, xrefs: 0047B2A7

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ActiveWindow
String ID: InitializeWizard
API String ID: 2558294473-2356795471
Opcode ID: 8b312c41f2940f2f3a5a5ebcccc02a9e100daae9f3be4a3165d4f891c4d140ea
Instruction ID: 4e25cab65ed988d36d771276a92aef87a17e854c81311b79447974de30300cc1
Opcode Fuzzy Hash: 8b312c41f2940f2f3a5a5ebcccc02a9e100daae9f3be4a3165d4f891c4d140ea
Instruction Fuzzy Hash: CA11A330204204AFD701EB69FD45B5A77E4E755324F2084BBF40A877A1D7796C41DB5D

Function 00476018 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00476060

Strings

Failed to remove temporary directory: , xrefs: 00476079

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CountTick
String ID: Failed to remove temporary directory:
API String ID: 536389180-3544197614
Opcode ID: 8eaa77d6da94d3eb7a991c9334ea7c1cfd0c78d7d0c6d11cc61aa5cf67c36756
Instruction ID: 6ffa0d28bc3bfc953a6b8bbcd879379d441b58bb6ad8f3d837193fbc1ee90d1a
Opcode Fuzzy Hash: 8eaa77d6da94d3eb7a991c9334ea7c1cfd0c78d7d0c6d11cc61aa5cf67c36756
Instruction Fuzzy Hash: B301F530610B44AADB11EB72CC46BDF77A9DB05709FA1843BF804A7192D6BDAE08890C

Function 004757F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,?,?,00475A36,00000000,00475B70), ref: 00475835

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 00475805

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpen
String ID: Software\Microsoft\Windows\CurrentVersion
API String ID: 47109696-1019749484
Opcode ID: 32ef8136de0120a00000d409f2c8a2fabb2658739af061c3bbedf7e0271f1c3a
Instruction ID: 6f23ae70e013487785b82a96322c3c90f2bad5c8cb9ef8bfae3d8b83ecadceb2
Opcode Fuzzy Hash: 32ef8136de0120a00000d409f2c8a2fabb2658739af061c3bbedf7e0271f1c3a
Instruction Fuzzy Hash: A1F08231B0451467EA04B69A9C42B9EA79D9B84758F21407BF908DF342D9F99E0242AD

Function 004695AC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON

Download Yara Rule

APIs

RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,?,?,0049307C,?,004697A3,?,00000000,00469BEA,?,_is1), ref: 004695CF

Strings

Inno Setup: Setup Version, xrefs: 004695CD

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Value
String ID: Inno Setup: Setup Version
API String ID: 3702945584-4166306022
Opcode ID: f5add68329ef97518e4fcb466ca5aa8f04737b31d2f7e60d26670de3c31fcc1c
Instruction ID: bcb48f81889c44c2f620efda9402a5d0bb1fb61369e9a11a86b2db072df5fa83
Opcode Fuzzy Hash: f5add68329ef97518e4fcb466ca5aa8f04737b31d2f7e60d26670de3c31fcc1c
Instruction Fuzzy Hash: 5CE06D713012043FD710EA2A9C85F5BBBDCDF88365F10403AB908DB392D978DD0185A8

Function 0042DC44 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

Strings

System\CurrentControlSet\Control\Windows, xrefs: 0042DC5E

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Open
String ID: System\CurrentControlSet\Control\Windows
API String ID: 71445658-1109719901
Opcode ID: 22e0c054078c54348808a8319995cc634a026ba4b678fe1ea34de8a5361bc097
Instruction ID: 29d81e93da8360ba13d0a113dd5009aeb6b598c84d67836305bbff2bc9e8969e
Opcode Fuzzy Hash: 22e0c054078c54348808a8319995cc634a026ba4b678fe1ea34de8a5361bc097
Instruction Fuzzy Hash: B7D09E72910128BB9B109A89DC41DF7775DDB19760F44401AF904A7141C1B4AC519BE4

Function 00452758 Relevance: 3.2, APIs: 2, Instructions: 190fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(000000FF,?,00000000,0045298B,?,00000000,004529F5,?,?,-00000001,00000000,?,00476075,00000000,00475FC4,00000000), ref: 00452967
FindClose.KERNEL32(000000FF,00452992,0045298B,?,00000000,004529F5,?,?,-00000001,00000000,?,00476075,00000000,00475FC4,00000000,00000001), ref: 00452985

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CloseFileNext
String ID:
API String ID: 2066263336-0
Opcode ID: 239293ecc984904b22463139eaf11986111542b00b0602628b26e0545923b6e9
Instruction ID: a46e81b432fa17c8035645edee6d72e6358aab5d3d8117a0f5ee062976db862c
Opcode Fuzzy Hash: 239293ecc984904b22463139eaf11986111542b00b0602628b26e0545923b6e9
Instruction Fuzzy Hash: 48819074A0024D9FCF11DFA5C941BEFBBB4AF4A305F1480A7D85463392D3789A4ACB98

Function 00450F64 Relevance: 3.1, APIs: 2, Instructions: 60processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(00000000,00000000,?,?,00455ECC,00000000,00455EB4,?,?,?,00000000,00450FDE,?,?,?,00000001), ref: 00450FB8
GetLastError.KERNEL32(00000000,00000000,?,?,00455ECC,00000000,00455EB4,?,?,?,00000000,00450FDE,?,?,?,00000001), ref: 00450FC0

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateErrorLastProcess
String ID:
API String ID: 2919029540-0
Opcode ID: f3603e2291ac4d2bff5630acf20c922798bf03bd121a7c5ca53d5b2f3657e726
Instruction ID: 90ec035facff387a728fa34ee480b9bdab906da10ba2c5f97b54275381758835
Opcode Fuzzy Hash: f3603e2291ac4d2bff5630acf20c922798bf03bd121a7c5ca53d5b2f3657e726
Instruction Fuzzy Hash: 6E115E76604208AF8B50DEADDC41DDFB7ECEB4D310B51456AFD08E3241D674EE158B64

Function 0040AF70 Relevance: 3.1, APIs: 2, Instructions: 51COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0040AF8A
FreeResource.KERNEL32(00000000,00400000,00000000,0000000A,F0E80040,00000000,?,?,0040B0E7,00000000,0040B0FF,?,?,?,00000000), ref: 0040AF9B

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Resource$FindFree
String ID:
API String ID: 4097029671-0
Opcode ID: 8c30dec602ece8ae2a8e71100469382659f92ae3bfb2da213009fea87c39b6d5
Instruction ID: 1221a5199f13f7129315330983e0874b2bf41397b47310acc6f6b643a0b38e17
Opcode Fuzzy Hash: 8c30dec602ece8ae2a8e71100469382659f92ae3bfb2da213009fea87c39b6d5
Instruction Fuzzy Hash: FB012FB1300300AFDB00EF69DC82E1A33A9EB493087108077F500BB2D0DA799C11962A

Function 0041EE4C Relevance: 3.0, APIs: 2, Instructions: 49threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0041EE9B
73A25940.USER32(00000000,0041EDFC,00000000,00000000,0041EEB8,?,00000000,0041EEEF,?,0042E7E8,?,00000001), ref: 0041EEA1

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: A25940CurrentThread
String ID:
API String ID: 2655091166-0
Opcode ID: 10cd4d059b02f226dcedeab6d983f116a71722e0e95fe1aa277000ca600bc38b
Instruction ID: ca42cadf64aab9fc9bda363da699102df16a4657dc233dc8dc005950a55e731a
Opcode Fuzzy Hash: 10cd4d059b02f226dcedeab6d983f116a71722e0e95fe1aa277000ca600bc38b
Instruction Fuzzy Hash: 8A015B79A04705AFD705CF66DC11996BBF8E789720B2388B7E804D36A0F6345810DE18

Function 004513FC Relevance: 3.0, APIs: 2, Instructions: 48fileCOMMON

Download Yara Rule

APIs

MoveFileA.KERNEL32(00000000,00000000), ref: 0045143E
GetLastError.KERNEL32(00000000,00000000,00000000,00451464), ref: 00451446

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastMove
String ID:
API String ID: 55378915-0
Opcode ID: fc062a3957a1edb5bf0d59c77c23fa964479a41f7c559747da197f0b7ccab451
Instruction ID: 85188aecbac2644b80406732be01adbb240331f4a8ceeac9c47b7ffc740a9c29
Opcode Fuzzy Hash: fc062a3957a1edb5bf0d59c77c23fa964479a41f7c559747da197f0b7ccab451
Instruction Fuzzy Hash: 6D01D671B04604AB8B01DB799C425AEB7ECDB49725760457BFC08E3252EA3C4E048959

Function 0040170C Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(00000000,00000000,00004000,?,?,?,?,?,00401973), ref: 00401766

Strings

@$I, xrefs: 0040173B, 0040177B

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FreeVirtual
String ID: @$I
API String ID: 1263568516-1899187264
Opcode ID: b62b8f1c307d4adcebf6fa1a253ea1af05d3ba4dba9aec1dff74914ddceb4cab
Instruction ID: 8116451f728c5aa32ea3c360de9e7882c02e29ec9bc76b399c7381bc7e3fefdc
Opcode Fuzzy Hash: b62b8f1c307d4adcebf6fa1a253ea1af05d3ba4dba9aec1dff74914ddceb4cab
Instruction Fuzzy Hash: F40170766057109FC3109F29DCC0E2677E8D780378F05413EDA84673A1D37A6C0187D8

Function 00450EEC Relevance: 3.0, APIs: 2, Instructions: 43COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00450F4B), ref: 00450F25
GetLastError.KERNEL32(00000000,00000000,00000000,00450F4B), ref: 00450F2D

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: 082057bd9afaa096a0e4b8126ab3c4003cc3e6ea7bf304598bc7be587df6c026
Instruction ID: 364ad505462443d826447c2aa905436d5e11e331cb720e50727da1269184da6e
Opcode Fuzzy Hash: 082057bd9afaa096a0e4b8126ab3c4003cc3e6ea7bf304598bc7be587df6c026
Instruction Fuzzy Hash: 27F02876A04604AFCB10DF759C4299EB7E8DB09311B6049BBFC08E3242E6794E048598

Function 00451084 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000,00000000,004510E1,?,-00000001,?), ref: 004510BB
GetLastError.KERNEL32(00000000,00000000,004510E1,?,-00000001,?), ref: 004510C3

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID:
API String ID: 2018770650-0
Opcode ID: 1e6d19b18d0b7f1f4b814b2fe5639d31bbd572e79ae8d41c2ab74e80d74ea6ed
Instruction ID: 5ed2bb2a065b1eb56cf610b2c64d6d851a3618404264b5220afa4eae7dc9580f
Opcode Fuzzy Hash: 1e6d19b18d0b7f1f4b814b2fe5639d31bbd572e79ae8d41c2ab74e80d74ea6ed
Instruction Fuzzy Hash: F9F02871A04244AFCF00DFB59C4259EB7E8DB0871176089BBFC04E3692EB384E048558

Function 0045158C Relevance: 3.0, APIs: 2, Instructions: 42COMMON

Download Yara Rule

APIs

RemoveDirectoryA.KERNEL32(00000000,00000000,004515E9,?,-00000001,00000000), ref: 004515C3
GetLastError.KERNEL32(00000000,00000000,004515E9,?,-00000001,00000000), ref: 004515CB

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DirectoryErrorLastRemove
String ID:
API String ID: 377330604-0
Opcode ID: 3de0d6eef76c1e463ac159392944c7fd45740d6beb844e58639b2c615591adf4
Instruction ID: 4a7b75eba7857019093cf0bd5fd6fc682383d33b89e08eccdc707f1e9448c37c
Opcode Fuzzy Hash: 3de0d6eef76c1e463ac159392944c7fd45740d6beb844e58639b2c615591adf4
Instruction Fuzzy Hash: F0F0F475A00608BB8B01DBB5AC4259EB3ECDB4831176049BBFC04E3242F6384E048598

Function 004231E4 Relevance: 3.0, APIs: 2, Instructions: 35COMMON

Download Yara Rule

APIs

LoadCursorA.USER32(00000000,00007F00), ref: 004231F1
LoadCursorA.USER32(00000000,00000000), ref: 0042321B

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorLoad
String ID:
API String ID: 3238433803-0
Opcode ID: 97721f6b4bea7dfcfee2643c439e1d77a1de27f79bc3f669c874631e657f12ca
Instruction ID: 43eb0a081647544f07c75950a444ff3626244229c91a8f980807230630bdce3f
Opcode Fuzzy Hash: 97721f6b4bea7dfcfee2643c439e1d77a1de27f79bc3f669c874631e657f12ca
Instruction Fuzzy Hash: 56F05C11740110A6D6105D7E6CC0E2A7268DBC1735B7103BBFB7BD32D2C62E5C01417D

Function 0042E1E0 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00008000), ref: 0042E1EA
LoadLibraryA.KERNEL32(00000000,00000000,0042E234,?,00000000,0042E252,?,00008000), ref: 0042E219

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: df3f20b22e32febbdad40190a0324c62e8b0ac07168a33a3d01648edd1efc6b6
Instruction ID: a5bf76ec7fc0037a961c30f1a8367ec2ab03dc69631e0c622de06244be8b127b
Opcode Fuzzy Hash: df3f20b22e32febbdad40190a0324c62e8b0ac07168a33a3d01648edd1efc6b6
Instruction Fuzzy Hash: 6CF08270B14744BEDB019F779C6282BBBECEB4DB1479248B6F800A2691E63C4C10CD39

Function 00470830 Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

73A24690.USER32(6F5327E0,?,?,?,?), ref: 0047085D
73A24690.USER32(FFFF0474,?,?,?,?), ref: 0047086E

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: A24690
String ID:
API String ID: 3654670414-0
Opcode ID: d78ec1971c872e1c2a759eff0b10a1fb793b86a13f31b5903e54a79ee442c384
Instruction ID: 05871f25954d4f0ccf7064202b5622f870af3b0557784982f60e543ab3818496
Opcode Fuzzy Hash: d78ec1971c872e1c2a759eff0b10a1fb793b86a13f31b5903e54a79ee442c384
Instruction Fuzzy Hash: 00F0A0B2201205BBDB00DEAADD88CA7776CEF49320704822BBC0893295D1B8AC0086B9

Function 0044FC10 Relevance: 3.0, APIs: 2, Instructions: 22COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,?,00000002,?,00000080,0046A731,?,00000000), ref: 0044FC26
GetLastError.KERNEL32(?,00000000,?,00000002,?,00000080,0046A731,?,00000000), ref: 0044FC2E

Part of subcall function 0044F9CC: GetLastError.KERNEL32(0044F7E8,0044FA8E,?,00000000,?,0048FEBC,00000001,00000000,00000002,00000000,0049001D,?,?,00000005,00000000,00490051), ref: 0044F9CF

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: de65f18f36f37b9ca1324c3eeca2df0f722fadb4b50d26d1bad635fee496284b
Instruction ID: 0bfc23328500fe2646c690ed3ecabb54a6fbe8d678c9a11fa1a44a4ad9cb7e95
Opcode Fuzzy Hash: de65f18f36f37b9ca1324c3eeca2df0f722fadb4b50d26d1bad635fee496284b
Instruction Fuzzy Hash: 59E012B1304205ABFB10EA7599C1F3B22D8EB44354F00447AB944CF287E674CC0A8B25

Function 0041EF9C Relevance: 3.0, APIs: 2, Instructions: 16threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0041EFB6
73A25940.USER32(00000000,0041EF38,00000000,0042406E,?,00000000,00424104), ref: 0041EFBC

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: A25940CurrentThread
String ID:
API String ID: 2655091166-0
Opcode ID: a87d5c09129fb5e8e72c64e8d2232d69f3356c6d2f88ba67e28c815336eb5a51
Instruction ID: 49cc1c4b832f6c01255466c052ada857fa4bf5b082c39c1888a59bd33b0c0cac
Opcode Fuzzy Hash: a87d5c09129fb5e8e72c64e8d2232d69f3356c6d2f88ba67e28c815336eb5a51
Instruction Fuzzy Hash: BCE04C71610201BFDF11DF39DD4575637E1E7A0314F1348B7A806D61B1E3785840DA0D

Function 00406274 Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32 ref: 00406276
GlobalFix.KERNEL32(00000000), ref: 0040627C

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$Alloc
String ID:
API String ID: 2558781224-0
Opcode ID: 3aab631d28e9500c64151c0aeb9b91af43aad549cba5a5fa87d1f146672bdb4f
Instruction ID: 0263706b80ae8aebac4b2aeda69df254121a1764ed820e2db5cbcbfbef09bb73
Opcode Fuzzy Hash: 3aab631d28e9500c64151c0aeb9b91af43aad549cba5a5fa87d1f146672bdb4f
Instruction Fuzzy Hash: 3D9002C4C10B01A4DC0432B24C0BC3F0C2CD8C072C3C0486F7018B6183883C8800083C

Function 00477198 Relevance: 1.6, APIs: 1, Instructions: 128windowCOMMON

Download Yara Rule

APIs

SendNotifyMessageA.USER32(0001044A,00000496,00002711,00000000), ref: 00477350

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageNotifySend
String ID:
API String ID: 3556456075-0
Opcode ID: 252e5136d57f140269efebacecac5dd0592624cb6a566e5f719c9ce0fa9de95c
Instruction ID: 16409b2b564c283e2081e6b17d670531f43b9e979188f2c8fa02a8160c9bfcf5
Opcode Fuzzy Hash: 252e5136d57f140269efebacecac5dd0592624cb6a566e5f719c9ce0fa9de95c
Instruction Fuzzy Hash: 8B4186343040009BC710FF66EC8255A77A9AB55309790C5B7B8049F3ABCA78EE06DB9D

Function 0040857C Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,004086B2), ref: 0040859B

Part of subcall function 00406D8C: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00406DA9

Part of subcall function 00408508: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,004924C0,00000001,?,004085D3,?,00000000,004086B2), ref: 00408526

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DefaultInfoLoadLocaleStringSystem
String ID:
API String ID: 1658689577-0
Opcode ID: 80ecc8c9aace017e09db60a449651f58f9edaaa4523f5ba9ad143ce156ad8401
Instruction ID: 8b9545330178279bc2ddac5e6fa168bd58cc03261140f3a6a95c7e376186b839
Opcode Fuzzy Hash: 80ecc8c9aace017e09db60a449651f58f9edaaa4523f5ba9ad143ce156ad8401
Instruction Fuzzy Hash: 86315035E00109ABCB00EF95CC819EEB779FF84314F518577E815BB285E738AE018B98

Function 0041FB44 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

SetScrollInfo.USER32(00000000,?,?,00000001), ref: 0041FBE1

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: InfoScroll
String ID:
API String ID: 629608716-0
Opcode ID: de4704f2c710e71cab7264c2153380fdf922c8bbe904c6d895339fb26e0428f4
Instruction ID: 2699cc02af870d89e6a5ad5e313ee30afbb4c435a81dca5bff53af4edc800ccf
Opcode Fuzzy Hash: de4704f2c710e71cab7264c2153380fdf922c8bbe904c6d895339fb26e0428f4
Instruction Fuzzy Hash: E22142B16087456FC340DF39D440696BBE4BB88314F04493EE498C3741D774E996CBD6

Function 00466FE4 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 0041EE4C: GetCurrentThreadId.KERNEL32 ref: 0041EE9B
Part of subcall function 0041EE4C: 73A25940.USER32(00000000,0041EDFC,00000000,00000000,0041EEB8,?,00000000,0041EEEF,?,0042E7E8,?,00000001), ref: 0041EEA1

SHPathPrepareForWriteA.SHELL32(00000000,00000000,00000000,00000000,00000000,00467042,?,00000000,?,?,00467247,?,00000000,00467286), ref: 00467026

Part of subcall function 0041EF00: IsWindow.USER32(?), ref: 0041EF0E
Part of subcall function 0041EF00: EnableWindow.USER32(?,00000001), ref: 0041EF1D

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$A25940CurrentEnablePathPrepareThreadWrite
String ID:
API String ID: 390483697-0
Opcode ID: 369f86e8a7e3fc3249e22cf5b4f477e6a4efde8ea112a63605dc209f0644bffd
Instruction ID: cfd77c3cf2038ba034cdb19c096b63f1e12f26539d14daa02010a8575a632133
Opcode Fuzzy Hash: 369f86e8a7e3fc3249e22cf5b4f477e6a4efde8ea112a63605dc209f0644bffd
Instruction Fuzzy Hash: 15F02E70288300FFE3049B62ED1AB2577E8E308718F60083BF40082181E6BD4C40D52D

Function 004164F8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,00000000,00400000,?), ref: 0041652D

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: a90cc2cdc4384ce14c959999bf908b8a2b5a488b97049405d08f79aee015cd0a
Instruction ID: a820f4678b9f5f8a39c028f8276f7672b34f9079ce199e45b6728efe25cce622
Opcode Fuzzy Hash: a90cc2cdc4384ce14c959999bf908b8a2b5a488b97049405d08f79aee015cd0a
Instruction Fuzzy Hash: D5F019B2200510AFDB84CF9CD9C0F9373ECEB0C210B0481A6FA08CF24AD260EC108BB0

Function 0041495C Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?), ref: 00414997

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
Instruction ID: 59ac3629b8f45f7a6bca1b57e2bf54285868c68ba6336e642f1ef9b7bb8d2b05
Opcode Fuzzy Hash: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
Instruction Fuzzy Hash: B2F0DA762042019FC740DF6CC8C488A77E5FF89255B5546A9F989CB356C731EC54CB91

Function 0042CBB0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

Part of subcall function 0042CAA4: CharPrevA.USER32(?,00000000,?,00000001,?,?,0042CBD2,00000000,0042CBF8,?,00000001,?,?,00000000,?,0042CC4A), ref: 0042CACC

GetFileAttributesA.KERNEL32(00000000,00000000,0042CBF8,?,00000001,?,?,00000000,?,0042CC4A,00000000,004511A1,00000000,004511C2,?,00000000), ref: 0042CBDB

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AttributesCharFilePrev
String ID:
API String ID: 4082512850-0
Opcode ID: 22241e4889f104e7f41f6a8233d5b92d6a893f3137f18e20c265477f4e7dcce1
Instruction ID: bcc2a10ba17e46f4a9e3aa80fd67cbe88bd74874a982435321d161081e45760d
Opcode Fuzzy Hash: 22241e4889f104e7f41f6a8233d5b92d6a893f3137f18e20c265477f4e7dcce1
Instruction Fuzzy Hash: 96E09B71304308BFD701EF62EC93E5EBBECDB85714BA14476F400E7641D5B9AE008418

Function 0044FADC Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 0044FB1C

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 78a311e2a95407c1f2bce677d10703788472382bb1767ec56bee7a5dd97471b0
Instruction ID: b9ff2f1e843887c32db999b8e56f693fcf835da1e8ac5748e56ca63b18eefbc2
Opcode Fuzzy Hash: 78a311e2a95407c1f2bce677d10703788472382bb1767ec56bee7a5dd97471b0
Instruction Fuzzy Hash: 64E092A53501083ED340EEACAC52FA337CC9319754F048033B988C7351D4619D11CBA8

Function 0042E660 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004519EF,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E67F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 5cdf8f27468f89c1e221846afb926f353a68fd9131fa2110eec1806da2fbbfdd
Instruction ID: e1450acef62d714b472a60d6f425ebfa2555b1e5ba62ff61a1a92b84590c1f2f
Opcode Fuzzy Hash: 5cdf8f27468f89c1e221846afb926f353a68fd9131fa2110eec1806da2fbbfdd
Instruction Fuzzy Hash: 2EE020723843111AF23550676C47B7F170D4790704F9580263B10DE3D2D9AEDD0F02AD

Function 00406300 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

CreateWindowExA.USER32(00000000,00423624,00000000,94CA0000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4), ref: 00406329

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
Instruction ID: 1d12608fc0467a25e6c73015cc4d191371d7057fe5102c86e19c90aa3d4ae925
Opcode Fuzzy Hash: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
Instruction Fuzzy Hash: 4CE002B2204309BFDB00DE8ADDC1DABB7ACFB4C654F844105BB1C972428275AD608BB1

Function 0042DC0C Relevance: 1.5, APIs: 1, Instructions: 26registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DC38

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 4b7bbc01810c708f4eaeb9f3bdda72a1e52bfbbcd703bba3a005b41c2dde64c7
Instruction ID: 95aeb9dab0603b99a781f8c682cffbd0ba2012b3d2683d11ab3130478c649cf3
Opcode Fuzzy Hash: 4b7bbc01810c708f4eaeb9f3bdda72a1e52bfbbcd703bba3a005b41c2dde64c7
Instruction Fuzzy Hash: C3E07EB2600129AF9B40DE8DDC81EEB37ADAB1D350F408016FA08D7200C2B4EC519BB4

Function 00453230 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(00000000,000000FF,0046AF0D,00000000,0046BC78,?,00000000,0046BCC1,?,00000000,0046BDFA,?,00000000,?,00000000), ref: 00453246

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 0d9c890a3991cb5b694035647fd2267bc5d10e57212313f7c1704c27ed86d76d
Instruction ID: f302fe2a993c29ff2beb40c6401580d32031e9c3f18c83ad647966ccae7ffc8f
Opcode Fuzzy Hash: 0d9c890a3991cb5b694035647fd2267bc5d10e57212313f7c1704c27ed86d76d
Instruction Fuzzy Hash: 85E01B70508B008BCB14DF3E848135676D15F89321F04C9AABC58CB3D7DA3C85559A67

Function 00414624 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(0048DB6E,?,0048DB90,?,?,00000000,0048DB6E,?,?), ref: 00414643

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
Instruction ID: 3a83c41fa5c3d176b15f2666d2672a78f9af76d4247255e2ff0bda4df6ea0631
Opcode Fuzzy Hash: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
Instruction Fuzzy Hash: 59E012723001199F8250CE5EDC88C57FBEDEBC966130983A6F508C7306DA31EC44C7A0

Function 00406AE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

CompareStringA.KERNEL32(00000400,00000000,00000000,00000000,00000000,00000000,00000000,?,0042C585,00000000,0042C5A2,?,?,00000000,?,00000000), ref: 00406B0D

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CompareString
String ID:
API String ID: 1825529933-0
Opcode ID: f42634be0faa333b05a4ae354d565eb4a013819038b6e29f1d9658e93d9dcb4d
Instruction ID: f6665c11947ada4625099ec4a58cd3d7eb013588aad78fe549ce1534c5c33ddb
Opcode Fuzzy Hash: f42634be0faa333b05a4ae354d565eb4a013819038b6e29f1d9658e93d9dcb4d
Instruction Fuzzy Hash: DAD092D17416203BD250BA7E1C82F5B48CC8B1861FF00413AB208FB2D2C97C8F0512AE

Function 00406E20 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,00000001,00000001,00000000,00000003,00000080,00000000,?,0040A86C,0040CE50,?,00000000,?), ref: 00406E56

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 284a5784ece0525ee4309a29e0934b708280147b24c8860807565b0dcdf733f2
Instruction ID: 2d5c0aa36cdab2c02aa70c59908dd8a7432c1ea2770125d051a0aa19acad35b9
Opcode Fuzzy Hash: 284a5784ece0525ee4309a29e0934b708280147b24c8860807565b0dcdf733f2
Instruction Fuzzy Hash: 61E05BE23D065537F510A9DDACC3F56118CC714749F048032F600EF3E1D5AD9E5087A8

Function 00406E84 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00406E98

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 8201ee84f3f9e58ef3dd8e0238a87415c2e3dc620ee442071c6c4e1cd7855385
Instruction ID: a10c0b3fd935aa4feb9cc83ad1cbd2e9700523618da793d8de9a5efa8f2f85b3
Opcode Fuzzy Hash: 8201ee84f3f9e58ef3dd8e0238a87415c2e3dc620ee442071c6c4e1cd7855385
Instruction Fuzzy Hash: 63D012763082106AD620955A9C84DAB5ADCCBC9774F11063AB658D6181D6248C018675

Function 00406EB0 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406EC4

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 53bf0c971a6682272cbe113517155efe353acdf78c65c7717e273512bbedbf67
Instruction ID: 4d76dac8211929e62cce8888c47837621b30d3b0c7e20a3f427cea6db45cb60b
Opcode Fuzzy Hash: 53bf0c971a6682272cbe113517155efe353acdf78c65c7717e273512bbedbf67
Instruction Fuzzy Hash: 48D05B763082507AD620965BAC44DA76BDCCBC5770F11063EB558C71C1D6309C01C775

Function 004235F4 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 004235A0: SystemParametersInfoA.USER32(00000048,00000000,00000000,00000000), ref: 004235B5

ShowWindow.USER32(004105F8,00000009,?,00000000,0041ED4C,004238E2,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4), ref: 0042360F

Part of subcall function 004235D0: SystemParametersInfoA.USER32(00000049,00000000,00000000,00000000), ref: 004235EC

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: InfoParametersSystem$ShowWindow
String ID:
API String ID: 3202724764-0
Opcode ID: 7c25c5bb0a353a8e37e10cf4638f97e2f3f9aed69f5a03697bdf0d2729dbe22d
Instruction ID: 2a465d5d678e454343823bde05cb816eafc76b3616d44e2642b2febe52ce8396
Opcode Fuzzy Hash: 7c25c5bb0a353a8e37e10cf4638f97e2f3f9aed69f5a03697bdf0d2729dbe22d
Instruction Fuzzy Hash: F8D0A7123422343143203BB73845A8B46BC4DC62A7388043BB548CB303FD1E8F5130BC

Function 0042426C Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

SetWindowTextA.USER32(?,00000000), ref: 00424284

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 627cc26754df0e5d4ac2449ef7fa78a92304547f29cb65040aa964a78537c4ea
Instruction ID: 464bc4534e7500a79cd72818e7fe6fdc88b43f9c3cedd93f67ec80ba9b13fbd8
Opcode Fuzzy Hash: 627cc26754df0e5d4ac2449ef7fa78a92304547f29cb65040aa964a78537c4ea
Instruction Fuzzy Hash: A8D05BE270113017C741BAED54C4AC577CC4B4825671540B7F904EF257C638CD404398

Function 0042CC50 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,004513D1,00000000,004513EA,?,-00000001,00000000), ref: 0042CC5B

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 36a704d27392c584da48404d951af4ee67a016d0087b0b4451a7b59f91f2b214
Instruction ID: 2bac27eb1d407cf782e128ad06cad9207e8ea826622c3fbf81ad2ed97ccd6d21
Opcode Fuzzy Hash: 36a704d27392c584da48404d951af4ee67a016d0087b0b4451a7b59f91f2b214
Instruction Fuzzy Hash: 4BD012E030129015DA1459BE29C979F02888B96735FA41F7BB96CE22E2E23DCC562018

Function 004621AC Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00462E18,00000000,00000000,00000000,0000000C,00000000), ref: 004621C4

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
Instruction ID: a3a9c25b9c80179eca176ae0059a0aa24e3542550d9dc9bac8dced773014ab2a
Opcode Fuzzy Hash: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
Instruction Fuzzy Hash: 0ED09272210A109F8364CAADC9C4C97B3ECEF4C2213004659E54AC3B15D664FC018BA0

Function 0042CC08 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,00000000,0045084B,00000000), ref: 0042CC13

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 2ad41afce022a7edf35b9913b4ba60846e4e43961883ad7ce5a0ddd1fe693583
Instruction ID: 1275fb06175802a4eec18308edc692cabbb6af922db63e061f4609c964e4cce9
Opcode Fuzzy Hash: 2ad41afce022a7edf35b9913b4ba60846e4e43961883ad7ce5a0ddd1fe693583
Instruction Fuzzy Hash: 41C08CE13022001A9A1065FE2CC511F02C8891423A3A42F37F42EE33D2DA3D8C17201A

Function 00406E60 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,0040A86C,0040CE18,?,00000000,?), ref: 00406E7D

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 789ee4ee8e8beaddf5e4773479f30132dbca981c419c15b8b597a9aeb85959e9
Instruction ID: fbce42704b7dd2fd8be74a622cf743b4adaa06f64be9adac3ea2875d17ee2119
Opcode Fuzzy Hash: 789ee4ee8e8beaddf5e4773479f30132dbca981c419c15b8b597a9aeb85959e9
Instruction Fuzzy Hash: EAC048A13C130032F92035A60C87F16008C5754F0AE60C43AB740BF1C2D8E9A818022C

Function 0041F344 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?,00000000), ref: 0041F358

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: aa2ab5d04534ce78fd06398472ac87fc8e200d4b6eb1d54961e47d4e7a3c3f50
Instruction ID: 48f25c4fc7afed193c39a16cc91a0304f94a1296cd048c63733264e3b5f0309e
Opcode Fuzzy Hash: aa2ab5d04534ce78fd06398472ac87fc8e200d4b6eb1d54961e47d4e7a3c3f50
Instruction Fuzzy Hash: D2D0C932100108AFDB018E94AC018677B69EB48210B148815FD0485221D633E831AA91

Function 00406EF0 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000,00492628,004906E1,00000000,00490736,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406EFB

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 34c222f4aa39b239facbaef86046878073365967e51e1b05f0a2c0fa4b12be0b
Instruction ID: f501027f96a9746725af0604134d36a8ca8c314a7ca2a7be08ed73c27bcd633e
Opcode Fuzzy Hash: 34c222f4aa39b239facbaef86046878073365967e51e1b05f0a2c0fa4b12be0b
Instruction Fuzzy Hash: 97B012E13D220A2ACE0079FE4CC191700CC462C6163405A3A3406EB1C3D93CC4180414

Function 00407248 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

SetCurrentDirectoryA.KERNEL32(00000000,?,0048FE4A,00000000,0049001D,?,?,00000005,00000000,00490051,?,?,00000000), ref: 00407253

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentDirectory
String ID:
API String ID: 1611563598-0
Opcode ID: 9535ee1be264027bcd2620f9ebef8565d8f2b6e57c19aceceeb3ce428e827e8a
Instruction ID: c18bf430a4858a09d5fd0626d157798880aaaa8ea81a5298b6cf69089c3012d4
Opcode Fuzzy Hash: 9535ee1be264027bcd2620f9ebef8565d8f2b6e57c19aceceeb3ce428e827e8a
Instruction Fuzzy Hash: B0B012E03D161B27CA0079FE4CC191A01CC46292163501B3A3006E71C3D83CC8080514

Function 0044F2F4 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,0044F500,00000000,?,004639BE,0000000C,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 0044F312

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: c7a475cd488f875e49ece2157d1206e67af3b2205c6f394a6688a0f7d43359a1
Instruction ID: 6ecd22b7d6a4bd64001c9983af65653951bcb0c24671cf7e7e2e4cdc083c116c
Opcode Fuzzy Hash: c7a475cd488f875e49ece2157d1206e67af3b2205c6f394a6688a0f7d43359a1
Instruction Fuzzy Hash: 17D0C9B44122059ADB109F65EA1431232A4F760346F08017BB400D2171CB799485CB0C

Function 0044FC44 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNEL32(?,?,004599C5,00000000,00459B68,?,00000000,00000002,00000002), ref: 0044FC4B

Part of subcall function 0044F9CC: GetLastError.KERNEL32(0044F7E8,0044FA8E,?,00000000,?,0048FEBC,00000001,00000000,00000002,00000000,0049001D,?,?,00000005,00000000,00490051), ref: 0044F9CF

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLast
String ID:
API String ID: 734332943-0
Opcode ID: 8565589d8368efb46956d1874a8e26a129873ee61e8d9e49f27d8550732299f7
Instruction ID: 11690378e1580f57f3c17dd11fe21b7b3ca8148d791c98b53b9e0a2d440cb67b
Opcode Fuzzy Hash: 8565589d8368efb46956d1874a8e26a129873ee61e8d9e49f27d8550732299f7
Instruction Fuzzy Hash: 4DC04CA130055197DF00A6AE85C1A0767D86E083083505076B909CF217E668D8044A18

Function 0042E23B Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,0042E259), ref: 0042E24C

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 0a051d32a78ad3617f7ea1dbaf78ac9652f3e2ca0c092313af1445ab26d6b84d
Instruction ID: 74ebc363d3dd9adc156b0186d58570fa2bbeeb99e87a8c897359723e7ad10afe
Opcode Fuzzy Hash: 0a051d32a78ad3617f7ea1dbaf78ac9652f3e2ca0c092313af1445ab26d6b84d
Instruction Fuzzy Hash: ABB09B7670C6009DB709D6D6755552D63D8D7C47203E145B7F015E2580D53C58004928

Function 00476344 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,0047A6D6), ref: 0047635A

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 89572602d291b516dbb91569fe541cff3f70df9bb6bcb712ac8eb03508536d17
Instruction ID: 33d8f5f36b897b4a22f09290cd909843d3577c0e39989f8199a04e4b2ecda284
Opcode Fuzzy Hash: 89572602d291b516dbb91569fe541cff3f70df9bb6bcb712ac8eb03508536d17
Instruction Fuzzy Hash: A8C002715507409EC760EF75DD8474536E4B716716F55C5375804DA160EB348A84CF08

Function 0047A908 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

PostMessageA.USER32(00000000,00000012,00000000,00000000), ref: 0047A910

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: fd921ee12ed53937ef9beeb787a8c4516caee7dc516e45fafbf488b4906553f2
Instruction ID: 99d67813a2b21335afc3d4281e01727494b67aba3c321737ecd4854f4d206f17
Opcode Fuzzy Hash: fd921ee12ed53937ef9beeb787a8c4516caee7dc516e45fafbf488b4906553f2
Instruction Fuzzy Hash: 5EA002343D530570F470A2514D03F5400001744F15EE1405573093D0C304D92428201E

Function 00406EDC Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,?,00000000), ref: 00406EE1

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 2b7715437b97f5ee2490ed70c3dc45042df1d0f416209c13716975d1de1a2196
Instruction ID: 8ab35750f3efd4d99fa83ee5673b62d8a6256d966d57501d01fbbdede9c777f2
Opcode Fuzzy Hash: 2b7715437b97f5ee2490ed70c3dc45042df1d0f416209c13716975d1de1a2196
Instruction Fuzzy Hash: 459002D465160138F81462614C5BF3B001CD7C0B14FD0465D3100A50C254AC6C000879

Function 00416594 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

73A25CF0.USER32(?), ref: 0041659B

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da20a264590b8da76bcc673a24629bda81143ece4f0058ab807c22f450b41b4b
Instruction ID: 444a78761fbc6a727879d8c4239369b0bde5fc0390465f01f64749401816922a
Opcode Fuzzy Hash: da20a264590b8da76bcc673a24629bda81143ece4f0058ab807c22f450b41b4b
Instruction Fuzzy Hash: CDA002756015049ADE04A7A5C849F662298BB44204FC915F971449B092C53C99008E58

Function 0045B160 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0045B1F0

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 40e67bd12d84b901d644a32061550c5eab03b59ca4c5dcb87dd2f004890e4884
Instruction ID: 4e53742ce62a887a6b6d1ed8658a57c71b670a96a09bd10cc268158586706a5e
Opcode Fuzzy Hash: 40e67bd12d84b901d644a32061550c5eab03b59ca4c5dcb87dd2f004890e4884
Instruction Fuzzy Hash: D01175716006049BDB00EF15C88175B77A4EF8435AF04846AFD589B2C7DB38EC09CBEA

Function 0041F36C Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041ED4C,?,00423837,00423BB4,0041ED4C), ref: 0041F38A

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 12d8c903e1d35d4ed3e61744099085c4d88952c6e60055fc50c96d732ccf1ffc
Instruction ID: 0cc0efa10282cde451e00f43d434c8f6590961a15256f6519a3dd582a972fe71
Opcode Fuzzy Hash: 12d8c903e1d35d4ed3e61744099085c4d88952c6e60055fc50c96d732ccf1ffc
Instruction Fuzzy Hash: 21115E746407059BC710DF19C880B86FBE5EF98750F10C53BE9A88B785D374E945CBA9

Function 00451740 Relevance: 1.3, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,004517A9), ref: 0045178B

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 0cb30aea8e3a05673a7cba1544d5d7a5fd50794015932abe3ecd9c104f2fad2b
Instruction ID: 09dacfa996f3112939fbf8ed8dcb85d913dce43742346e85e53a3a3cb706c9d1
Opcode Fuzzy Hash: 0cb30aea8e3a05673a7cba1544d5d7a5fd50794015932abe3ecd9c104f2fad2b
Instruction Fuzzy Hash: 5E01FC396042486F8B11DF699C019AEBBECDB4D32076082B7EC68D3351D7344D159664

Function 0045B108 Relevance: 1.3, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,0045B1E6), ref: 0045B11F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 738f9e8baf208e14bafd32a0a90fff7df9624ba6fd4da3bc033a9b1b79592317
Instruction ID: 6d5ad091bc6b63f34aeb1917c6f1250fd7e3330d7d8b7736af9f6265ced051ec
Opcode Fuzzy Hash: 738f9e8baf208e14bafd32a0a90fff7df9624ba6fd4da3bc033a9b1b79592317
Instruction Fuzzy Hash: 5BD0E9B17557045BDF90EE794C81B1677D8BB48741F5044766904DB286E774E8048A58

Non-executed Functions

Function 0044AD34 Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 252libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 0044ACE0: GetVersionExA.KERNEL32(00000094), ref: 0044ACFD

LoadLibraryA.KERNEL32(uxtheme.dll,?,0044EE61,00490B49), ref: 0044AD5B
GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044AD73
GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044AD85
GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044AD97
GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044ADA9
GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044ADBB
GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044ADCD
GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044ADDF
GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044ADF1
GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044AE03
GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044AE15
GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044AE27
GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044AE39
GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044AE4B
GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044AE5D
GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044AE6F
GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044AE81
GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044AE93
GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0044AEA5
GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0044AEB7
GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0044AEC9
GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0044AEDB
GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0044AEED
GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0044AEFF
GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0044AF11
GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0044AF23
GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0044AF35
GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0044AF47
GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0044AF59
GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0044AF6B
GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0044AF7D
GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0044AF8F
GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0044AFA1
GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0044AFB3
GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0044AFC5
GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0044AFD7
GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0044AFE9
GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0044AFFB
GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0044B00D
GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0044B01F
GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0044B031
GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0044B043
GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0044B055
GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0044B067
GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0044B079
GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0044B08B
GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0044B09D
GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0044B0AF

Strings

GetThemeBackgroundRegion, xrefs: 0044AE0D
GetThemeBool, xrefs: 0044AEAF
GetThemeAppProperties, xrefs: 0044B04D
DrawThemeEdge, xrefs: 0044AE31
GetThemeMargins, xrefs: 0044AF1B
GetThemeFilename, xrefs: 0044AF63
HitTestThemeBackground, xrefs: 0044AE1F
GetThemeTextExtent, xrefs: 0044ADE9
GetThemeIntList, xrefs: 0044AF2D
DrawThemeBackground, xrefs: 0044AD8F
GetThemeTextMetrics, xrefs: 0044ADFB
GetThemeInt, xrefs: 0044AEC1
GetThemePosition, xrefs: 0044AEE5
GetThemePropertyOrigin, xrefs: 0044AF3F
EnableThemeDialogTexture, xrefs: 0044B029
GetThemeBackgroundContentRect, xrefs: 0044ADB3, 0044ADC5
GetThemeMetric, xrefs: 0044AE8B
IsThemePartDefined, xrefs: 0044AE55
GetThemeEnumValue, xrefs: 0044AED3
GetThemeSysColor, xrefs: 0044AF75
OpenThemeData, xrefs: 0044AD6B
IsAppThemed, xrefs: 0044B005
GetThemeSysColorBrush, xrefs: 0044AF87
GetCurrentThemeName, xrefs: 0044B071
IsThemeActive, xrefs: 0044AFF3
GetThemeColor, xrefs: 0044AE79
GetThemeRect, xrefs: 0044AF09
SetWindowTheme, xrefs: 0044AF51
GetThemeSysSize, xrefs: 0044AFAB
SetThemeAppProperties, xrefs: 0044B05F
IsThemeBackgroundPartiallyTransparent, xrefs: 0044AE67
GetThemeSysInt, xrefs: 0044AFE1
uxtheme.dll, xrefs: 0044AD56
EnableTheming, xrefs: 0044B0A7
DrawThemeText, xrefs: 0044ADA1
GetThemeDocumentationProperty, xrefs: 0044B083
GetThemeString, xrefs: 0044AE9D
IsThemeDialogTextureEnabled, xrefs: 0044B03B
CloseThemeData, xrefs: 0044AD7D
DrawThemeParentBackground, xrefs: 0044B095
GetThemeSysString, xrefs: 0044AFCF
GetThemeSysBool, xrefs: 0044AF99
GetThemeFont, xrefs: 0044AEF7
GetThemeSysFont, xrefs: 0044AFBD
GetWindowTheme, xrefs: 0044B017
GetThemePartSize, xrefs: 0044ADD7
DrawThemeIcon, xrefs: 0044AE43

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$LibraryLoadVersion
String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
API String ID: 1968650500-2910565190
Opcode ID: 8e47860778318749720a18b19026728520ae29cba2d0c5025aa9374497ebba70
Instruction ID: 5169d35cc0c40435630ad3afe2d7a88fabdc5ea4a28e3ebae144798e7e1bad85
Opcode Fuzzy Hash: 8e47860778318749720a18b19026728520ae29cba2d0c5025aa9374497ebba70
Instruction Fuzzy Hash: 1891D6B0A40B50EBEF00EFF59DC6A2636A8EB15B14714457BB444EF295D7B8C804CF99

Function 004566B8 Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 186pipeprocessfileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0045671F
QueryPerformanceCounter.KERNEL32(00000000,00000000,004569B2,?,?,00000000,00000000,?,004570AE,?,00000000,00000000), ref: 00456728
GetSystemTimeAsFileTime.KERNEL32(00000000,00000000), ref: 00456732
GetCurrentProcessId.KERNEL32(?,00000000,00000000,004569B2,?,?,00000000,00000000,?,004570AE,?,00000000,00000000), ref: 0045673B
CreateNamedPipeA.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 004567B1
GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000,?,00000000,00000000), ref: 004567BF
CreateFileA.KERNEL32(00000000,C0000000,00000000,00491A80,00000003,00000000,00000000,00000000,0045696E), ref: 00456807
SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,0045695D,?,00000000,C0000000,00000000,00491A80,00000003,00000000,00000000,00000000,0045696E), ref: 00456840

Part of subcall function 0042D7A8: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D7BB

CreateProcessA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 004568E9
CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0045691F
CloseHandle.KERNEL32(000000FF,00456964,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00456957

Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B

Strings

\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x, xrefs: 00456787
Helper process PID: %u, xrefs: 0045693C
Cannot utilize 64-bit features on this version of Windows, xrefs: 00456700
CreateFile, xrefs: 00456815
helper %d 0x%x, xrefs: 004568C8
Starting 64-bit helper process., xrefs: 004566ED
CreateProcess, xrefs: 004568F2
CreateNamedPipe, xrefs: 004567CF
SetNamedPipeHandleState, xrefs: 00456849
D, xrefs: 00456862
h, xrefs: 0045689C
64-bit helper EXE wasn't extracted, xrefs: 00456713

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$h$helper %d 0x%x
API String ID: 770386003-3739555822
Opcode ID: 511ac07a6f16eab246a5010f175ee30873f5ce9ce0bbe421f575c89b33f0ddce
Instruction ID: 11cc02d5b4c65d74a0167c6227b1ef0bb38041da715edce79722e55ed4dc78f9
Opcode Fuzzy Hash: 511ac07a6f16eab246a5010f175ee30873f5ce9ce0bbe421f575c89b33f0ddce
Instruction Fuzzy Hash: FD713370A00744AEDB11DB69CC41B9EBBF8EB09305F5181BAF908FB282D7785944CF69

Function 0045A0E8 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 172libraryloadermemoryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32 ref: 0045A102
GetModuleHandleA.KERNEL32(advapi32.dll), ref: 0045A122
GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoA), ref: 0045A12F
GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoA), ref: 0045A13C
GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 0045A14A
AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045A31E), ref: 0045A1E9
GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045A31E), ref: 0045A1F2
LocalFree.KERNEL32(?,0045A2CC), ref: 0045A2BF

Strings

SetEntriesInAclW, xrefs: 0045A144
GetNamedSecurityInfoA, xrefs: 0045A129
advapi32.dll, xrefs: 0045A11D
SetNamedSecurityInfoA, xrefs: 0045A136
W, xrefs: 0045A200

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$AllocateErrorFreeHandleInitializeLastLocalModuleVersion
String ID: GetNamedSecurityInfoA$SetEntriesInAclW$SetNamedSecurityInfoA$W$advapi32.dll
API String ID: 4088882585-3389539026
Opcode ID: 23972e836f43ceaa603229ab9895b7a465ff4bffcad2d0873925f749a3d20612
Instruction ID: 53dbb0a0fcd2a75aff2a5c1782a6a4235bf2da2959e2968fa151a2620b62acf5
Opcode Fuzzy Hash: 23972e836f43ceaa603229ab9895b7a465ff4bffcad2d0873925f749a3d20612
Instruction Fuzzy Hash: 045182B1900608AFDB10DF99C845BAEB7F8EB08315F10816AF904F7382D2799E55CF69

Function 00471D70 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 77COMMON

Download Yara Rule

APIs

ShellExecuteEx.SHELL32(0000003C), ref: 00471DC3
GetLastError.KERNEL32(-00000010,?), ref: 00471DCC
MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00471E19
GetExitCodeProcess.KERNEL32(00000000,00000000), ref: 00471E3D
CloseHandle.KERNEL32(00000000,00471E6E,00000000,00000000,000000FF,000000FF,00000000,00471E67,?,-00000010,?), ref: 00471E61

Strings

<, xrefs: 00471D8E
GetExitCodeProcess, xrefs: 00471E46
ShellExecuteEx returned hProcess=0, xrefs: 00471DED
MsgWaitForMultipleObjects, xrefs: 00471E26
ShellExecuteEx, xrefs: 00471DDD
runas, xrefs: 00471D9C

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCodeErrorExecuteExitHandleLastMultipleObjectsProcessShellWait
String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
API String ID: 171997614-221126205
Opcode ID: 0340b1e33f74f9816b06a37a5cdb42b4546e337b2196abe928d3c5f099f1283d
Instruction ID: 5ecb40f87429d7d11547f51ae298583b800dd69eb7e736ddd6194e700b57543d
Opcode Fuzzy Hash: 0340b1e33f74f9816b06a37a5cdb42b4546e337b2196abe928d3c5f099f1283d
Instruction Fuzzy Hash: 73216574A40104AADB10EBAD8842BDE76A8DF05358F50843BF908E72A1DB7C99458B5D

Function 0041832C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0041833B
GetWindowPlacement.USER32(?,0000002C), ref: 00418358
GetWindowRect.USER32(?), ref: 00418374
GetWindowLongA.USER32(?,000000F0), ref: 00418382
GetWindowLongA.USER32(?,000000F8), ref: 00418397
ScreenToClient.USER32(00000000), ref: 004183A0
ScreenToClient.USER32(00000000,?), ref: 004183AB

Strings

,, xrefs: 00418344

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$ClientLongScreen$IconicPlacementRect
String ID: ,
API String ID: 2266315723-3772416878
Opcode ID: e846b1d96ad6d403d5ac4900d6db5fa2b4fc685dffe037c5368f6a7b37d89c4b
Instruction ID: acb8bb2f18b9e5a8d0717189301f77369ef91ad6b472dfe09f3ff812f2607344
Opcode Fuzzy Hash: e846b1d96ad6d403d5ac4900d6db5fa2b4fc685dffe037c5368f6a7b37d89c4b
Instruction Fuzzy Hash: 70111971505201AFDB00DF69C885F9B77E8AF49314F18067EBD58DB286C739D900CBA9

Function 00453AF8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028), ref: 00453B07
OpenProcessToken.ADVAPI32(00000000,00000028), ref: 00453B0D
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00453B26
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 00453B4D
GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 00453B52
ExitWindowsEx.USER32(00000002,00000000), ref: 00453B63

Strings

SeShutdownPrivilege, xrefs: 00453B1F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: 982ff0191f50bbd9cd411f2d5bf63d981ee67892c17860e9fb891ba62e1030d4
Instruction ID: 7f7469d741d4a2fc9540d00a6168bb4e8b3a9b73c98c3c4e7b422180d550d177
Opcode Fuzzy Hash: 982ff0191f50bbd9cd411f2d5bf63d981ee67892c17860e9fb891ba62e1030d4
Instruction Fuzzy Hash: E6F06870684302B5E610AE768D07F6B6188974078AF50092ABD45EA1C3D6BDEA0C4A3E

Function 00490094 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000000,004901D2,?,?,00000000,00492628,?,0049035C,00000000,004903B0,?,?,00000000,00492628), ref: 004900EB
SetFileAttributesA.KERNEL32(00000000,00000010), ref: 0049016E
FindNextFileA.KERNEL32(000000FF,?,00000000,004901AA,?,00000000,?,00000000,004901D2,?,?,00000000,00492628,?,0049035C,00000000), ref: 00490186
FindClose.KERNEL32(000000FF,004901B1,004901AA,?,00000000,?,00000000,004901D2,?,?,00000000,00492628,?,0049035C,00000000,004903B0), ref: 004901A4

Strings

isRS-, xrefs: 0049010B
isRS-???.tmp, xrefs: 004900D5

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstNext
String ID: isRS-$isRS-???.tmp
API String ID: 134685335-3422211394
Opcode ID: 09ff16532715b99db4a6998c5bb492729a1ab865c720f1ffe18b57c269928369
Instruction ID: aeb5e1c6dec8106b2d0d5562d2962c543317903ced43ff168440b54f7dc1d23c
Opcode Fuzzy Hash: 09ff16532715b99db4a6998c5bb492729a1ab865c720f1ffe18b57c269928369
Instruction Fuzzy Hash: E1318671A006186FDF14EF65CC42ACEBBBDDB49314F5184B7A808B32A1D7389F458E58

Function 00476A70 Relevance: 9.2, APIs: 6, Instructions: 195fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,?,00000000,?,00000000,00476D36,?,00000000,?,00000000,?,00476E7A,00000000,00000000), ref: 00476AD1
FindNextFileA.KERNEL32(000000FF,?,00000000,00476BE1,?,00000000,?,?,00000000,?,00000000,00476D36,?,00000000,?,00000000), ref: 00476BBD
FindClose.KERNEL32(000000FF,00476BE8,00476BE1,?,00000000,?,?,00000000,?,00000000,00476D36,?,00000000,?,00000000), ref: 00476BDB
FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,00000000,?,00000000,00476D36,?,00000000,?,00000000,?,00476E7A,00000000), ref: 00476C34

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$File$First$CloseNext
String ID:
API String ID: 2001080981-0
Opcode ID: 40b87f1a6685737baa159b74f92e65737ad1715135c55a15da39ee125fd6b7f2
Instruction ID: 14931f8a0e3cac93bb735ea196381e3f6523e98b7e5ca17cfb4e14f2e37d7476
Opcode Fuzzy Hash: 40b87f1a6685737baa159b74f92e65737ad1715135c55a15da39ee125fd6b7f2
Instruction Fuzzy Hash: 8F716F7090061DAFCF21EFA5CC41ADFBBB9EB49304F5184AAE408A7291D7399A45CF58

Function 004551F4 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 235windownativeCOMMON

Download Yara Rule

APIs

PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00455271
PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00455298
SetForegroundWindow.USER32(?), ref: 004552A9
NtdllDefWindowProc_A.USER32(00000000,?,?,?,00000000,00455574,?,00000000,004555B0), ref: 0045555F

Strings

Cannot evaluate variable because [Code] isn't running yet, xrefs: 004553E9

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessagePostWindow$ForegroundNtdllProc_
String ID: Cannot evaluate variable because [Code] isn't running yet
API String ID: 2236967946-3182603685
Opcode ID: 504720f44a5762c8e8facb0def36ab17b5cf8fc5b6b6c913f36fdb2ae81dc04e
Instruction ID: 392021ee4ceeb38a924916f9eb287e4a04e01d199228d5f5cdfc091a65a304ea
Opcode Fuzzy Hash: 504720f44a5762c8e8facb0def36ab17b5cf8fc5b6b6c913f36fdb2ae81dc04e
Instruction Fuzzy Hash: 2C91F134604604EFD701CF55C961F6ABBF5EB89701F2080BAF80497796D678AE04DF18

Function 00417C78 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 00417CB7
SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417CD5
GetWindowPlacement.USER32(?,0000002C), ref: 00417D0B
SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D32

Strings

,, xrefs: 00417CF9

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Placement$Iconic
String ID: ,
API String ID: 568898626-3772416878
Opcode ID: 1384c885decf350a388a6044328c4ef6f341b8841973c44ec72f33afddd09757
Instruction ID: 3ed2450f0a7179b47446a38646254312085a05cbd9a13da21c4f815be273b126
Opcode Fuzzy Hash: 1384c885decf350a388a6044328c4ef6f341b8841973c44ec72f33afddd09757
Instruction Fuzzy Hash: 26214CB16002089BDF10EF69D8C0ADA77A8AF48314F55856AFD18DF246D638E845CBA8

Function 0045F3A4 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001,00000000,0045F561), ref: 0045F3D5
FindFirstFileA.KERNEL32(00000000,?,00000000,0045F534,?,00000001,00000000,0045F561), ref: 0045F464
FindNextFileA.KERNEL32(000000FF,?,00000000,0045F516,?,00000000,?,00000000,0045F534,?,00000001,00000000,0045F561), ref: 0045F4F6
FindClose.KERNEL32(000000FF,0045F51D,0045F516,?,00000000,?,00000000,0045F534,?,00000001,00000000,0045F561), ref: 0045F510

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$File$CloseErrorFirstModeNext
String ID:
API String ID: 4011626565-0
Opcode ID: 305cc1977778de4b63e7068b89b104946028e780bebf85b37a9afee82aba0e33
Instruction ID: e743b63e75f8199e1de71fb1591aa20c9e7e702e030350ab1363ce7340e32dce
Opcode Fuzzy Hash: 305cc1977778de4b63e7068b89b104946028e780bebf85b37a9afee82aba0e33
Instruction Fuzzy Hash: 48416870A00618AFCB11EF65DC45ADEB7B8EB48315F4044BAF804A7392D63C9E4D8E59

Function 0045F820 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001,00000000,0045FA07), ref: 0045F895
FindFirstFileA.KERNEL32(00000000,?,00000000,0045F9D2,?,00000001,00000000,0045FA07), ref: 0045F8DB
FindNextFileA.KERNEL32(000000FF,?,00000000,0045F9B4,?,00000000,?,00000000,0045F9D2,?,00000001,00000000,0045FA07), ref: 0045F990
FindClose.KERNEL32(000000FF,0045F9BB,0045F9B4,?,00000000,?,00000000,0045F9D2,?,00000001,00000000,0045FA07), ref: 0045F9AE

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$File$CloseErrorFirstModeNext
String ID:
API String ID: 4011626565-0
Opcode ID: f1acbeb17d1b649c274c0889d0b636bd6c7d568d95ef17c93ff0e7940010bea6
Instruction ID: b06fad13edd5318fdfd495eee050f4f7a9e8aa821ad8a724925d5bb9b3bb6141
Opcode Fuzzy Hash: f1acbeb17d1b649c274c0889d0b636bd6c7d568d95ef17c93ff0e7940010bea6
Instruction Fuzzy Hash: E1414471A00A18ABCB11EF65CC859DEB7B9EF88315F5044B6FC04E7341D7389E488E59

Function 0042E6CC Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004516BB,00000000,004516DC), ref: 0042E6EE
DeviceIoControl.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000), ref: 0042E719
GetLastError.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004516BB,00000000,004516DC), ref: 0042E726
CloseHandle.KERNEL32(00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004516BB,00000000,004516DC), ref: 0042E72E
SetLastError.KERNEL32(00000000,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004516BB,00000000,004516DC), ref: 0042E734

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$CloseControlCreateDeviceFileHandle
String ID:
API String ID: 1177325624-0
Opcode ID: 3ccb011e9c286beb34ccccd52485b63eeaab2336a0fd19c5ca34d7f1c19b795a
Instruction ID: 1e70605f52ae136b2496113c77cf63f65d5ab7d673e450a7d96165da6ee8aff6
Opcode Fuzzy Hash: 3ccb011e9c286beb34ccccd52485b63eeaab2336a0fd19c5ca34d7f1c19b795a
Instruction Fuzzy Hash: 85F0CD713917203AF620B17A6C82F7B428C8785B68F10823ABB04FF1C1D9A84C05056D

Function 0047C25C Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0047C29A
GetWindowLongA.USER32(00000000,000000F0), ref: 0047C2B8
ShowWindow.USER32(00000000,00000005,00000000,000000F0,00492F5C,0047BAE6,0047BB1A,00000000,0047BB3A,?,?,00000001,00492F5C), ref: 0047C2DA
ShowWindow.USER32(00000000,00000000,00000000,000000F0,00492F5C,0047BAE6,0047BB1A,00000000,0047BB3A,?,?,00000001,00492F5C), ref: 0047C2EE

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Show$IconicLong
String ID:
API String ID: 2754861897-0
Opcode ID: a4c9e9c356362a3b4698770b4c5553ec45d2d1930899dfa6bdfed1183fed6d3c
Instruction ID: fd372386a479fdc92fac3e2ef30eced7ce39e9e6ab59154070fbeb580aa605ee
Opcode Fuzzy Hash: a4c9e9c356362a3b4698770b4c5553ec45d2d1930899dfa6bdfed1183fed6d3c
Instruction Fuzzy Hash: E9017970E44245B6D710A7B5DD85FE633D56B15304F1840BFB8099B2A7CBBDCC42961C

Function 0045DE20 Relevance: 4.6, APIs: 3, Instructions: 67fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000000,0045DEF4), ref: 0045DE78
FindNextFileA.KERNEL32(000000FF,?,00000000,0045DED4,?,00000000,?,00000000,0045DEF4), ref: 0045DEB4
FindClose.KERNEL32(000000FF,0045DEDB,0045DED4,?,00000000,?,00000000,0045DEF4), ref: 0045DECE

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: ed12a9da56b9c1ab2415d3ac26c5391a6871791410ebf06465b8bc1c2126addc
Instruction ID: 32c984a38fc023b26ff7fc855e6f7d071233f0675ee5b85f89907f23cc5ee99f
Opcode Fuzzy Hash: ed12a9da56b9c1ab2415d3ac26c5391a6871791410ebf06465b8bc1c2126addc
Instruction Fuzzy Hash: D121DB31D046086EDB31EB65CC42ADEB7BCDF49705F5044B7EC08E6562D63C9D49CA18

Function 00424184 Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0042418C
SetActiveWindow.USER32(?,?,?,0046781F), ref: 00424199

Part of subcall function 004235F4: ShowWindow.USER32(004105F8,00000009,?,00000000,0041ED4C,004238E2,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4), ref: 0042360F

Part of subcall function 00423ABC: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,021325AC,004241B2,?,?,?,0046781F), ref: 00423AF7

SetFocus.USER32(00000000,?,?,?,0046781F), ref: 004241C6

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$ActiveFocusIconicShow
String ID:
API String ID: 649377781-0
Opcode ID: abf3d26623ce3f5f1df30a1bb2ccc38e960545179f371c4c6c880d0d7118eb6a
Instruction ID: 9d7b97b1588b57ef25092538823a17ee25a728ca1780dde3acf0986de5f54100
Opcode Fuzzy Hash: abf3d26623ce3f5f1df30a1bb2ccc38e960545179f371c4c6c880d0d7118eb6a
Instruction Fuzzy Hash: 36F03A717001209BCB00AFAAECC5B9632A8AF18304B55017BBC08DF34BCABCDD5187A8

Function 00417C76 Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 00417CB7
SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417CD5
GetWindowPlacement.USER32(?,0000002C), ref: 00417D0B
SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D32

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Placement$Iconic
String ID:
API String ID: 568898626-0
Opcode ID: ccf45bac815ac9650c1eda7d7ee920735da51ae8acefeeb5a5ed1e1968a9009b
Instruction ID: 69af1cea5ab0db390c44c228a9afcc828c7f08346dc1f1cf855d2dc861a92e07
Opcode Fuzzy Hash: ccf45bac815ac9650c1eda7d7ee920735da51ae8acefeeb5a5ed1e1968a9009b
Instruction Fuzzy Hash: AF018471204104ABDB20EE69DCC1EEB77A8AF54324F158166FD0CCF246E639EC8187E8

Function 00417540 Relevance: 3.0, APIs: 2, Instructions: 44windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0041756B
GetCapture.USER32 ref: 00417574

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CaptureIconic
String ID:
API String ID: 2277910766-0
Opcode ID: 91823dd687394a4ed8ee48a39c45190aee43210de23b0732d742fca1e8511f91
Instruction ID: f3ef26a9ec4c3639b3254842bc08cf6d9feb289c2be9135b2bbb431e5f50db89
Opcode Fuzzy Hash: 91823dd687394a4ed8ee48a39c45190aee43210de23b0732d742fca1e8511f91
Instruction Fuzzy Hash: B6F03171315601ABD720962AC885AAB72B69F84319B14483BE41ACBB55EB78DCC58258

Function 0042413C Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 00424143

Part of subcall function 00423A2C: EnumWindows.USER32(004239C4), ref: 00423A50
Part of subcall function 00423A2C: GetWindow.USER32(?,00000003), ref: 00423A65
Part of subcall function 00423A2C: GetWindowLongA.USER32(?,000000EC), ref: 00423A74
Part of subcall function 00423A2C: SetWindowPos.USER32(00000000,00424104,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,00424153,?,?,00423D1B), ref: 00423AAA

SetActiveWindow.USER32(?,?,?,00423D1B,00000000,00424104), ref: 00424157

Part of subcall function 004235F4: ShowWindow.USER32(004105F8,00000009,?,00000000,0041ED4C,004238E2,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4), ref: 0042360F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$ActiveEnumIconicLongShowWindows
String ID:
API String ID: 2671590913-0
Opcode ID: 657f3c15db0d6cf34cada4c58ec239c69b7baa88831cd667e440955cb53f6524
Instruction ID: d512277381545323e1bd2a4b4845e65b82e595a2bd73893c0d57f68d30832658
Opcode Fuzzy Hash: 657f3c15db0d6cf34cada4c58ec239c69b7baa88831cd667e440955cb53f6524
Instruction Fuzzy Hash: B0E01AA1B0010097EB00EF69DCC9B9672A8BF58304F55017ABC0CCF24BD67CC8908724

Function 00412580 Relevance: 1.7, APIs: 1, Instructions: 188nativeCOMMON

Download Yara Rule

APIs

NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,0041277D), ref: 0041276B

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: NtdllProc_Window
String ID:
API String ID: 4255912815-0
Opcode ID: 84af43a7efb99244d046e7d510ceccf456a9c98264e621075b9ccc522f6ffcaf
Instruction ID: 0d09216766d9d5b385ece6e8cba1e36b912c6a1774b5342391935a21d5851d13
Opcode Fuzzy Hash: 84af43a7efb99244d046e7d510ceccf456a9c98264e621075b9ccc522f6ffcaf
Instruction Fuzzy Hash: 7551F431204205DFCB14DB6ADA81A9BF3E5FF98314B20817BE814C3791DBB8AC92C758

Function 004722D4 Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON

Download Yara Rule

APIs

NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 00472422

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: NtdllProc_Window
String ID:
API String ID: 4255912815-0
Opcode ID: a5a8acde2ea139e8bd48252c6c24868853d47a4937822392afe82ac5ea5e748c
Instruction ID: c3992268c3801ed1beac7631f2e5f9cad90702d4ee9162ede732c10c083e2767
Opcode Fuzzy Hash: a5a8acde2ea139e8bd48252c6c24868853d47a4937822392afe82ac5ea5e748c
Instruction Fuzzy Hash: 5F413575604108DFCB10CFA9D7809AAB7F5FB48310B25C996E848DB301D3BCEE41AB55

Function 0042ED38 Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON

Download Yara Rule

APIs

NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0042ED54

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: NtdllProc_Window
String ID:
API String ID: 4255912815-0
Opcode ID: 1618573b336cfe43e6365c49c1add1a31867e84e149d2e83090908c597df2fde
Instruction ID: 530d004986d911579cf02e8422d66cb1dcb863e7172150f09f51376a0a0a5638
Opcode Fuzzy Hash: 1618573b336cfe43e6365c49c1add1a31867e84e149d2e83090908c597df2fde
Instruction Fuzzy Hash: 64D0A77121010DAFCB00DE9AE840D6F33ACEB88700BA0C806F518C7201C234EC108BB4

Function 0048A9FC Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 431sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000,00000000,0048AEF1,?,?,?,?,00000000,00000000,00000000), ref: 0048AA3C
FindWindowA.USER32(00000000,00000000), ref: 0048AA6D

Strings

SENDBROADCASTNOTIFYMESSAGE, xrefs: 0048ACAB
SENDBROADCASTMESSAGE, xrefs: 0048AC09
LOADDLL, xrefs: 0048ACFF
POSTMESSAGE, xrefs: 0048AB17
FINDWINDOWBYCLASSNAME, xrefs: 0048AA49
SENDNOTIFYMESSAGE, xrefs: 0048AB73
REGISTERWINDOWMESSAGE, xrefs: 0048ABCF
CHARTOOEMBUFF, xrefs: 0048AE92
SENDMESSAGE, xrefs: 0048AAC1
FREEDLL, xrefs: 0048ADE8
CREATEMUTEX, xrefs: 0048AE1D
CALLDLLPROC, xrefs: 0048AD61
FINDWINDOWBYWINDOWNAME, xrefs: 0048AA85
OEMTOCHARBUFF, xrefs: 0048AE4F
SLEEP, xrefs: 0048AA26
POSTBROADCASTMESSAGE, xrefs: 0048AC57

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FindSleepWindow
String ID: CALLDLLPROC$CHARTOOEMBUFF$CREATEMUTEX$FINDWINDOWBYCLASSNAME$FINDWINDOWBYWINDOWNAME$FREEDLL$LOADDLL$OEMTOCHARBUFF$POSTBROADCASTMESSAGE$POSTMESSAGE$REGISTERWINDOWMESSAGE$SENDBROADCASTMESSAGE$SENDBROADCASTNOTIFYMESSAGE$SENDMESSAGE$SENDNOTIFYMESSAGE$SLEEP
API String ID: 3078808852-3310373309
Opcode ID: 6c535dff48149e348be4f17223c4b33e43e766748f1db67647feb292777d2e31
Instruction ID: 235d6cf6b0db6f7ade2b2b1cdaf506c84c5948104d9e726c8462171498c33706
Opcode Fuzzy Hash: 6c535dff48149e348be4f17223c4b33e43e766748f1db67647feb292777d2e31
Instruction Fuzzy Hash: 52C183A0B402116BE714BF3E8C4252E559A9F95705B12CD3FB406DB78ACEBCDC1A435E

Function 00455F9C Relevance: 47.5, APIs: 11, Strings: 16, Instructions: 237filesynchronizationprocessCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32(00491A74,00000001,00000000,00000000,004562D1,?,?,?,00000001,?,004564EB,00000000,00456501,?,00000000,00492628), ref: 00455FE9
CreateFileMappingA.KERNEL32(000000FF,00491A74,00000004,00000000,00002018,00000000), ref: 00456021
MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00002018,00000000,004562A7,?,00491A74,00000001,00000000,00000000,004562D1,?,?,?), ref: 00456048
CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00456155
ReleaseMutex.KERNEL32(00000000,00000000,00000002,00000000,00000000,00002018,00000000,004562A7,?,00491A74,00000001,00000000,00000000,004562D1), ref: 004560AD

Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B

CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 0045616C
WaitForSingleObject.KERNEL32(00000000,000000FF,?,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 004561A5
GetLastError.KERNEL32(00000000,000000FF,?,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 004561B7
UnmapViewOfFile.KERNEL32(00000000,004562AE,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00456289
CloseHandle.KERNEL32(00000000,004562AE,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00456298
CloseHandle.KERNEL32(00000000,004562AE,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 004562A1

Strings

_isetup\_RegDLL.tmp, xrefs: 004560D3
ReleaseMutex, xrefs: 004560B6
GetProcAddress, xrefs: 00456215
D, xrefs: 00456116
REGDLL mutex wait failed (%d, %d), xrefs: 004561CB
MapViewOfFile, xrefs: 00456056
REGDLL returned unknown result code %d, xrefs: 00456268
Spawning _RegDLL.tmp, xrefs: 00455FC8
REGDLL failed with exit code 0x%x, xrefs: 00456195
CreateProcess, xrefs: 0045615E
dE, xrefs: 004560DD, 00456143, 004560E0
CreateMutex, xrefs: 00455FF7
OleInitialize, xrefs: 004561F1
LoadLibrary, xrefs: 00456203
_RegDLL.tmp %u %u, xrefs: 004560FD
CreateFileMapping, xrefs: 0045602F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreateFileHandle$ErrorLastMutexView$MappingObjectProcessReleaseSingleUnmapWait
String ID: CreateFileMapping$CreateMutex$CreateProcess$D$GetProcAddress$LoadLibrary$MapViewOfFile$OleInitialize$REGDLL failed with exit code 0x%x$REGDLL mutex wait failed (%d, %d)$REGDLL returned unknown result code %d$ReleaseMutex$Spawning _RegDLL.tmp$_RegDLL.tmp %u %u$_isetup\_RegDLL.tmp$dE
API String ID: 4012871263-2761909193
Opcode ID: b842e7043801e798c143265ca861d00d41cce83b11d6a55b278866bcac5f7f95
Instruction ID: f83b799fad480325abbebf32ce7824c881fe6810fb4ea4fb229400168c5a50eb
Opcode Fuzzy Hash: b842e7043801e798c143265ca861d00d41cce83b11d6a55b278866bcac5f7f95
Instruction Fuzzy Hash: E0918070A402149FDF10EBA9C841B9EB7B4EB48305F91856BF814EB393DB789948CF59

Function 0041F0C0 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 87libraryloaderCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,00418F98,00000000,?,?,?,00000001), ref: 0041F0CE
SetErrorMode.KERNEL32(00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F0EA
LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F0F6
SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F104
GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F134
GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F15D
GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F172
GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F187
GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F19C
GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F1B1
GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F1C6
GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F1DB
GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F1F0
GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F205
FreeLibrary.KERNEL32(00000001,?,00418F98,00000000,?,?,?,00000001), ref: 0041F217

Strings

Ctl3dSubclassDlgEx, xrefs: 0041F17C
Ctl3dRegister, xrefs: 0041F129
CTL3D32.DLL, xrefs: 0041F0F1
Ctl3dAutoSubclass, xrefs: 0041F1BB
Ctl3dSubclassCtl, xrefs: 0041F167
Ctl3dUnregister, xrefs: 0041F152
Ctl3dCtlColorEx, xrefs: 0041F1A6
Ctl3DColorChange, xrefs: 0041F1E5
Ctl3dDlgFramePaint, xrefs: 0041F191
Ctl3dUnAutoSubclass, xrefs: 0041F1D0
BtnWndProc3d, xrefs: 0041F1FA

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$ErrorLibraryMode$FreeLoadVersion
String ID: BtnWndProc3d$CTL3D32.DLL$Ctl3DColorChange$Ctl3dAutoSubclass$Ctl3dCtlColorEx$Ctl3dDlgFramePaint$Ctl3dRegister$Ctl3dSubclassCtl$Ctl3dSubclassDlgEx$Ctl3dUnAutoSubclass$Ctl3dUnregister
API String ID: 2323315520-3614243559
Opcode ID: c44bbbd98e059cecc08069e17c7c9aa6716694089eaec3a8336a368094c932b5
Instruction ID: 9ff2825c27a268439dd1d1bb46a0bfc7fca62d380631be57860753cffe2250cf
Opcode Fuzzy Hash: c44bbbd98e059cecc08069e17c7c9aa6716694089eaec3a8336a368094c932b5
Instruction Fuzzy Hash: C4310DB5600701FBDB00EBF5AC86A763298B768764746093BB109DB1B2E77D484ACB1D

Function 0048F140 Relevance: 35.5, APIs: 3, Strings: 17, Instructions: 481COMMON

Download Yara Rule

Strings

Uninstall DAT: , xrefs: 0048F242
Cannot find utCompiledCode record for this version of the uninstaller, xrefs: 0048F391
utCompiledCode[1] is invalid, xrefs: 0048F3BF
Uninstall, xrefs: 0048F1C8
Need to restart Windows? %s, xrefs: 0048F71F
Setup version: Inno Setup version 5.2.3, xrefs: 0048F215
UninstallNeedRestart, xrefs: 0048F67E, 0048F6B7
InitializeUninstall returned False; aborting., xrefs: 0048F576
Will restart because UninstallNeedRestart returned True., xrefs: 0048F6CE
InitializeUninstall, xrefs: 0048F53E
Will not restart Windows automatically., xrefs: 0048F7F2
DeinitializeUninstall, xrefs: 0048F888
Uninstall command line: , xrefs: 0048F265
Not calling UninstallNeedRestart because a restart has already been deemed necessary., xrefs: 0048F6FD
Original Uninstall EXE: , xrefs: 0048F21F
Install was done in 64-bit mode but not running 64-bit Windows now, xrefs: 0048F3F9
Removed all? %s, xrefs: 0048F648

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Long$Show
String ID: Cannot find utCompiledCode record for this version of the uninstaller$DeinitializeUninstall$InitializeUninstall$InitializeUninstall returned False; aborting.$Install was done in 64-bit mode but not running 64-bit Windows now$Need to restart Windows? %s$Not calling UninstallNeedRestart because a restart has already been deemed necessary.$Original Uninstall EXE: $Removed all? %s$Setup version: Inno Setup version 5.2.3$Uninstall$Uninstall DAT: $Uninstall command line: $UninstallNeedRestart$Will not restart Windows automatically.$Will restart because UninstallNeedRestart returned True.$utCompiledCode[1] is invalid
API String ID: 3609083571-2151202259
Opcode ID: a001349257df37f91bb4bbbd2202705434c0f6c722e0be5c3c3383539cfdd9c4
Instruction ID: 2b269d8c764b7bac30a443b9f4bc23fd7acbfe7da633e0682c37f6fe37a00802
Opcode Fuzzy Hash: a001349257df37f91bb4bbbd2202705434c0f6c722e0be5c3c3383539cfdd9c4
Instruction Fuzzy Hash: 2C12B234A00244AFD711FF65D842B5E7BA1AB5A709F50487BF800AB3A6CB7C9D49CB1D

Function 0041C9B4 Relevance: 33.2, APIs: 22, Instructions: 213windowCOMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,?,0041A8EC,?), ref: 0041C9E8
73A24C40.GDI32(?,00000000,?,0041A8EC,?), ref: 0041C9F4
73A26180.GDI32(0041A8EC,?,00000001,00000001,00000000,00000000,0041CC0A,?,?,00000000,?,0041A8EC,?), ref: 0041CA18
73A24C00.GDI32(?,0041A8EC,?,00000000,0041CC0A,?,?,00000000,?,0041A8EC,?), ref: 0041CA28
SelectObject.GDI32(0041CDE4,00000000), ref: 0041CA43
FillRect.USER32(0041CDE4,?,?), ref: 0041CA7E
SetTextColor.GDI32(0041CDE4,00000000), ref: 0041CA93
SetBkColor.GDI32(0041CDE4,00000000), ref: 0041CAAA
PatBlt.GDI32(0041CDE4,00000000,00000000,0041A8EC,?,00FF0062), ref: 0041CAC0
73A24C40.GDI32(?,00000000,0041CBC3,?,0041CDE4,00000000,?,0041A8EC,?,00000000,0041CC0A,?,?,00000000,?,0041A8EC), ref: 0041CAD3
SelectObject.GDI32(00000000,00000000), ref: 0041CB04
73A18830.GDI32(00000000,00000000,00000001,00000000,00000000,00000000,0041CBB2,?,?,00000000,0041CBC3,?,0041CDE4,00000000,?,0041A8EC), ref: 0041CB1C
73A122A0.GDI32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CBB2,?,?,00000000,0041CBC3,?,0041CDE4,00000000,?), ref: 0041CB25
73A18830.GDI32(0041CDE4,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CBB2,?,?,00000000,0041CBC3), ref: 0041CB34
73A122A0.GDI32(0041CDE4,0041CDE4,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CBB2,?,?,00000000,0041CBC3), ref: 0041CB3D
SetTextColor.GDI32(00000000,00000000), ref: 0041CB56
SetBkColor.GDI32(00000000,00000000), ref: 0041CB6D
73A24D40.GDI32(0041CDE4,00000000,00000000,0041A8EC,?,00000000,00000000,00000000,00CC0020,00000000,00000000,00000000,0041CBB2,?,?,00000000), ref: 0041CB89
SelectObject.GDI32(00000000,?), ref: 0041CB96
DeleteDC.GDI32(00000000), ref: 0041CBAC

Part of subcall function 0041A000: GetSysColor.USER32(?), ref: 0041A00A

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Color$ObjectSelect$A122A18830Text$A26180A570DeleteFillRect
String ID:
API String ID: 1381628555-0
Opcode ID: c8262b5c9687899cb3da658a9da79215068cbf101d5c2b8ed1964b5729b21c16
Instruction ID: ff179a34f285c3436bc621bb31859736a2280516ecfda4d40c06e70735cb6950
Opcode Fuzzy Hash: c8262b5c9687899cb3da658a9da79215068cbf101d5c2b8ed1964b5729b21c16
Instruction Fuzzy Hash: 8E61DE71A44608ABDF10EBE9DC86FDFB7B8EF48704F10446AF504E7281D67CA9408B69

Function 0042DEAC Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 178memorylibraryloaderCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(00491788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042DEE6
GetVersion.KERNEL32(00000000,0042E090,?,00491788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042DF03
GetModuleHandleA.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,0042E090,?,00491788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042DF1C
GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042DF22
FreeSid.ADVAPI32(00000000,0042E097,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E08A

Strings

CheckTokenMembership, xrefs: 0042DF12
advapi32.dll, xrefs: 0042DF17

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressAllocateFreeHandleInitializeModuleProcVersion
String ID: CheckTokenMembership$advapi32.dll
API String ID: 1717332306-1888249752
Opcode ID: 90bf7855e1e027ec7cb2be59d17b4e45930f5e0fb8f3cd7f2032e79c600b80b0
Instruction ID: c9ca30b7fa2e8a9abceabce4e586e827254369ae75abf0d5bc05731ff3bd77e9
Opcode Fuzzy Hash: 90bf7855e1e027ec7cb2be59d17b4e45930f5e0fb8f3cd7f2032e79c600b80b0
Instruction Fuzzy Hash: 2B51C571B44625AEDB10EAF69D42F7F7BACDB09704F94087BB600E7282C5BC9805866D

Function 004903C0 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 251synchronizationCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(?,00000005,00000000,00490758,?,?,00000000,?,00000000,00000000,?,00490A99,00000000,00490AA3,?,00000000), ref: 00490443
CreateMutexA.KERNEL32(00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00490758,?,?,00000000,?,00000000,00000000,?,00490A99,00000000), ref: 00490456
ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00490758,?,?,00000000,?,00000000,00000000), ref: 00490466
MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00490487
ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00490758,?,?,00000000,?,00000000), ref: 00490497

Part of subcall function 0042D330: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D3BE,?,?,00000000,?,?,0048FE54,00000000,0049001D,?,?,00000005), ref: 0042D365

Strings

/REGU, xrefs: 00490419
Setup, xrefs: 0049042F
.msg, xrefs: 004904BA
/REG, xrefs: 004903F5
Inno-Setup-RegSvr-Mutex, xrefs: 0049044D
.lst, xrefs: 004904D4

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ShowWindow$CreateFileModuleMultipleMutexNameObjectsWait
String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
API String ID: 2000705611-3672972446
Opcode ID: 5e2baa282b8d2d31c26c9cf6306373f30a95f163eb6d17839f706673ff1e9273
Instruction ID: 6666ff25eec7c53b5eb866eda449138b93a1580bdca8663c56f4b5746ffc9271
Opcode Fuzzy Hash: 5e2baa282b8d2d31c26c9cf6306373f30a95f163eb6d17839f706673ff1e9273
Instruction Fuzzy Hash: 4E91C430A04244AFDF11EBA5C852BAF7BB4EB49314F5144B7F900AB692C77CAC15CB69

Function 00457FB8 Relevance: 21.2, APIs: 2, Strings: 10, Instructions: 199COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,00458252,?,?,?,?,?,00000006,?,00000000,0048F8FB,?,00000000,0048F996), ref: 00458104

Strings

.hlp, xrefs: 00457FEF
.fts, xrefs: 0045802C
Failed to strip read-only attribute., xrefs: 004580E9
.gid, xrefs: 00458008
Failed to delete the file; it may be in use (%d)., xrefs: 004581F3
Deleting file: %s, xrefs: 004580A3
.chw, xrefs: 0045806D
The file appears to be in use (%d). Will delete on restart., xrefs: 0045814D
Stripped read-only attribute., xrefs: 004580DD
.chm, xrefs: 00458054

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast
String ID: .chm$.chw$.fts$.gid$.hlp$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
API String ID: 1452528299-1593206319
Opcode ID: 628919d0aa11778c490dae374a7ebf7b4a36784da16b12317269240a6cf3758c
Instruction ID: f32569dbdd6adc11da929e147044c40dcc52494f0e71e5ec630e07cd073e3049
Opcode Fuzzy Hash: 628919d0aa11778c490dae374a7ebf7b4a36784da16b12317269240a6cf3758c
Instruction Fuzzy Hash: 666192307046449BDB00EB6988517AE7BA4AB49715F5184AFFC01EB383CF7C9E49CB59

Function 0041B354 Relevance: 21.1, APIs: 14, Instructions: 126windowCOMMON

Download Yara Rule

APIs

73A24C40.GDI32(00000000,?,00000000,?), ref: 0041B36B
73A24C40.GDI32(00000000,00000000,?,00000000,?), ref: 0041B375
GetObjectA.GDI32(?,00000018,00000004), ref: 0041B387
73A26180.GDI32(0000000B,?,00000001,00000001,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B39E
73A1A570.USER32(00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B3AA
73A24C00.GDI32(00000000,0000000B,?,00000000,0041B403,?,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B3D7
73A1A480.USER32(00000000,00000000,0041B40A,00000000,0041B403,?,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B3FD
SelectObject.GDI32(00000000,?), ref: 0041B418
SelectObject.GDI32(?,00000000), ref: 0041B427
StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B453
SelectObject.GDI32(00000000,00000000), ref: 0041B461
SelectObject.GDI32(?,00000000), ref: 0041B46F
DeleteDC.GDI32(00000000), ref: 0041B478
DeleteDC.GDI32(?), ref: 0041B481

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$Select$Delete$A26180A480A570Stretch
String ID:
API String ID: 359944910-0
Opcode ID: e92431f9581d06db8cd21544c0e7e04c7f7b808437c697100934415fbb48ef82
Instruction ID: f97b2a76bc4940b7567ba323b4cd0a089c72401e81ca6e31c969396a69b82abf
Opcode Fuzzy Hash: e92431f9581d06db8cd21544c0e7e04c7f7b808437c697100934415fbb48ef82
Instruction Fuzzy Hash: 4941BF71E40609AFDF10DAE9D846FEFB7B8EB08704F104466B614FB281C77869418BA4

Function 00452EAC Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 244registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegQueryValueExA.ADVAPI32(0045841A,00000000,00000000,?,00000000,?,00000000,00453145,?,0045841A,00000003,00000000,00000000,0045317C), ref: 00452FC5

Part of subcall function 0042E660: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004519EF,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E67F

RegQueryValueExA.ADVAPI32(0045841A,00000000,00000000,00000000,?,00000004,00000000,0045308F,?,0045841A,00000000,00000000,?,00000000,?,00000000), ref: 00453049
RegQueryValueExA.ADVAPI32(0045841A,00000000,00000000,00000000,?,00000004,00000000,0045308F,?,0045841A,00000000,00000000,?,00000000,?,00000000), ref: 00453078

Strings

, xrefs: 00452F36
Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00452F1C
Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00452EE3
RegOpenKeyEx, xrefs: 00452F48

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: QueryValue$FormatMessageOpen
String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
API String ID: 2812809588-1577016196
Opcode ID: 0e8a8fe90ab65ee8afece0f5023d781a25c66e7800ad316f26bfe38058a3962f
Instruction ID: 928035bd272ea07f578a002d221a9efba8d97d5daeae889991e526f08aa7b5e3
Opcode Fuzzy Hash: 0e8a8fe90ab65ee8afece0f5023d781a25c66e7800ad316f26bfe38058a3962f
Instruction Fuzzy Hash: 70913671E00208ABDB10DFA5D941BDEB7F9EB49746F10446BF900F7282D6789E098B69

Function 00456B34 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 00456B6B
TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00456B87
WaitForSingleObject.KERNEL32(?,00002710,?), ref: 00456B95
GetExitCodeProcess.KERNEL32(?), ref: 00456BA6
CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00456BED
Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00456C09

Strings

Stopping 64-bit helper process. (PID: %u), xrefs: 00456B5D
Helper process exited with failure code: 0x%x, xrefs: 00456BD3
Helper process exited., xrefs: 00456BB5
Helper isn't responding; killing it., xrefs: 00456B77
Helper process exited, but failed to get exit code., xrefs: 00456BDF

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
API String ID: 3355656108-1243109208
Opcode ID: 5b56649a2d40bba37211ef4175ca1734cbb3bde7ff93420d1052a04aac8d11c1
Instruction ID: 9d7a733ba7e4b400d55abe2d76827c4ec82c7121443a5166b5708a03c4d9d847
Opcode Fuzzy Hash: 5b56649a2d40bba37211ef4175ca1734cbb3bde7ff93420d1052a04aac8d11c1
Instruction Fuzzy Hash: 37217C70604B009ADB20E779C446B5BB7D49F08315F81882FB8D9CB293D67CF8488B6A

Function 0048EDB4 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00452038: CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,0048EF85,_iu,?,00000000,00452172), ref: 00452127
Part of subcall function 00452038: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,0048EF85,_iu,?,00000000,00452172), ref: 00452137

CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0048EE31
SetFileAttributesA.KERNEL32(00000000,00000080,00000000,0048EF85), ref: 0048EE52
CreateWindowExA.USER32(00000000,STATIC,0048EF94,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0048EE79
SetWindowLongA.USER32(?,000000FC,0048E60C), ref: 0048EE8C
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,0048EF58,?,?,000000FC,0048E60C,00000000,STATIC,0048EF94), ref: 0048EEBC
MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 0048EF30
CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,0048EF58,?,?,000000FC,0048E60C,00000000), ref: 0048EF3C

Part of subcall function 00452388: WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0045246F

73A25CF0.USER32(?,0048EF5F,00000000,00000000,00000000,00000000,00000000,00000097,00000000,0048EF58,?,?,000000FC,0048E60C,00000000,STATIC), ref: 0048EF52

Strings

STATIC, xrefs: 0048EE72
/SECONDPHASE="%s" /FIRSTPHASEWND=$%x , xrefs: 0048EEEB

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileWindow$CloseCreateHandle$AttributesCopyLongMultipleObjectsPrivateProfileStringWaitWrite
String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
API String ID: 170458502-2312673372
Opcode ID: d286ce31f0742afd55fe71401d241f91e74279016cdde02258f129c258f02059
Instruction ID: 899c3a807d8ebef90b2c1b053718f2bfa0ca9862065cd7989ddb6901344ff065
Opcode Fuzzy Hash: d286ce31f0742afd55fe71401d241f91e74279016cdde02258f129c258f02059
Instruction Fuzzy Hash: 3E415370A44248BFDB00FBA6DD42F9E77B8EB19704F50497AF604F72D1D6799A008B58

Function 0045E0C0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON

Download Yara Rule

APIs

GetActiveWindow.USER32 ref: 0045E0CC
GetModuleHandleA.KERNEL32(user32.dll), ref: 0045E0E0
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0045E0ED
GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0045E0FA
GetWindowRect.USER32(?,00000000), ref: 0045E146
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 0045E184

Strings

GetMonitorInfoA, xrefs: 0045E0F4
user32.dll, xrefs: 0045E0DB
(, xrefs: 0045E125
MonitorFromWindow, xrefs: 0045E0E7

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$AddressProc$ActiveHandleModuleRect
String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
API String ID: 2610873146-3407710046
Opcode ID: 170c59ca9b76ed583b93d1e9080623799a3cea187bf70a9d391bc38250018019
Instruction ID: ef411939a0946b870fd052df56d83547aac6ed7b4a766e15f820ec3551d64de0
Opcode Fuzzy Hash: 170c59ca9b76ed583b93d1e9080623799a3cea187bf70a9d391bc38250018019
Instruction Fuzzy Hash: CE21D475705B04AFD3149669CD81F3F3299DB88B11F08453AFD44DB382DA78DD068AA9

Function 0042EA60 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON

Download Yara Rule

APIs

GetActiveWindow.USER32 ref: 0042EA6C
GetModuleHandleA.KERNEL32(user32.dll), ref: 0042EA80
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0042EA8D
GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0042EA9A
GetWindowRect.USER32(?,00000000), ref: 0042EAE6
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 0042EB24

Strings

user32.dll, xrefs: 0042EA7B
MonitorFromWindow, xrefs: 0042EA87
GetMonitorInfoA, xrefs: 0042EA94
(, xrefs: 0042EAC5

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$AddressProc$ActiveHandleModuleRect
String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
API String ID: 2610873146-3407710046
Opcode ID: c76122e987ccbbf4ad122bf975a6ea2cd69e31ff1eab506a42aecdfe1b08b63b
Instruction ID: de6f8a07dda85d31b5a5cc2262033447bbfd7554ac1e79db9a4c9fe52e5b2086
Opcode Fuzzy Hash: c76122e987ccbbf4ad122bf975a6ea2cd69e31ff1eab506a42aecdfe1b08b63b
Instruction Fuzzy Hash: 2A21C271701614AFD700EA79DCD1F3B3B98DB88710F48452AF945DB382DA78FC008AA9

Function 00456D0C Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127pipeCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00456EEB,?,00000000,00456F4E,?,?,00000000,00000000), ref: 00456D69
TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00002034,00000014,00000000,?,00000000,00456E80,?,00000000,00000001,00000000,00000000,00000000,00456EEB), ref: 00456DC6
GetLastError.KERNEL32(?,-00000020,0000000C,-00002034,00000014,00000000,?,00000000,00456E80,?,00000000,00000001,00000000,00000000,00000000,00456EEB), ref: 00456DD3
MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00456E1F
GetOverlappedResult.KERNEL32(?,?,00000000,00000001,00456E59,?,-00000020,0000000C,-00002034,00000014,00000000,?,00000000,00456E80,?,00000000), ref: 00456E45
GetLastError.KERNEL32(?,?,00000000,00000001,00456E59,?,-00000020,0000000C,-00002034,00000014,00000000,?,00000000,00456E80,?,00000000), ref: 00456E4C

Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B

Strings

TransactNamedPipe, xrefs: 00456DDF
CreateEvent, xrefs: 00456D77

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
String ID: CreateEvent$TransactNamedPipe
API String ID: 2182916169-3012584893
Opcode ID: 48229fdc3ef61929d6ac761d7619ebca0006deda708ad69f0594bdf8de0f3da7
Instruction ID: 3505877414f257bb21a012f26b9d0d7704acec035ae139655f100219df004d2f
Opcode Fuzzy Hash: 48229fdc3ef61929d6ac761d7619ebca0006deda708ad69f0594bdf8de0f3da7
Instruction Fuzzy Hash: 6C41C275A00208AFDB05DF95CD82F9EB7F9FB08714F5140AAF904E7292C6789E44CB68

Function 00454B2C Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 99libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,00454C91,?,?,00000031,?), ref: 00454B54
GetProcAddress.KERNEL32(00000000,OLEAUT32.DLL), ref: 00454B5A
LoadTypeLib.OLEAUT32(00000000,?), ref: 00454BA7

Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B

Strings

UnRegisterTypeLib, xrefs: 00454B4A
ITypeLib::GetLibAttr, xrefs: 00454BDD
GetProcAddress, xrefs: 00454B67
UnRegisterTypeLib, xrefs: 00454C13
OLEAUT32.DLL, xrefs: 00454B4F
LoadTypeLib, xrefs: 00454BB2

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressErrorHandleLastLoadModuleProcType
String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
API String ID: 1914119943-2711329623
Opcode ID: 12a9c4858e22de83489c89b1158ee9c10e057dde659f6e5fdc5b29827f952d42
Instruction ID: e4400bf96c166b5c8e97fc258379556c86f091726ab19f10260670aaeab998db
Opcode Fuzzy Hash: 12a9c4858e22de83489c89b1158ee9c10e057dde659f6e5fdc5b29827f952d42
Instruction Fuzzy Hash: 3831B475600604AFDB12EFAACC01E5BB7B9EBC870971144AAF814DB752DA38D984C628

Function 0042E264 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042E369,?,?,00000001,00000000,?,?,00000001,00000000,00000002,00000000,0047A008), ref: 0042E28D
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042E293
RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042E369,?,?,00000001,00000000,?,?,00000001), ref: 0042E2E1

Strings

.DEFAULT\Control Panel\International, xrefs: 0042E2B8
Locale, xrefs: 0042E2D0
kernel32.dll, xrefs: 0042E288
Control Panel\Desktop\ResourceLocale, xrefs: 0042E2F0
GetUserDefaultUILanguage, xrefs: 0042E283

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: d2b98547006c70c7f6ab2a7a46fd7a642073d1849025eece5ac941bf7e5903bf
Instruction ID: b5527917e10b0fb8c326f7aa8ff769b2caa43ea40ee794feba058f86ebb39bc0
Opcode Fuzzy Hash: d2b98547006c70c7f6ab2a7a46fd7a642073d1849025eece5ac941bf7e5903bf
Instruction Fuzzy Hash: 0C215334B00219EBDB00EBA7DC55A9F77A9EB44705FA0447BA900E7291DBBC9A05CB5C

Function 00416D28 Relevance: 15.2, APIs: 10, Instructions: 167windowCOMMON

Download Yara Rule

APIs

RectVisible.GDI32(?,?), ref: 00416DBB
SaveDC.GDI32(?), ref: 00416DCF
IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 00416DF2
RestoreDC.GDI32(?,?), ref: 00416E0D
CreateSolidBrush.GDI32(00000000), ref: 00416E8D
FrameRect.USER32(?,?,?), ref: 00416EC0
DeleteObject.GDI32(?), ref: 00416ECA
CreateSolidBrush.GDI32(00000000), ref: 00416EDA
FrameRect.USER32(?,?,?), ref: 00416F0D
DeleteObject.GDI32(?), ref: 00416F17

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
String ID:
API String ID: 375863564-0
Opcode ID: 9eaa094af12716ba6a712ed9638624616ca55e3879d61aed165e71946b14b20b
Instruction ID: b1e82343d8b9ba510e891f63597e6edb4555071dc73553b60de04657c1de1759
Opcode Fuzzy Hash: 9eaa094af12716ba6a712ed9638624616ca55e3879d61aed165e71946b14b20b
Instruction Fuzzy Hash: 32513C712086445FDB50EF69C8C0B9B77E8AF48314F15466AFD48CB286C778EC81CB99

Function 00404ABF Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B46
GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B6A
SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B86
ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00404BA7
SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00404BD0
SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00404BDA
GetStdHandle.KERNEL32(000000F5), ref: 00404BFA
GetFileType.KERNEL32(?,000000F5), ref: 00404C11
CloseHandle.KERNEL32(?,?,000000F5), ref: 00404C2C
GetLastError.KERNEL32(000000F5), ref: 00404C46

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
String ID:
API String ID: 1694776339-0
Opcode ID: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
Instruction ID: 0555156f4d2a620bb114dc01d937536d57074fdea11cd86abdfeb4dd56d828b4
Opcode Fuzzy Hash: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
Instruction Fuzzy Hash: 3741B3F02093009AF7305E248905B2375E5EBC0755F208E3FE296BA6E0D7BDE8458B1D

Function 00422190 Relevance: 15.1, APIs: 10, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetSystemMenu.USER32(00000000,00000000), ref: 004221DB
DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 004221F9
DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422206
DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422213
DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422220
DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 0042222D
DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 0042223A
DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 00422247
EnableMenuItem.USER32(00000000,0000F020,00000001), ref: 00422265
EnableMenuItem.USER32(00000000,0000F030,00000001), ref: 00422281

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$Delete$EnableItem$System
String ID:
API String ID: 3985193851-0
Opcode ID: 2ac919316b1e548bcce60f4eb3ccb73fb66cb5d1796470b9090fa35795744f24
Instruction ID: 142bb334ff85b79c2121110e2d141a600bd35af2d4b4289324417f29a70e323f
Opcode Fuzzy Hash: 2ac919316b1e548bcce60f4eb3ccb73fb66cb5d1796470b9090fa35795744f24
Instruction Fuzzy Hash: 802136703457457BE720D725DD8BFAB7AD89B08708F0440A5B6447F2D3C6FDEA4086A8

Function 0045CDF0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0042CAA4: CharPrevA.USER32(?,00000000,?,00000001,?,?,0042CBD2,00000000,0042CBF8,?,00000001,?,?,00000000,?,0042CC4A), ref: 0042CACC

SHGetMalloc.SHELL32(?), ref: 0045CE2B
GetActiveWindow.USER32 ref: 0045CE8F
CoInitialize.OLE32(00000000), ref: 0045CEA3
SHBrowseForFolder.SHELL32(?), ref: 0045CEBA
756CD120.OLE32(0045CEFB,00000000,?,?,?,?,?,00000000,0045CF7F), ref: 0045CECF
SetActiveWindow.USER32(?,0045CEFB,00000000,?,?,?,?,?,00000000,0045CF7F), ref: 0045CEE5
SetActiveWindow.USER32(?,?,0045CEFB,00000000,?,?,?,?,?,00000000,0045CF7F), ref: 0045CEEE

Strings

A, xrefs: 0045CE63

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ActiveWindow$BrowseCharD120FolderInitializeMallocPrev
String ID: A
API String ID: 2093991911-3554254475
Opcode ID: a57be843ccaacac0a46b99ad4989412c07f02d64ca0905ed98f03eef16ad0010
Instruction ID: 44e22db6f723d0e43817c9017cb3acb801a4f8e8d8f4fd9594430335e44c7cfb
Opcode Fuzzy Hash: a57be843ccaacac0a46b99ad4989412c07f02d64ca0905ed98f03eef16ad0010
Instruction Fuzzy Hash: 7A310F70E00308AFDB01EFB6D886A9EBBF8EB09304F51447AF914E7252D6785A44CB59

Function 00418BFC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(0000000E), ref: 00418C18
GetSystemMetrics.USER32(0000000D), ref: 00418C20
6F552980.COMCTL32(00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C26

Part of subcall function 00409958: 6F54C400.COMCTL32((&I,000000FF,00000000,00418C54,00000000,00418CB0,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 0040995C

6F5BCB00.COMCTL32((&I,00000000,00000000,00000000,00000000,00418CB0,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C76
6F5BC740.COMCTL32(00000000,?,(&I,00000000,00000000,00000000,00000000,00418CB0,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001), ref: 00418C81
6F5BCB00.COMCTL32((&I,00000001,?,?,00000000,?,(&I,00000000,00000000,00000000,00000000,00418CB0,?,00000000,0000000D,00000000), ref: 00418C94
6F550860.COMCTL32((&I,00418CB7,?,00000000,?,(&I,00000000,00000000,00000000,00000000,00418CB0,?,00000000,0000000D,00000000,0000000E), ref: 00418CAA

Strings

(&I, xrefs: 00418C4C, 00418C64, 00418C72, 00418C90, 00418CA6, 00418C75, 00418C93, 00418CA9

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MetricsSystem$C400C740F550860F552980
String ID: (&I
API String ID: 1828538299-96580698
Opcode ID: cb724f8f61eeec6223193507a99a441db1e856c55be7018474d1ece8e95461e9
Instruction ID: 46645d9a52805bd5c852c20026195d53dd59d6b8e5b8ddd5dae0d8f2325046d5
Opcode Fuzzy Hash: cb724f8f61eeec6223193507a99a441db1e856c55be7018474d1ece8e95461e9
Instruction Fuzzy Hash: 8B113671B44604BBDB10EBA5DC82F5EB3B8DB48714F50446EBA04F73D2EAB99D408768

Function 0045A7A8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,inflateInit_), ref: 0045A7B1
GetProcAddress.KERNEL32(00000000,inflate), ref: 0045A7C1
GetProcAddress.KERNEL32(00000000,inflateEnd), ref: 0045A7D1
GetProcAddress.KERNEL32(00000000,inflateReset), ref: 0045A7E1

Strings

inflateReset, xrefs: 0045A7DB
inflateInit_, xrefs: 0045A7AB
inflate, xrefs: 0045A7BB
inflateEnd, xrefs: 0045A7CB

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc
String ID: inflate$inflateEnd$inflateInit_$inflateReset
API String ID: 190572456-3516654456
Opcode ID: 3dffc787503262894019984b3336cae492994a29c5f4e8bedd10a62cfa1da0e0
Instruction ID: 8bdbbd7099bf23791bc9fd54354aee5868bc2dbadb77176a7910e3edbd90d505
Opcode Fuzzy Hash: 3dffc787503262894019984b3336cae492994a29c5f4e8bedd10a62cfa1da0e0
Instruction Fuzzy Hash: 8E0125B0500B00EED728EF32AE8872336B5A764345F14C17B9805652BBDBF8045EDA1D

Function 0041A884 Relevance: 13.7, APIs: 9, Instructions: 176windowCOMMON

Download Yara Rule

APIs

SetBkColor.GDI32(?,00000000), ref: 0041A961
73A24D40.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020,?,00000000), ref: 0041A99B
SetBkColor.GDI32(?,?), ref: 0041A9B0
StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00CC0020), ref: 0041A9FA
SetTextColor.GDI32(00000000,00000000), ref: 0041AA05
SetBkColor.GDI32(00000000,00FFFFFF), ref: 0041AA15
StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00E20746), ref: 0041AA54
SetTextColor.GDI32(00000000,00000000), ref: 0041AA5E
SetBkColor.GDI32(00000000,?), ref: 0041AA6B

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Color$StretchText
String ID:
API String ID: 2984075790-0
Opcode ID: c5f223bee4bb783086f44ddf098ec2f005a4e4987d44d46892a6de9d9b7dd681
Instruction ID: e254907fa32ae31809fa254cf51b9897988a5b4c94e3051facbc65a4db038bdb
Opcode Fuzzy Hash: c5f223bee4bb783086f44ddf098ec2f005a4e4987d44d46892a6de9d9b7dd681
Instruction Fuzzy Hash: 6161E5B5A00105EFCB40EFA9D985E9AB7F8EF08314B11856AF518DB262C734ED41CF69

Function 0044C864 Relevance: 13.6, APIs: 9, Instructions: 90COMMON

Download Yara Rule

APIs

OffsetRect.USER32(?,00000001,00000001), ref: 0044C895
GetSysColor.USER32(00000014), ref: 0044C89C
SetTextColor.GDI32(00000000,00000000), ref: 0044C8B4
DrawTextA.USER32(00000000,00000000,00000000), ref: 0044C8DD
OffsetRect.USER32(?,000000FF,000000FF), ref: 0044C8E7
GetSysColor.USER32(00000010), ref: 0044C8EE
SetTextColor.GDI32(00000000,00000000), ref: 0044C906
DrawTextA.USER32(00000000,00000000,00000000), ref: 0044C92F
DrawTextA.USER32(00000000,00000000,00000000), ref: 0044C95A

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Text$Color$Draw$OffsetRect
String ID:
API String ID: 1005981011-0
Opcode ID: 57028361129e52f9431e5318b710a4d40606affc4f959fc4e5e926226b5bbf1d
Instruction ID: b575c18274847aba3012457626d0aaea5839951ed62bd291699816a0262c3fb5
Opcode Fuzzy Hash: 57028361129e52f9431e5318b710a4d40606affc4f959fc4e5e926226b5bbf1d
Instruction Fuzzy Hash: 0321A0B42016047FC710FB6ACD8AE9B7BDCDF19319B04457AB918EB3A3C678DD408669

Function 0047174C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 92windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00471674: GetWindowThreadProcessId.USER32(00000000), ref: 0047167C
Part of subcall function 00471674: GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00471773,\/I,00000000), ref: 0047168F
Part of subcall function 00471674: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00471695

SendMessageA.USER32(00000000,0000004A,00000000,00471B06), ref: 00471781
GetTickCount.KERNEL32 ref: 004717C6
GetTickCount.KERNEL32 ref: 004717D0
MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,0000000A,000000FF), ref: 00471825

Strings

CallSpawnServer: Unexpected status: %d, xrefs: 0047180E
\/I, xrefs: 00471753
CallSpawnServer: Unexpected response: $%x, xrefs: 004717B6

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CountTick$AddressHandleMessageModuleMultipleObjectsProcProcessSendThreadWaitWindow
String ID: CallSpawnServer: Unexpected response: $%x$CallSpawnServer: Unexpected status: %d$\/I
API String ID: 613034392-4045567746
Opcode ID: 0bdae429eff8d1580745a98c8e118b2776b597856db30de61ff8ebb473ee6832
Instruction ID: f11b9d24a016228fd55770aab2269764d20f87266426001b19c3ff40abdb7d86
Opcode Fuzzy Hash: 0bdae429eff8d1580745a98c8e118b2776b597856db30de61ff8ebb473ee6832
Instruction Fuzzy Hash: E0317F78F002159BDB10EBBD88867EEB6A59F04704F50843AB548EB3A2D67C9D01879E

Function 0048E658 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

Part of subcall function 0044FC44: SetEndOfFile.KERNEL32(?,?,004599C5,00000000,00459B68,?,00000000,00000002,00000002), ref: 0044FC4B

Part of subcall function 00406EF0: DeleteFileA.KERNEL32(00000000,00492628,004906E1,00000000,00490736,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406EFB

GetWindowThreadProcessId.USER32(00000000,?), ref: 0048E6E9
OpenProcess.KERNEL32(00100000,00000000,?,00000000,?), ref: 0048E6FD
SendNotifyMessageA.USER32(00000000,0000054D,00000000,00000000), ref: 0048E717
WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 0048E723
CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 0048E729
Sleep.KERNEL32(000001F4,00000000,0000054D,00000000,00000000,00000000,?), ref: 0048E73C

Strings

Deleting Uninstall data files., xrefs: 0048E65F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileProcess$CloseDeleteHandleMessageNotifyObjectOpenSendSingleSleepThreadWaitWindow
String ID: Deleting Uninstall data files.
API String ID: 1570157960-2568741658
Opcode ID: 9d067bf5239d494c11ca6ea2ee92c558df55eaca7c9a40dc827b20b8e50aa70c
Instruction ID: 7eb9b81ebef4b9935662b2bd99c088e093be0b50f7952a605171971ca98b3156
Opcode Fuzzy Hash: 9d067bf5239d494c11ca6ea2ee92c558df55eaca7c9a40dc827b20b8e50aa70c
Instruction Fuzzy Hash: 5B216F74744204BEE721FBBADC86B2B3698E759319F50053BF9119A1A2DA789D009B1C

Function 0046A7E4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registrywindowCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,0046A8E1,?,?,?,?,00000000), ref: 0046A84B
RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,0046A8E1), ref: 0046A862
AddFontResourceA.GDI32(00000000), ref: 0046A87F
SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 0046A893

Strings

Failed to open Fonts registry key., xrefs: 0046A869
Failed to set value in Fonts registry key., xrefs: 0046A854
AddFontResource, xrefs: 0046A89D

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseFontMessageNotifyOpenResourceSendValue
String ID: AddFontResource$Failed to open Fonts registry key.$Failed to set value in Fonts registry key.
API String ID: 955540645-649663873
Opcode ID: 11df6b7a543e1574400f6d60ac64e9c409163a70e4fa8ab2c46bb6d50d2485e1
Instruction ID: 1afd192ee4ee27fe0430144d256ae41832f88f75df52154e79e2d4afe470c12e
Opcode Fuzzy Hash: 11df6b7a543e1574400f6d60ac64e9c409163a70e4fa8ab2c46bb6d50d2485e1
Instruction Fuzzy Hash: 2D2191707406047AE710BB668C42B6E679CDB45704F604437B900FB2C2E67CDE169A6F

Function 0045E500 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004163B8: GetClassInfoA.USER32(00400000,?,?), ref: 00416427
Part of subcall function 004163B8: UnregisterClassA.USER32(?,00400000), ref: 00416453
Part of subcall function 004163B8: RegisterClassA.USER32(?), ref: 00416476

GetVersion.KERNEL32 ref: 0045E530
SendMessageA.USER32(00000000,0000112C,00000004,00000004), ref: 0045E56E
SHGetFileInfo.SHELL32(0045E60C,00000000,?,00000160,00004011), ref: 0045E58B
LoadCursorA.USER32(00000000,00007F02), ref: 0045E5A9
SetCursor.USER32(00000000,00000000,00007F02,0045E60C,00000000,?,00000160,00004011), ref: 0045E5AF
SetCursor.USER32(?,0045E5EF,00007F02,0045E60C,00000000,?,00000160,00004011), ref: 0045E5E2

Strings

Explorer, xrefs: 0045E54A

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClassCursor$Info$FileLoadMessageRegisterSendUnregisterVersion
String ID: Explorer
API String ID: 2594429197-512347832
Opcode ID: 04dae18e0789727a76a8890a65ab041c4f98a0ef290a8ca75c183f3cffa742e1
Instruction ID: e5db7c9749215eeb2d02e5ed912e0b3fe28138e3e2d2d7ddb3fe69776e4d8daf
Opcode Fuzzy Hash: 04dae18e0789727a76a8890a65ab041c4f98a0ef290a8ca75c183f3cffa742e1
Instruction Fuzzy Hash: 80213D717803087AEB14BBB69C47B9A36889B05709F4100BFBE05EA1C3EDBC8D05866C

Function 004019CC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

RtlInitializeCriticalSection.KERNEL32(00492420,00000000,00401A82,?,?,0040222E,02132B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
RtlEnterCriticalSection.KERNEL32(00492420,00492420,00000000,00401A82,?,?,0040222E,02132B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
LocalAlloc.KERNEL32(00000000,00000FF8,00492420,00000000,00401A82,?,?,0040222E,02132B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
RtlLeaveCriticalSection.KERNEL32(00492420,00401A89,00000000,00401A82,?,?,0040222E,02132B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C

Strings

@$I, xrefs: 004019FA
P$I, xrefs: 00401A04
|$I, xrefs: 00401A0E

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$AllocEnterInitializeLeaveLocal
String ID: @$I$P$I$|$I
API String ID: 730355536-2452420409
Opcode ID: 45966a33f2cca9af6227f06f99b0f7a08db919fa22154029dacd4e349c8f896d
Instruction ID: 60313ebd75f34371d34e31ab956689d8a0b747d94a089b2a958688c132db86d3
Opcode Fuzzy Hash: 45966a33f2cca9af6227f06f99b0f7a08db919fa22154029dacd4e349c8f896d
Instruction Fuzzy Hash: AA01C0706452407EFB1AAB6A9A06B263ED8E795748F11803BF440A6AF1C6FC4840CB6D

Function 0045775C Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 121COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,004578DE,?,00000000,?,00000000,?,00000006,?,00000000,0048F8FB,?,00000000,0048F996), ref: 00457822

Part of subcall function 00452A2C: FindClose.KERNEL32(000000FF,00452B22), ref: 00452B11

Strings

Deleting directory: %s, xrefs: 004577AB
Failed to delete directory (%d). Will retry later., xrefs: 0045783B
Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 004577FC
Failed to delete directory (%d)., xrefs: 004578B8
Stripped read-only attribute., xrefs: 004577E4
Failed to strip read-only attribute., xrefs: 004577F0
Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 00457897

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseErrorFindLast
String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
API String ID: 754982922-1448842058
Opcode ID: c942cc8746309d6c4fde1d13e5877ff426f738c54e561dd9b6452c2f2059cbe1
Instruction ID: 7ed85959ced61155a0d0e848b4d98e2feb505fad3b81ad5ee62f34683386d719
Opcode Fuzzy Hash: c942cc8746309d6c4fde1d13e5877ff426f738c54e561dd9b6452c2f2059cbe1
Instruction Fuzzy Hash: 1941F830A182089BDB00EB69A8053AF76E59F49316F54857BAC01DB393D77C9E0CC75E

Function 00429428 Relevance: 12.1, APIs: 8, Instructions: 62COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000), ref: 00429432
GetTextMetricsA.GDI32(00000000), ref: 0042943B

Part of subcall function 0041A190: CreateFontIndirectA.GDI32(?), ref: 0041A24F

SelectObject.GDI32(00000000,00000000), ref: 0042944A
GetTextMetricsA.GDI32(00000000,?), ref: 00429457
SelectObject.GDI32(00000000,00000000), ref: 0042945E
73A1A480.USER32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00429466
GetSystemMetrics.USER32(00000006), ref: 0042948B
GetSystemMetrics.USER32(00000006), ref: 004294A5

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Metrics$ObjectSelectSystemText$A480A570CreateFontIndirect
String ID:
API String ID: 361401722-0
Opcode ID: 9834c26a9960500f6a9ecfd8d753213a1de3cd4ea19aff41d6da438e204e4863
Instruction ID: 1059aa7a6e273236e125af25209637a8817c3066b806c9f95c2c1fc45335f5e0
Opcode Fuzzy Hash: 9834c26a9960500f6a9ecfd8d753213a1de3cd4ea19aff41d6da438e204e4863
Instruction Fuzzy Hash: 830100917087503BF710B27A9CC2F6B5588DB8435CF80003FFA469A3C3DA6C8C41826A

Function 0041DDCC Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,?,00419001,00490B35), ref: 0041DDCF
73A24620.GDI32(00000000,0000005A,00000000,?,00419001,00490B35), ref: 0041DDD9
73A1A480.USER32(00000000,00000000,00000000,0000005A,00000000,?,00419001,00490B35), ref: 0041DDE6
MulDiv.KERNEL32(00000008,00000060,00000048), ref: 0041DDF5
GetStockObject.GDI32(00000007), ref: 0041DE03
GetStockObject.GDI32(00000005), ref: 0041DE0F
GetStockObject.GDI32(0000000D), ref: 0041DE1B
LoadIconA.USER32(00000000,00007F00), ref: 0041DE2C

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ObjectStock$A24620A480A570IconLoad
String ID:
API String ID: 3573811560-0
Opcode ID: 9c1e6b037cfcf526f883390b7a6738af9fd81bafc879f9cac69ea1757f065c58
Instruction ID: 4ac4bd4aadafbff56ec06caa1a3c2c499f9ae773c567f2f7cd71ce954fcb2d20
Opcode Fuzzy Hash: 9c1e6b037cfcf526f883390b7a6738af9fd81bafc879f9cac69ea1757f065c58
Instruction Fuzzy Hash: F81142706453416AE740FF795E92BA63694EB24748F00803BF604EF6D2D7BD1C449B5E

Function 0045E910 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 273COMMON

Download Yara Rule

APIs

LoadCursorA.USER32(00000000,00007F02), ref: 0045EA14
SetCursor.USER32(00000000,00000000,00007F02,00000000,0045EAA9), ref: 0045EA1A
SetCursor.USER32(?,0045EA91,00007F02,00000000,0045EAA9), ref: 0045EA84

Strings

, xrefs: 0045ECAA
Internal error: Item already expanding, xrefs: 0045E9B1
, xrefs: 0045EC8F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Cursor$Load
String ID: $ $Internal error: Item already expanding
API String ID: 1675784387-1948079669
Opcode ID: 062bc24e025f87a5132b01d4a23ebbd0a7af6c8b69919735a7d8bfb9171ae665
Instruction ID: dca47056957fcd899ad7342011e10480afea1a1a27e56c2873f80f5661136381
Opcode Fuzzy Hash: 062bc24e025f87a5132b01d4a23ebbd0a7af6c8b69919735a7d8bfb9171ae665
Instruction Fuzzy Hash: 35B1BF30A042449FDB25DF2AC585B9ABBF0BF04305F5484AAEC459B793D738EE49CB45

Function 00452388 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 225COMMON

Download Yara Rule

APIs

WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0045246F

Strings

NUL, xrefs: 00452531
[rename], xrefs: 004524D2, 0045250E
.tmp, xrefs: 0045242B
MoveFileEx, xrefs: 0045267F
WININIT.INI, xrefs: 0045241D

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
API String ID: 390214022-3304407042
Opcode ID: 1c1ce0ddb9ef394067630f10c4084cb2c2b088ee831540a62cb7d367d0a82b32
Instruction ID: b02a2244c8ac043b1712f4d5d459e41a201eed142cab655ca7120e0de3a2e1df
Opcode Fuzzy Hash: 1c1ce0ddb9ef394067630f10c4084cb2c2b088ee831540a62cb7d367d0a82b32
Instruction Fuzzy Hash: BA91F330A001099BDB11EFA5D982BDEB7F5AF49305F50847BE90077392D7B8AE09CB59

Function 004086C0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,00408908,?,?,?,?,00000000,00000000,00000000,?,0040990F,00000000,00409922), ref: 004086DA

Part of subcall function 00408508: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,004924C0,00000001,?,004085D3,?,00000000,004086B2), ref: 00408526

Part of subcall function 00408554: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,00408756,?,?,?,00000000,00408908), ref: 00408567

Strings

mmmm d, yyyy, xrefs: 004087CB
m/d/yy, xrefs: 004087A9
:mm, xrefs: 004088BC
:mm:ss, xrefs: 004088D6
AMPM, xrefs: 004088A5

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: InfoLocale$DefaultSystem
String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
API String ID: 1044490935-665933166
Opcode ID: ff036df80b210b54e2fa160841ffd8a7ad68a192e85da69035cbbac9a23d53b8
Instruction ID: 056ecf6f2f1527b7684b606c263ef1e3982ac19046fe7e290d3a86a54856ae2c
Opcode Fuzzy Hash: ff036df80b210b54e2fa160841ffd8a7ad68a192e85da69035cbbac9a23d53b8
Instruction Fuzzy Hash: 21512C74B001086BDB01FBA6DE91A9E7BA9DB84304F50D47FA181BB3C6CA3CDA05875D

Function 0041169C Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158windowCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,004118A1), ref: 00411734
InsertMenuItemA.USER32(?,000000FF,00000001,0000002C), ref: 004117F2

Part of subcall function 00411A54: CreatePopupMenu.USER32 ref: 00411A6E

InsertMenuA.USER32(?,000000FF,?,?,00000000), ref: 0041187E

Part of subcall function 00411A54: CreateMenu.USER32 ref: 00411A78

InsertMenuA.USER32(?,000000FF,?,00000000,00000000), ref: 00411865

Strings

?, xrefs: 0041174E
,, xrefs: 00411747

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$Insert$Create$ItemPopupVersion
String ID: ,$?
API String ID: 2359071979-2308483597
Opcode ID: baa12968a9006a52d5e4ef876005b49ebe402715d6320ec9eb47ca094d0fc02d
Instruction ID: 726e600f223273bd08914059578a8101eea6a2d33d3ff692803082349b8399f4
Opcode Fuzzy Hash: baa12968a9006a52d5e4ef876005b49ebe402715d6320ec9eb47ca094d0fc02d
Instruction Fuzzy Hash: 02511574A041419BDB10EF6ADC815DA7BF9AF09304B1185BBFA04E73B2D738D941CB58

Function 0041BE0B Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON

Download Yara Rule

APIs

GetObjectA.GDI32(?,00000018,?), ref: 0041BED0
GetObjectA.GDI32(?,00000018,?), ref: 0041BEDF
GetBitmapBits.GDI32(?,?,?), ref: 0041BF30
GetBitmapBits.GDI32(?,?,?), ref: 0041BF3E
DeleteObject.GDI32(?), ref: 0041BF47
DeleteObject.GDI32(?), ref: 0041BF50
CreateIcon.USER32(00400000,?,?,?,?,?,?), ref: 0041BF6D

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$BitmapBitsDelete$CreateIcon
String ID:
API String ID: 1030595962-0
Opcode ID: 1e4853d75d21bc1926ba7cf5224c89ea8ebb7500f7ae85efd10c66dcd062618b
Instruction ID: f0e05dfe27ce23013596edce2c43a20e6d26497d7b74886029f11bde31f0b820
Opcode Fuzzy Hash: 1e4853d75d21bc1926ba7cf5224c89ea8ebb7500f7ae85efd10c66dcd062618b
Instruction Fuzzy Hash: 2A511675E002099FCB14DFA9C8819EEB7F9EF49310B11842AF514E7391D738AD81CB64

Function 0041CE80 Relevance: 10.7, APIs: 7, Instructions: 152windowCOMMON

Download Yara Rule

APIs

SetStretchBltMode.GDI32(00000000,00000003), ref: 0041CEA6
73A24620.GDI32(00000000,00000026), ref: 0041CEC5
73A18830.GDI32(?,?,00000001,00000000,00000026), ref: 0041CF2B
73A122A0.GDI32(?,?,?,00000001,00000000,00000026), ref: 0041CF3A
StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?), ref: 0041CFA4
StretchDIBits.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?,00000000,?), ref: 0041CFE2
73A18830.GDI32(?,?,00000001,0041D014,00000000,00000026), ref: 0041D007

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Stretch$A18830$A122A24620BitsMode
String ID:
API String ID: 430401518-0
Opcode ID: aa7efd9841db0397c835a8e493930d486de59a27429b2987e03207e86632ff54
Instruction ID: 716ae2cbf74db7cca6ca85613245d2cbdededc4b908a0ab63d95ef833b57d340
Opcode Fuzzy Hash: aa7efd9841db0397c835a8e493930d486de59a27429b2987e03207e86632ff54
Instruction Fuzzy Hash: 4C511EB0600604AFDB14DFA9C985F9BBBE8EF08304F14455AB545D7792C778ED81CB68

Function 00454F3C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000000,?,?), ref: 00454F8E

Part of subcall function 00424224: GetWindowTextA.USER32(?,?,00000100), ref: 00424244

Part of subcall function 0041EE4C: GetCurrentThreadId.KERNEL32 ref: 0041EE9B
Part of subcall function 0041EE4C: 73A25940.USER32(00000000,0041EDFC,00000000,00000000,0041EEB8,?,00000000,0041EEEF,?,0042E7E8,?,00000001), ref: 0041EEA1

Part of subcall function 0042426C: SetWindowTextA.USER32(?,00000000), ref: 00424284

GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00454FF5
TranslateMessage.USER32(?), ref: 00455013
DispatchMessageA.USER32(?), ref: 0045501C

Strings

[Paused] , xrefs: 00454FC4

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$TextWindow$A25940CurrentDispatchSendThreadTranslate
String ID: [Paused]
API String ID: 3047529653-4230553315
Opcode ID: 141f149095fb27d577fc31764a328687d2f30d229be375c220db36f4bd74699d
Instruction ID: 741a01f18879a345a5b07686917d8e40ce5d5c24a876243dd54feaf600687e8f
Opcode Fuzzy Hash: 141f149095fb27d577fc31764a328687d2f30d229be375c220db36f4bd74699d
Instruction Fuzzy Hash: 3231E331908644AECB11DBB5DC51BEE7BB8EB49704F50447BE800E32D2D67C9909CBA9

Function 00466210 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99sleepCOMMON

Download Yara Rule

APIs

GetCursor.USER32(00000000,0046634F), ref: 004662CC
LoadCursorA.USER32(00000000,00007F02), ref: 004662DA
SetCursor.USER32(00000000,00000000,00007F02,00000000,0046634F), ref: 004662E0
Sleep.KERNEL32(000002EE,00000000,00000000,00007F02,00000000,0046634F), ref: 004662EA
SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02,00000000,0046634F), ref: 004662F0

Strings

CheckPassword, xrefs: 00466274

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Cursor$LoadSleep
String ID: CheckPassword
API String ID: 4023313301-1302249611
Opcode ID: dcac28800608870031fcac25a900b831df3bca65ce0f78045b4d70193f3a0fd9
Instruction ID: e12dea2b5957d6b50ca2ed371003984113864468440f1a681d17ee3b0f813ced
Opcode Fuzzy Hash: dcac28800608870031fcac25a900b831df3bca65ce0f78045b4d70193f3a0fd9
Instruction Fuzzy Hash: 2931A774644204AFD701EF69C88AF9E7BE1AF45304F5680B6F904AB3E2D7789E40CB59

Function 0041C0F0 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0041BFF0: GetObjectA.GDI32(?,00000018), ref: 0041BFFD

GetFocus.USER32 ref: 0041C110
73A1A570.USER32(?), ref: 0041C11C
73A18830.GDI32(?,?,00000000,00000000,0041C19B,?,?), ref: 0041C13D
73A122A0.GDI32(?,?,?,00000000,00000000,0041C19B,?,?), ref: 0041C149
GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0041C160
73A18830.GDI32(?,00000000,00000000,0041C1A2,?,?), ref: 0041C188
73A1A480.USER32(?,?,0041C1A2,?,?), ref: 0041C195

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: A18830$A122A480A570BitsFocusObject
String ID:
API String ID: 2231653193-0
Opcode ID: 4b5817af3930a7da88de8c776c2c87f1b057dc8e6189491f9691f509f6f43723
Instruction ID: e1839615c60f4afd83c90c330261c8dd65eba5fe4d32295df669e4ba5c229ee2
Opcode Fuzzy Hash: 4b5817af3930a7da88de8c776c2c87f1b057dc8e6189491f9691f509f6f43723
Instruction Fuzzy Hash: 24116D71A44608BBDB10DBE9CC85FAFB7FCEF48700F54446AB518E7281D63898008B28

Function 0047C58C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0047C644), ref: 0047C629

Strings

ProductType, xrefs: 0047C5C8
LanmanNT, xrefs: 0047C5F3
System\CurrentControlSet\Control\ProductOptions, xrefs: 0047C5B0
WinNT, xrefs: 0047C5D9
ServerNT, xrefs: 0047C60D

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpen
String ID: LanmanNT$ProductType$ServerNT$System\CurrentControlSet\Control\ProductOptions$WinNT
API String ID: 47109696-2530820420
Opcode ID: 216c442831188f385001bfb6125c95756f0f6973d9343121dce614720b27fbcb
Instruction ID: ba25b35c1adc0b75f4f324f6cb59f82a98d74cc289aeabc78b4d1a44d03816b4
Opcode Fuzzy Hash: 216c442831188f385001bfb6125c95756f0f6973d9343121dce614720b27fbcb
Instruction Fuzzy Hash: 84118E30B04204AADB10DB659AC2B9A7BA89B56308F61D0BFA408A7285DB789A018758

Function 0041B40A Relevance: 10.6, APIs: 7, Instructions: 57windowCOMMON

Download Yara Rule

APIs

SelectObject.GDI32(00000000,?), ref: 0041B418
SelectObject.GDI32(?,00000000), ref: 0041B427
StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B453
SelectObject.GDI32(00000000,00000000), ref: 0041B461
SelectObject.GDI32(?,00000000), ref: 0041B46F
DeleteDC.GDI32(00000000), ref: 0041B478
DeleteDC.GDI32(?), ref: 0041B481

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ObjectSelect$Delete$Stretch
String ID:
API String ID: 1458357782-0
Opcode ID: d8fcd08cd1e6b3b068bfae977a68b3e89a280d1eb5928260e7975f8e8b8626d0
Instruction ID: 04c6450d5990685007640eea88a29337d1268334102612a79928454e9dde4d04
Opcode Fuzzy Hash: d8fcd08cd1e6b3b068bfae977a68b3e89a280d1eb5928260e7975f8e8b8626d0
Instruction Fuzzy Hash: 3F114CB2E00555ABDF10DAD9D885FEFB3BCEF08704F048556B614FB241C678A9418B54

Function 0048D690 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,?,?,00000000), ref: 0048D6A1

Part of subcall function 0041A190: CreateFontIndirectA.GDI32(?), ref: 0041A24F

SelectObject.GDI32(00000000,00000000), ref: 0048D6C3
GetTextExtentPointA.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,0048DC19), ref: 0048D6D7
GetTextMetricsA.GDI32(00000000,?), ref: 0048D6F9
73A1A480.USER32(00000000,00000000,0048D723,0048D71C,?,00000000,?,?,00000000), ref: 0048D716

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 0048D6CE

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Text$A480A570CreateExtentFontIndirectMetricsObjectPointSelect
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
API String ID: 1435929781-222967699
Opcode ID: 2b902195bd78e3a85a14461ba25cf2a461328febbf25ed1a984847a0c9924e98
Instruction ID: 56f2b7a4074af1b55b95a42d0c90d732b29dffae751eaa68173dd8b8b984e531
Opcode Fuzzy Hash: 2b902195bd78e3a85a14461ba25cf2a461328febbf25ed1a984847a0c9924e98
Instruction Fuzzy Hash: E5012575A05608AFDB01EEA5CC41F5FB7ECDB49704F51447AB504E72C1D678AD008B68

Function 0042333C Relevance: 10.6, APIs: 7, Instructions: 56threadwindowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32 ref: 00423357
WindowFromPoint.USER32(?,?), ref: 00423364
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00423372
GetCurrentThreadId.KERNEL32 ref: 00423379
SendMessageA.USER32(00000000,00000084,?,?), ref: 00423392
SendMessageA.USER32(00000000,00000020,00000000,00000000), ref: 004233A9
SetCursor.USER32(00000000), ref: 004233BB

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
String ID:
API String ID: 1770779139-0
Opcode ID: 7a1fa5eb43588ed905b36272748367152b50e279982f14557b7e119d831a34ac
Instruction ID: 0b857e85cec8b006a236e34f0c55496e129225b07c91d7ef35ca05f8a9fb34e8
Opcode Fuzzy Hash: 7a1fa5eb43588ed905b36272748367152b50e279982f14557b7e119d831a34ac
Instruction Fuzzy Hash: 5801D42230431026D620BB795C86F2F62A9DFC5B25F50453FBA09AB283DE3D8D1063AD

Function 0048D4B4 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(user32.dll), ref: 0048D4C4
GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 0048D4D1
GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0048D4DE

Strings

GetMonitorInfoA, xrefs: 0048D4D8
user32.dll, xrefs: 0048D4BF
MonitorFromRect, xrefs: 0048D4CB

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetMonitorInfoA$MonitorFromRect$user32.dll
API String ID: 667068680-2254406584
Opcode ID: 6786598ab4ed6b29e551e4434715b5d92cf041e967db77cd6a5fdf9f42b76a8d
Instruction ID: 67b51c375aa01bca0c5088982691f1e3d037f3b871651ee40e205a1bc027e1e2
Opcode Fuzzy Hash: 6786598ab4ed6b29e551e4434715b5d92cf041e967db77cd6a5fdf9f42b76a8d
Instruction Fuzzy Hash: 19F0C292E42B1476DA1035BA0C82E7F628CCB8A768F140837BD45A72C2E9688D0543AD

Function 0045A67C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 34libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,ISCryptGetVersion), ref: 0045A685
GetProcAddress.KERNEL32(00000000,ArcFourInit), ref: 0045A695
GetProcAddress.KERNEL32(00000000,ArcFourCrypt), ref: 0045A6A5

Strings

ArcFourCrypt, xrefs: 0045A69F
ISCryptGetVersion, xrefs: 0045A67F
ArcFourInit, xrefs: 0045A68F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc
String ID: ArcFourCrypt$ArcFourInit$ISCryptGetVersion
API String ID: 190572456-508647305
Opcode ID: b50286813e04f81c7a6efa6a560a2cc7dac75f01e1440ccd7e3cdc890a972b89
Instruction ID: 4e0395d972810c9416c3368882ebdde2c5e01ffaaeaf982be760f48a4fca4704
Opcode Fuzzy Hash: b50286813e04f81c7a6efa6a560a2cc7dac75f01e1440ccd7e3cdc890a972b89
Instruction Fuzzy Hash: 3DF062B1532700FBDB08DF729EC422736B5B364396F18C13BA804551AAD7BC0458EA0D

Function 0045AB7C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressInit), ref: 0045AB85
GetProcAddress.KERNEL32(00000000,BZ2_bzDecompress), ref: 0045AB95
GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressEnd), ref: 0045ABA5

Strings

BZ2_bzDecompressInit, xrefs: 0045AB7F
BZ2_bzDecompressEnd, xrefs: 0045AB9F
BZ2_bzDecompress, xrefs: 0045AB8F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc
String ID: BZ2_bzDecompress$BZ2_bzDecompressEnd$BZ2_bzDecompressInit
API String ID: 190572456-212574377
Opcode ID: 06ad267ddbe9a67695a24deefdef499722044127c2f74fee0a459ad65b6435b0
Instruction ID: 78c3aec0c34357df070bc40c46de1e5cd03a4b776be7e77430bdb5cc110f23ad
Opcode Fuzzy Hash: 06ad267ddbe9a67695a24deefdef499722044127c2f74fee0a459ad65b6435b0
Instruction Fuzzy Hash: 66F06DB0500742EADB14DF32AE44B3237A6A368306F04913BA909552AAD7FC145EEE5E

Function 0044BEB8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 28libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(oleacc.dll,?,0044E775), ref: 0044BEC7
GetProcAddress.KERNEL32(00000000,LresultFromObject), ref: 0044BED8
GetProcAddress.KERNEL32(00000000,CreateStdAccessibleObject), ref: 0044BEE8

Strings

CreateStdAccessibleObject, xrefs: 0044BEE2
LresultFromObject, xrefs: 0044BED2
oleacc.dll, xrefs: 0044BEC2

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: CreateStdAccessibleObject$LresultFromObject$oleacc.dll
API String ID: 2238633743-1050967733
Opcode ID: abacc1ed5ed1df711e1e8ee03ae90b21d03a72e98de670892c8574e2f0669abe
Instruction ID: 119d9ded96c8020385292050e9bd4a1b60054d62b4ab52501d4127c2865211ec
Opcode Fuzzy Hash: abacc1ed5ed1df711e1e8ee03ae90b21d03a72e98de670892c8574e2f0669abe
Instruction Fuzzy Hash: 62F0FE70545745AAEB10ABE49E86B223294E320709F10157BA005B52E1C7FDC48CCE5D

Function 0042E744 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 20libraryloaderwindowCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0048DD4A,QueryCancelAutoPlay,00490B7B), ref: 0042E75A
GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E760
InterlockedExchange.KERNEL32(00492660,00000001), ref: 0042E771
ChangeWindowMessageFilter.USER32(0000C1C1,00000001), ref: 0042E782

Strings

ChangeWindowMessageFilter, xrefs: 0042E750
user32.dll, xrefs: 0042E755

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressChangeExchangeFilterHandleInterlockedMessageModuleProcWindow
String ID: ChangeWindowMessageFilter$user32.dll
API String ID: 1365377179-2498399450
Opcode ID: eab0b65c3067cf7eebd20b0fa5e3b11d0b4fe551875263116f1b4c2d8dfe968a
Instruction ID: 232ca1bda8f30e1dbeb1e37a17564225c323fdce3e6d3ccf23913f9b659c3ecd
Opcode Fuzzy Hash: eab0b65c3067cf7eebd20b0fa5e3b11d0b4fe551875263116f1b4c2d8dfe968a
Instruction Fuzzy Hash: 50E0ECB1742310BAEA247BB26E8AF5A2594A774715F900037F000655E6C6FD0D44D91D

Function 00472434 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 14libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,?,00490B71), ref: 0047243A
GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00472447
GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00472457

Strings

kernel32.dll, xrefs: 00472435
VerifyVersionInfoW, xrefs: 00472451
VerSetConditionMask, xrefs: 00472441

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: VerSetConditionMask$VerifyVersionInfoW$kernel32.dll
API String ID: 667068680-222143506
Opcode ID: 0f9ecaba7a057c0ff261be8817688d558130c40e5a9a1257119e418d6d35d74a
Instruction ID: 2634119a36086f07b4582bff0c6698110bc0db6046ba951e872dfe9231fcc97c
Opcode Fuzzy Hash: 0f9ecaba7a057c0ff261be8817688d558130c40e5a9a1257119e418d6d35d74a
Instruction Fuzzy Hash: 7AC0C9E0641700AEAA08B7B11E8397A2168D520B29B10813B704869187D6FC08045A2C

Function 0041B614 Relevance: 9.1, APIs: 6, Instructions: 144windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 0041B6ED
73A1A570.USER32(?), ref: 0041B6F9
73A18830.GDI32(00000000,?,00000000,00000000,0041B7C4,?,?), ref: 0041B72E
73A122A0.GDI32(00000000,00000000,?,00000000,00000000,0041B7C4,?,?), ref: 0041B73A
73A26310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041B7A2,?,00000000,0041B7C4,?,?), ref: 0041B768
73A18830.GDI32(00000000,00000000,00000000,0041B7A9,?,?,00000000,00000000,0041B7A2,?,00000000,0041B7C4,?,?), ref: 0041B79C

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: A18830$A122A26310A570Focus
String ID:
API String ID: 3906783838-0
Opcode ID: 2189f248925abbd8b3ed1d854bd6b727da44b470d0452cebfb9837d533ec30a6
Instruction ID: 8a3990a2e5d6fcee7426173f9b26f44009bdffde0bb17d68edab7397fe7bbe52
Opcode Fuzzy Hash: 2189f248925abbd8b3ed1d854bd6b727da44b470d0452cebfb9837d533ec30a6
Instruction Fuzzy Hash: 8C513D70A00608AFCF11DFA9C895AEEBBF4EF49704F10446AF510A7390D7789D81CBA9

Function 0041B8E4 Relevance: 9.1, APIs: 6, Instructions: 142windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 0041B9BF
73A1A570.USER32(?), ref: 0041B9CB
73A18830.GDI32(00000000,?,00000000,00000000,0041BA91,?,?), ref: 0041BA05
73A122A0.GDI32(00000000,00000000,?,00000000,00000000,0041BA91,?,?), ref: 0041BA11
73A26310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041BA6F,?,00000000,0041BA91,?,?), ref: 0041BA35
73A18830.GDI32(00000000,00000000,00000000,0041BA76,?,?,00000000,00000000,0041BA6F,?,00000000,0041BA91,?,?), ref: 0041BA69

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: A18830$A122A26310A570Focus
String ID:
API String ID: 3906783838-0
Opcode ID: d8a2f350e31498a5aae0f9e9012618de704534965e1e336577d5547a4b9cf6c8
Instruction ID: 5f2264137962bc3366777cb0a2f232ffee2f3444c58f5864d32a49a15d3a62ac
Opcode Fuzzy Hash: d8a2f350e31498a5aae0f9e9012618de704534965e1e336577d5547a4b9cf6c8
Instruction Fuzzy Hash: FF512A75A002089FCB11DFA9C891AAEBBF9EF48700F118066F904EB751D7389D40CBA4

Function 0041B4B0 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 0041B526
73A1A570.USER32(?,00000000,0041B600,?,?,?,?), ref: 0041B532
73A24620.GDI32(?,00000068,00000000,0041B5D4,?,?,00000000,0041B600,?,?,?,?), ref: 0041B54E
73A4E680.GDI32(?,00000000,00000008,?,?,00000068,00000000,0041B5D4,?,?,00000000,0041B600,?,?,?,?), ref: 0041B56B
73A4E680.GDI32(?,00000000,00000008,?,?,00000000,00000008,?,?,00000068,00000000,0041B5D4,?,?,00000000,0041B600), ref: 0041B582
73A1A480.USER32(?,?,0041B5DB,?,?), ref: 0041B5CE

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: E680$A24620A480A570Focus
String ID:
API String ID: 3709697839-0
Opcode ID: 01c1ab1f7a911bde34d09cc2a342371f0a4accf8ff51a2ca553a34b6587143a8
Instruction ID: 7d01233871e956700e45bbdad6d64e5c71f2ea9c135790645ddd3605e450c40d
Opcode Fuzzy Hash: 01c1ab1f7a911bde34d09cc2a342371f0a4accf8ff51a2ca553a34b6587143a8
Instruction Fuzzy Hash: 75410831A04258AFCB10DFA9C885EAFBBB5EF49704F1484AAF540E7341D3389D10CBA9

Function 004571F4 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720

MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000030,00000FFF,00000000,00457320,?,?,00000000,00000000), ref: 0045725B

Part of subcall function 00456B34: CloseHandle.KERNEL32(?), ref: 00456B6B
Part of subcall function 00456B34: WaitForSingleObject.KERNEL32(?,00002710,?), ref: 00456B95
Part of subcall function 00456B34: GetExitCodeProcess.KERNEL32(?), ref: 00456BA6
Part of subcall function 00456B34: CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00456BED
Part of subcall function 00456B34: Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00456C09

Part of subcall function 00456B34: TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00456B87

Strings

LoadTypeLib, xrefs: 004572A4
RegisterTypeLib, xrefs: 004572C1
UnRegisterTypeLib, xrefs: 004572EF
ITypeLib::GetLibAttr, xrefs: 004572D3
HelperRegisterTypeLibrary: StatusCode invalid, xrefs: 004572FB

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandleProcess$ByteCharCodeExitFullMultiNameObjectPathSingleSleepTerminateWaitWide
String ID: HelperRegisterTypeLibrary: StatusCode invalid$ITypeLib::GetLibAttr$LoadTypeLib$RegisterTypeLib$UnRegisterTypeLib
API String ID: 3965036325-83444288
Opcode ID: 48a304393f9a5fdad174ccbc4c24f8d38665409cf09cad508aa9efef9afbbf6f
Instruction ID: f74eade9246c561d7eda77dee430a1fc41308778ed490b298c47d2a514b049d7
Opcode Fuzzy Hash: 48a304393f9a5fdad174ccbc4c24f8d38665409cf09cad508aa9efef9afbbf6f
Instruction Fuzzy Hash: 1A318F30708604EBD711EB7A9882A5EB7E8EB44316F50847BBC45D7393DB38AE09D61D

Function 0045A540 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 73COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000057,00000000,0045A60C,?,?,?,?,00000000), ref: 0045A5AB
SetLastError.KERNEL32(00000000,00000002,?,?,?,0045A678,?,00000000,0045A60C,?,?,?,?,00000000), ref: 0045A5EA

Strings

CLASSES_ROOT, xrefs: 0045A570
USERS, xrefs: 0045A59D
CURRENT_USER, xrefs: 0045A57F
MACHINE, xrefs: 0045A58E

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast
String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
API String ID: 1452528299-1580325520
Opcode ID: 068a73805bbc91043a3266f77ff4c4ee40905737be1478f272e1aee34357c8d5
Instruction ID: 2c7cc5846e01bfe9336b3e21a4f35d5db95fca715acc3ac4ded287c5e5725028
Opcode Fuzzy Hash: 068a73805bbc91043a3266f77ff4c4ee40905737be1478f272e1aee34357c8d5
Instruction Fuzzy Hash: 3611A53560420CFBDB11DAA5C941F9E7AACDB84306F644137BD0166283E67C5F1E992F

Function 0041BD34 Relevance: 9.1, APIs: 6, Instructions: 71COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(0000000B), ref: 0041BD7D
GetSystemMetrics.USER32(0000000C), ref: 0041BD87
73A1A570.USER32(00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BD91
73A24620.GDI32(00000000,0000000E,00000000,0041BE04,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BDB8
73A24620.GDI32(00000000,0000000C,00000000,0000000E,00000000,0041BE04,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BDC5
73A1A480.USER32(00000000,00000000,0041BE0B,0000000E,00000000,0041BE04,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BDFE

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: A24620MetricsSystem$A480A570
String ID:
API String ID: 4042297458-0
Opcode ID: c0f607c4832dab40e87e7b844f37412e582122e43c2ccad9e229f5b09a45b98f
Instruction ID: ff93124ca59b6ac00208e06d0df3eb10c0faf638cbb47b26d2833e339793a6eb
Opcode Fuzzy Hash: c0f607c4832dab40e87e7b844f37412e582122e43c2ccad9e229f5b09a45b98f
Instruction Fuzzy Hash: 54213C74E00649AFEB04EFA9C942BEEB7B4EB48714F10802AF514B7780D7785940CFA9

Function 00477494 Relevance: 9.1, APIs: 6, Instructions: 57COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000EC), ref: 004774A2
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,00467815), ref: 004774C8
GetWindowLongA.USER32(?,000000EC), ref: 004774D8
SetWindowLongA.USER32(?,000000EC,00000000), ref: 004774F9
ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 0047750D
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 00477529

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Long$Show
String ID:
API String ID: 3609083571-0
Opcode ID: c41eeb88aa2c4be8c20c0d4bdc52dfa49bc3e122ae2c45cc5b3722405c0ca91b
Instruction ID: d82ed46f6b466fc3f8bc0bdcacefb2f605830931c017ceeb26b2ec5954116533
Opcode Fuzzy Hash: c41eeb88aa2c4be8c20c0d4bdc52dfa49bc3e122ae2c45cc5b3722405c0ca91b
Instruction Fuzzy Hash: 46015EB5655310BBD700DBA8CE41F263798AB0D334F090266B558DF7E3C279DC008BA8

Function 0041B218 Relevance: 9.0, APIs: 6, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 0041A688: CreateBrushIndirect.GDI32 ref: 0041A6F3

UnrealizeObject.GDI32(00000000), ref: 0041B224
SelectObject.GDI32(?,00000000), ref: 0041B236
SetBkColor.GDI32(?,00000000), ref: 0041B259
SetBkMode.GDI32(?,00000002), ref: 0041B264
SetBkColor.GDI32(?,00000000), ref: 0041B27F
SetBkMode.GDI32(?,00000001), ref: 0041B28A

Part of subcall function 0041A000: GetSysColor.USER32(?), ref: 0041A00A

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
String ID:
API String ID: 3527656728-0
Opcode ID: f29873dfcf61593aa75cb2549b6a9cf3e48997b8b5295c1044d98b88f295631e
Instruction ID: 991835cd13d00b1ecf70cab2c5668301369c46a92689b2ced77f157eaba3f874
Opcode Fuzzy Hash: f29873dfcf61593aa75cb2549b6a9cf3e48997b8b5295c1044d98b88f295631e
Instruction Fuzzy Hash: F1F0BFB1151500ABCF00FFAAD9CBE4B27A89F043097148057B944DF197C538D8504B3A

Function 00473910 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 210registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000000,jPG,?,00000000,00000000,00000001,00000000,00473BAD,?,00000000), ref: 00473B71

Strings

Failed to parse "reg" constant, xrefs: 00473B78
Cannot access a 64-bit key in a "reg" constant on this version of Windows, xrefs: 004739E5
jPG, xrefs: 00473AAB, 00473ACF, 00473B50, 00473AAE
yNG, xrefs: 00473B31

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Close
String ID: Cannot access a 64-bit key in a "reg" constant on this version of Windows$Failed to parse "reg" constant$jPG$yNG
API String ID: 3535843008-3932832818
Opcode ID: fe45ef2342a58487a09325f3d72e231b2f56a556e2c95cc83f03531c0fc218de
Instruction ID: b7c2468eb7ac37771866f0ed0bbac7860b45a2d6c62ae04d18380af0e8b21fb7
Opcode Fuzzy Hash: fe45ef2342a58487a09325f3d72e231b2f56a556e2c95cc83f03531c0fc218de
Instruction Fuzzy Hash: D6816474E00148AFCB10DFA5C442ADEBBF9AF48315F5085AAE454B7391D738AF05CB98

Function 00453BEC Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,00453D83,?,00000000,00453DC3), ref: 00453CC9

Strings

PendingFileRenameOperations, xrefs: 00453C68
WININIT.INI, xrefs: 00453CF8
SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00453C4C
PendingFileRenameOperations2, xrefs: 00453C98

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpen
String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
API String ID: 47109696-2199428270
Opcode ID: 9cb5c1f0a044df6afda0d360ea4bc27dd08283e5185a3e1e925179899d14cb99
Instruction ID: aa5cd69e504587c061a58de22e540fe2c0eb6883408e267526cdea27caab368f
Opcode Fuzzy Hash: 9cb5c1f0a044df6afda0d360ea4bc27dd08283e5185a3e1e925179899d14cb99
Instruction Fuzzy Hash: AF51D730E002489BDB10EF61DC52ADEB7B9EF44745F50857BE804A7292DB3CAF09CA18

Function 0048FDEC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 0042426C: SetWindowTextA.USER32(?,00000000), ref: 00424284

ShowWindow.USER32(?,00000005,00000000,00490051,?,?,00000000), ref: 0048FE22

Part of subcall function 0042D7A8: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D7BB

Part of subcall function 00407248: SetCurrentDirectoryA.KERNEL32(00000000,?,0048FE4A,00000000,0049001D,?,?,00000005,00000000,00490051,?,?,00000000), ref: 00407253

Part of subcall function 0042D330: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D3BE,?,?,00000000,?,?,0048FE54,00000000,0049001D,?,?,00000005), ref: 0042D365

Strings

Uninstall, xrefs: 0048FE08
.msg, xrefs: 0048FE88
.dat, xrefs: 0048FE69
IMsg, xrefs: 0048FEF6

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
String ID: .dat$.msg$IMsg$Uninstall
API String ID: 3312786188-1660910688
Opcode ID: 784f23c22bc4089779bce205d7ff3f28a2137267b823b7c18b58de954d51b763
Instruction ID: 7c6a2e238760992e5c67a20dbafbe681e3287029f6f793f122bf29b0ac37eaf5
Opcode Fuzzy Hash: 784f23c22bc4089779bce205d7ff3f28a2137267b823b7c18b58de954d51b763
Instruction Fuzzy Hash: 33316134A002049FCB11FF65DC52A5E7BB5EB89308F50847BF900A7751CB39AD05DB58

Function 0042DC6C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32registrylibraryloaderCOMMON

Download Yara Rule

APIs

RegDeleteKeyA.ADVAPI32(?,00000000), ref: 0042DC78
GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,?,00000000,0042DDFB,00000000,0042DE13,?,?,?,?,00000006,?,00000000,0048F8FB), ref: 0042DC93
GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042DC99

Strings

RegDeleteKeyExA, xrefs: 0042DC89
advapi32.dll, xrefs: 0042DC8E

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressDeleteHandleModuleProc
String ID: RegDeleteKeyExA$advapi32.dll
API String ID: 588496660-1846899949
Opcode ID: 7a80425bfa703e483b3faf6f338cf9008a09661c63399848f89508ca22aefea6
Instruction ID: f6d26141eb233d03b94b2ed72026fa1db25b9960d6d40d8c32de7d906beb62d4
Opcode Fuzzy Hash: 7a80425bfa703e483b3faf6f338cf9008a09661c63399848f89508ca22aefea6
Instruction Fuzzy Hash: AAE06DF0B41230BAD62067ABBE4AF9326289F64725F544537F145A62D182FC4C41DE5C

Function 00471674 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderthreadCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32(00000000), ref: 0047167C
GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00471773,\/I,00000000), ref: 0047168F
GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00471695

Strings

user32.dll, xrefs: 0047168A
AllowSetForegroundWindow, xrefs: 00471685

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProcProcessThreadWindow
String ID: AllowSetForegroundWindow$user32.dll
API String ID: 1782028327-3855017861
Opcode ID: aea0b27367123c46f2d2ab027466b49d23c9b655d45f9b28428bbd603b637824
Instruction ID: a3f3d1e0e2b6813b030e7eba76e2e5281102dca64866dc994b1bbab78c7268d3
Opcode Fuzzy Hash: aea0b27367123c46f2d2ab027466b49d23c9b655d45f9b28428bbd603b637824
Instruction Fuzzy Hash: ACD05EA0A017016BDE20B2B98D46D9B229C8D9471571C842B3404E21A6CA7CE800593C

Function 00416BD4 Relevance: 7.6, APIs: 5, Instructions: 104COMMON

Download Yara Rule

APIs

BeginPaint.USER32(00000000,?), ref: 00416BFA
SaveDC.GDI32(?), ref: 00416C2B
ExcludeClipRect.GDI32(?,?,?,?,?,?,00000000,00416CED), ref: 00416C8C
RestoreDC.GDI32(?,?), ref: 00416CB3
EndPaint.USER32(00000000,?,00416CF4,00000000,00416CED), ref: 00416CE7

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Paint$BeginClipExcludeRectRestoreSave
String ID:
API String ID: 3808407030-0
Opcode ID: 05b91c705dead32c22d601d06aaaaefc09bf00903a581cfd1e69d9044e53cd27
Instruction ID: 511e07c03593910ab38166e7e8fb99fbe2c7a584a9aae09983b44cf3f48c28fc
Opcode Fuzzy Hash: 05b91c705dead32c22d601d06aaaaefc09bf00903a581cfd1e69d9044e53cd27
Instruction Fuzzy Hash: E3414F70A04204AFCB14DFA9C985FAEB7F8EF48304F1640AAE84497362D778ED41CB58

Function 004147A8 Relevance: 7.6, APIs: 5, Instructions: 102COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(?,?,?), ref: 004147DE
MulDiv.KERNEL32(?,?,?), ref: 004147F8
MulDiv.KERNEL32(?,?,?), ref: 00414821
MulDiv.KERNEL32(?,?,?), ref: 0041484C
MulDiv.KERNEL32(00000000,?,00000000), ref: 00414894

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1db4e5bd5f3073e3ba55cd164d497178988a2e4975f87a427fd18fb625363a14
Instruction ID: 16203bcbef39f9c243701adad7e95064df465d958f07c31b5226583d855f1c1b
Opcode Fuzzy Hash: 1db4e5bd5f3073e3ba55cd164d497178988a2e4975f87a427fd18fb625363a14
Instruction Fuzzy Hash: 26311F746047409FC320EB69C985BABB7E8AF89714F04891EF9D5C7791C678EC818B19

Function 00429774 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 004297B0
SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 004297DF
SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 004297FB
SendMessageA.USER32(00000000,000000B1,00000000,00000000), ref: 00429826
SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 00429844

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 4dd9bf55c7c84a0b3396b3554a59a90620238bc04d6e8efcc95ab0f776c5b98c
Instruction ID: 5d1141d17212aa5e1ef3752c12f2028c23e494b9df8dcdef2cd4cdfe20676ed7
Opcode Fuzzy Hash: 4dd9bf55c7c84a0b3396b3554a59a90620238bc04d6e8efcc95ab0f776c5b98c
Instruction Fuzzy Hash: 3D21A1707507047AD710AB67DC82F9B76ACEB42B04F95443E7502BB2D2DA79DD428258

Function 0041BB60 Relevance: 7.6, APIs: 5, Instructions: 83COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(0000000B), ref: 0041BB72
GetSystemMetrics.USER32(0000000C), ref: 0041BB7C
73A1A570.USER32(00000000,00000001,0000000C,0000000B,?,?), ref: 0041BBBA
73A26310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041BD25,?,00000000,00000001,0000000C,0000000B,?,?), ref: 0041BC01
DeleteObject.GDI32(00000000), ref: 0041BC42

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MetricsSystem$A26310A570DeleteObject
String ID:
API String ID: 4277397052-0
Opcode ID: 9adb9e8c89caf01d0a638f348740fc7edbd2731d44c2c24643151140fb28a82b
Instruction ID: 7d0d535dbebdf4f070bae8ba3fc8fcac1153e0bddf000454aa628fb6ab968105
Opcode Fuzzy Hash: 9adb9e8c89caf01d0a638f348740fc7edbd2731d44c2c24643151140fb28a82b
Instruction Fuzzy Hash: 0D317174E00209EFDB04DFA5C941AAEF7F5EB48700F10846AF514AB385D7389E80DB94

Function 0046D898 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 0045A540: SetLastError.KERNEL32(00000057,00000000,0045A60C,?,?,?,?,00000000), ref: 0045A5AB

GetLastError.KERNEL32(00000000,00000000,00000000,0046D96C,?,?,00000001,0049307C), ref: 0046D925
GetLastError.KERNEL32(00000000,00000000,00000000,0046D96C,?,?,00000001,0049307C), ref: 0046D93B

Strings

Failed to set permissions on registry key (%d)., xrefs: 0046D94C
Setting permissions on registry key: %s\%s, xrefs: 0046D8EA
Could not set permissions on the registry key because it currently does not exist., xrefs: 0046D92F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast
String ID: Could not set permissions on the registry key because it currently does not exist.$Failed to set permissions on registry key (%d).$Setting permissions on registry key: %s\%s
API String ID: 1452528299-4018462623
Opcode ID: 18f77fade0994c6fc899b5d9ef85e329e14ba50152d782af13df1c5d82336a90
Instruction ID: 2fb07483fd0a7251048a58d7dedf702ee348f7c8dbf283d8b9408d2b96eb0a9e
Opcode Fuzzy Hash: 18f77fade0994c6fc899b5d9ef85e329e14ba50152d782af13df1c5d82336a90
Instruction Fuzzy Hash: CB21A4B0F046445FCB00DBA9C8826AEBAE4DB49314F50417BA414E7392E6785D09CBAE

Function 00403CA4 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403CFC
SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403D06
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403D15

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide$AllocString
String ID:
API String ID: 262959230-0
Opcode ID: ec9330e6fa7a8659c1beb9ec543e50d139d4e0e8a78981a79d0ac640ed5c34b8
Instruction ID: 657f84db466bd1c54801a2b30447fc2084338491f8142acf58a262d5883cef98
Opcode Fuzzy Hash: ec9330e6fa7a8659c1beb9ec543e50d139d4e0e8a78981a79d0ac640ed5c34b8
Instruction Fuzzy Hash: FCF0A4917442043BF21025A65C43F6B198CCB82B9BF50053FB704FA1D2D87C9D04427D

Function 00414388 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

73A18830.GDI32(00000000,00000000,00000000), ref: 004143C1
73A122A0.GDI32(00000000,00000000,00000000,00000000), ref: 004143C9
73A18830.GDI32(00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 004143DD
73A122A0.GDI32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 004143E3
73A1A480.USER32(00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 004143EE

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: A122A18830$A480
String ID:
API String ID: 3325508737-0
Opcode ID: a82122af31a8aec246995b2a86ca6dd819a62577bbe41f01694e2b233259fffd
Instruction ID: 075c4eaa6eababf39ef1bcc04ba03af1ed36323413641ea814e4f99408aec64f
Opcode Fuzzy Hash: a82122af31a8aec246995b2a86ca6dd819a62577bbe41f01694e2b233259fffd
Instruction Fuzzy Hash: E501DF3131C3806AD200B63E8C85A9F6BED8FCA314F05546EF498DB382CA7ACC018766

Function 00401548 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,00100000,00002000,00000004,P$I,?,?,?,004018B4), ref: 00401566
VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,00100000,00002000,00000004,P$I,?,?,?,004018B4), ref: 0040158B
VirtualFree.KERNEL32(00000000,00000000,00008000,?,00100000,00002000,00000004,P$I,?,?,?,004018B4), ref: 004015B1

Strings

@$I, xrefs: 00401599
P$I, xrefs: 0040154B

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Virtual$Alloc$Free
String ID: @$I$P$I
API String ID: 3668210933-2914900308
Opcode ID: fce1606467af8550c5b018af38dd943930b60dea47268f49170f1643513630e1
Instruction ID: 87006be24bad80dd1cc56b86a6ffae3645cf31722f94d2f4d5d5d4de76e86b34
Opcode Fuzzy Hash: fce1606467af8550c5b018af38dd943930b60dea47268f49170f1643513630e1
Instruction Fuzzy Hash: 48F0C2B1640320BAEB315A294C85F133AD8DBC5794F1040B6BE09FF3DAD6B8980082AC

Function 00406F44 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 156shareCOMMON

Download Yara Rule

APIs

WNetGetUniversalNameA.MPR(00000000,00000001,?,00000400), ref: 00406FA3
WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,?), ref: 0040701D
WNetEnumResourceA.MPR(?,FFFFFFFF,?,?), ref: 00407075

Strings

Z, xrefs: 00406FDC

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Enum$NameOpenResourceUniversal
String ID: Z
API String ID: 3604996873-1505515367
Opcode ID: b45eb0edb20795645dcbd4fc4cc9de1517ba2fb8e3a3a1bdfe5558624a41bfc2
Instruction ID: bd8e5ae94ca74df4e9131491a9bde93b7ed2ce1d7e59c57d2d509c2ab305fdf4
Opcode Fuzzy Hash: b45eb0edb20795645dcbd4fc4cc9de1517ba2fb8e3a3a1bdfe5558624a41bfc2
Instruction Fuzzy Hash: C3516370E04248AFDB11DF65C981A9FB7B9EF09304F1041BAE500BB3D1D778AE458B5A

Function 0044C69C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

SetRectEmpty.USER32(?), ref: 0044C72A
DrawTextA.USER32(00000000,00000000,00000000,?,00000D20), ref: 0044C755
DrawTextA.USER32(00000000,00000000), ref: 0044C7EE

Strings

, xrefs: 0044C70F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DrawText$EmptyRect
String ID:
API String ID: 182455014-2867612384
Opcode ID: f37fe9e577420607298c9583aacd29a253469b4ecb6affd38da19aac1ff88878
Instruction ID: 4bcae54fe600c87244e68b3e4b857699d32a5b02b35774ead0fedabfa34a998c
Opcode Fuzzy Hash: f37fe9e577420607298c9583aacd29a253469b4ecb6affd38da19aac1ff88878
Instruction Fuzzy Hash: 14514C70A00249AFDB51DFA5C885BDEBBF4EF49304F18807AE845EB252D738A945CF64

Function 0042E8AC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,00000000,0042E9FF,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0042E8D6

Part of subcall function 0041A190: CreateFontIndirectA.GDI32(?), ref: 0041A24F

SelectObject.GDI32(?,00000000), ref: 0042E8F9
73A1A480.USER32(00000000,?,0042E9E4,00000000,0042E9DD,?,00000000,00000000,0042E9FF,?,?,?,?,00000000,00000000,00000000), ref: 0042E9D7

Strings

...\, xrefs: 0042E989

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: A480A570CreateFontIndirectObjectSelect
String ID: ...\
API String ID: 2998766281-983595016
Opcode ID: 0abe42e3825d138716532803585986b19ef8b1cd23e6fed3d9a5b7748e7d04e5
Instruction ID: 807027aef349940e21883cde7310681b589974d129d52fe5cab9b03fce9682ec
Opcode Fuzzy Hash: 0abe42e3825d138716532803585986b19ef8b1cd23e6fed3d9a5b7748e7d04e5
Instruction Fuzzy Hash: E43163B0B00228AFDF11EB9AD841BAEB7F8EF49304F90447BF400A7291D7785D41CA59

Function 00452038 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,0048EF85,_iu,?,00000000,00452172), ref: 00452127
CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,0048EF85,_iu,?,00000000,00452172), ref: 00452137

Strings

.tmp, xrefs: 004520DB
_iu, xrefs: 004520C9

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreateFileHandle
String ID: .tmp$_iu
API String ID: 3498533004-10593223
Opcode ID: 314e88949884864b6adee1496121559e9538ea0dcf034d625deef1a69cd02271
Instruction ID: 8b1672352a1cca793e1e6cdfbdd22016e493eddba5fdcbb921eb9ed9b7b44ad0
Opcode Fuzzy Hash: 314e88949884864b6adee1496121559e9538ea0dcf034d625deef1a69cd02271
Instruction Fuzzy Hash: 0A31B470A00219ABCB11EBA5C982B9FBBB5AF55305F60452BF900B73C2D6785F05C769

Function 0048B200 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 92registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegCloseKey.ADVAPI32(?,0048B2FE,?,?,00000001,00000000,00000000,0048B319), ref: 0048B2E7

Strings

Inno Setup CodeFile: , xrefs: 0048B2AA
Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0048B25A
%s\%s_is1, xrefs: 0048B278

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpen
String ID: %s\%s_is1$Inno Setup CodeFile: $Software\Microsoft\Windows\CurrentVersion\Uninstall
API String ID: 47109696-1837835967
Opcode ID: 14285ca2f0b5050eeb10927837999f101f9ee02a017fb9b220db0c994c14a3e0
Instruction ID: 0bbfca5d8e67a63f19b98566c4155a9780f55c0bd593ce93c1bd7f852685ee81
Opcode Fuzzy Hash: 14285ca2f0b5050eeb10927837999f101f9ee02a017fb9b220db0c994c14a3e0
Instruction Fuzzy Hash: 6C319970A042485FDB11EF96CC5169EBBF8EB48304F904477E814E7391D7789D058B98

Function 004163B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

GetClassInfoA.USER32(00400000,?,?), ref: 00416427
UnregisterClassA.USER32(?,00400000), ref: 00416453
RegisterClassA.USER32(?), ref: 00416476

Strings

@, xrefs: 004163D1

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Class$InfoRegisterUnregister
String ID: @
API String ID: 3749476976-2766056989
Opcode ID: a20fcd8b4000eae86e158a7cf10cda7c64d6fb475a14681c470eb96fef312757
Instruction ID: 74af36b6803d41f6853cd3ce3d24e6ffc0c269dd3492e9de927f187c4c73ed65
Opcode Fuzzy Hash: a20fcd8b4000eae86e158a7cf10cda7c64d6fb475a14681c470eb96fef312757
Instruction Fuzzy Hash: AA315C702042409BDB10EF69C981B9A77E5AB88308F04457FFA45DB392DB39D985CB6A

Function 0044F630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000000,0000000E,00000000,00000000), ref: 0044F694
SendMessageA.USER32(00000000,0000044B,00000000,?), ref: 0044F6D6
ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 0044F707

Strings

open, xrefs: 0044F6FA

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$ExecuteShell
String ID: open
API String ID: 2179883421-2758837156
Opcode ID: 5d65bdf1a68a50360177b59e1b17de20557ee183efcfcb1c09acd8af14c107c4
Instruction ID: 27722ccdd30e14b9079027b813231ec9417c8d596d109131258b3d0fa24c6570
Opcode Fuzzy Hash: 5d65bdf1a68a50360177b59e1b17de20557ee183efcfcb1c09acd8af14c107c4
Instruction Fuzzy Hash: 1C215070E40204BFEB10DFA9DC82B9EBBB8EF44714F11857AB501A7292D67C9A458A48

Function 00490200 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,00490ACD,00000000,004902F6,?,?,00000000,00492628), ref: 00490270
SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00490ACD,00000000,004902F6,?,?,00000000,00492628), ref: 00490299
MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 004902B2

Strings

isRS-%.3u.tmp, xrefs: 0049024F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$Attributes$Move
String ID: isRS-%.3u.tmp
API String ID: 3839737484-3657609586
Opcode ID: 8d501dbe8754779fbbc4551a6ef16c6ba155ba939730555f28b22adbbd9d1952
Instruction ID: 84ec0ba2a7a86931400e9934c1aa84bf5b308f9588d1f16149e0ac51d8a7354a
Opcode Fuzzy Hash: 8d501dbe8754779fbbc4551a6ef16c6ba155ba939730555f28b22adbbd9d1952
Instruction Fuzzy Hash: CE216271E01219AFCF11EFA9C885AAFBBB8EF44314F10457BB814B72D1D6389E018A59

Function 00454A08 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720

Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9

LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00454A5C
RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00454A89

Strings

RegisterTypeLib, xrefs: 00454A94
LoadTypeLib, xrefs: 00454A67

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Type$AllocByteCharFullLoadMultiNamePathRegisterStringWide
String ID: LoadTypeLib$RegisterTypeLib
API String ID: 1312246647-2435364021
Opcode ID: 61cb2b2391c203defd257abac4021e1b6939228e1dc124a340144f06dba41211
Instruction ID: 783231ea94435fc0087f34711460946af1774244c06649ca950b936fb7940314
Opcode Fuzzy Hash: 61cb2b2391c203defd257abac4021e1b6939228e1dc124a340144f06dba41211
Instruction Fuzzy Hash: 8911A230B40604AFDB51DBA6DD51A5EB7B9DB89309B104476B800D7652DA389D44C618

Function 00471F00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0042426C: SetWindowTextA.USER32(?,00000000), ref: 00424284

GetFocus.USER32 ref: 00471F6B
GetKeyState.USER32(0000007A), ref: 00471F7D
WaitMessage.USER32(?,00000000,00471FA4,?,00000000,00471FCB,?,?,00000001,00000000,?,?,?,?,004791FF,00000000), ref: 00471F87

Strings

Wnd=$%x, xrefs: 00471F4F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FocusMessageStateTextWaitWindow
String ID: Wnd=$%x
API String ID: 1381870634-2927251529
Opcode ID: 904e366136cff3dcaea322836a94cc964bf7325938357fb60853c8530aeb4b31
Instruction ID: c5684f2cadfa6479c06ce6299043275e4b927561dd953dc9e3c22c30dc13880d
Opcode Fuzzy Hash: 904e366136cff3dcaea322836a94cc964bf7325938357fb60853c8530aeb4b31
Instruction Fuzzy Hash: 51115434A04144AFC701EFA9DC51A9E77B8EB49714B5184B7F408E3661D73C6E00CA69

Function 0042EB68 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50windowCOMMON

Download Yara Rule

APIs

GetActiveWindow.USER32 ref: 0042EB9F
MessageBoxA.USER32(?,00000000,00000000,00000001), ref: 0042EBCB
SetActiveWindow.USER32(?,0042EBF9,00000000,0042EC47,?,?,00000000,?), ref: 0042EBEC

Strings

t}G, xrefs: 0042EB86

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ActiveWindow$Message
String ID: t}G
API String ID: 2113736151-3734030870
Opcode ID: 29a5b97e5e16aea11bd18ac248af5cdc38bd738e31227901ecfe22b68a917f0a
Instruction ID: 93637352c78226270701b452ebd95810c2fea060df2177fc870e4549b641cd3b
Opcode Fuzzy Hash: 29a5b97e5e16aea11bd18ac248af5cdc38bd738e31227901ecfe22b68a917f0a
Instruction Fuzzy Hash: 1B010030A00218AFD701EBB6DC02D5BBBACEB09714B42487AB400D3261D6789C10CA68

Function 00468DA4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON

Download Yara Rule

APIs

FileTimeToLocalFileTime.KERNEL32(?), ref: 00468DAC
FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00468DBB

Strings

(invalid), xrefs: 00468E3E
%.4u-%.2u-%.2u %.2u:%.2u:%.2u.%.3u, xrefs: 00468E30

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Time$File$LocalSystem
String ID: %.4u-%.2u-%.2u %.2u:%.2u:%.2u.%.3u$(invalid)
API String ID: 1748579591-1013271723
Opcode ID: 7e5271fab70280bf4b606e1d52b7b41780ffbf2908240b8135230958cc2b66a9
Instruction ID: af565f08344929a1575728fac9f51d9e1992ec61425725bc294c4af9dfcd658b
Opcode Fuzzy Hash: 7e5271fab70280bf4b606e1d52b7b41780ffbf2908240b8135230958cc2b66a9
Instruction Fuzzy Hash: 4D11F8A140C3919ED340DF6AC44432FBBE4AB89704F44496EF9D8D6381E77AC948DB67

Function 004525CE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43fileCOMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNEL32(00000000,00000020), ref: 004525DB

Part of subcall function 00406EF0: DeleteFileA.KERNEL32(00000000,00492628,004906E1,00000000,00490736,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406EFB

MoveFileA.KERNEL32(00000000,00000000), ref: 00452600

Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B

Strings

DeleteFile, xrefs: 004525EC
MoveFile, xrefs: 00452609

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$AttributesDeleteErrorLastMove
String ID: DeleteFile$MoveFile
API String ID: 3024442154-139070271
Opcode ID: 83ba370e3e64a4e704fc70349a51a9e3dceb6ba2ad42e3b2449a01ecd04fdfa4
Instruction ID: 4e1aed58776595ab6c7b67b54cba174f3ed66ee01ab59955a5ec3a7bb6030dfd
Opcode Fuzzy Hash: 83ba370e3e64a4e704fc70349a51a9e3dceb6ba2ad42e3b2449a01ecd04fdfa4
Instruction Fuzzy Hash: 5AF086706441045BEB01FBA5DA5266F63ECEB4930AFA0443BB800B76C3DA7C9D094939

Function 0047C4E4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegQueryValueExA.ADVAPI32(?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 0047C525
RegCloseKey.ADVAPI32(?,?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 0047C548

Strings

CSDVersion, xrefs: 0047C51C
System\CurrentControlSet\Control\Windows, xrefs: 0047C4F2

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: CSDVersion$System\CurrentControlSet\Control\Windows
API String ID: 3677997916-1910633163
Opcode ID: e04dfb2b9847ddfcf9a9ca7ecd86f653cf2c277505588b4f76afeeccde5dd87f
Instruction ID: 2b22ae4652a4094afc35098fa0d5140fa3c6298d341fdca8ef5f3daa64d39871
Opcode Fuzzy Hash: e04dfb2b9847ddfcf9a9ca7ecd86f653cf2c277505588b4f76afeeccde5dd87f
Instruction Fuzzy Hash: 9EF03175A40218B6DF10DBD58C85BDFB3BCAB04704F20856BE518E7280E779EB04CB99

Function 0042D7D4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,004522D6,00000000,00452379,?,?,00000000,00000000,00000000,00000000,00000000,?,00452645,00000000), ref: 0042D7EE
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D7F4

Strings

kernel32.dll, xrefs: 0042D7E9
GetSystemWow64DirectoryA, xrefs: 0042D7E4

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetSystemWow64DirectoryA$kernel32.dll
API String ID: 1646373207-4063490227
Opcode ID: 8f34210d132ffad2d78c7e395ddc2585d5b3368dd4f076d4c173a15340c37754
Instruction ID: 72f845c82f3cbe693efe641176354b007bcea55f3b4776dcd007fff52ee4f80f
Opcode Fuzzy Hash: 8f34210d132ffad2d78c7e395ddc2585d5b3368dd4f076d4c173a15340c37754
Instruction Fuzzy Hash: CEE04F61F40B9012D71079BA6C87B6B158D8B88724F94843B39A4E62C3DEBCD9441A9E

Function 0044EE30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00490B49), ref: 0044EE6B
GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044EE71

Strings

NotifyWinEvent, xrefs: 0044EE61
user32.dll, xrefs: 0044EE66

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: NotifyWinEvent$user32.dll
API String ID: 1646373207-597752486
Opcode ID: 83da1b54e2e08ddaedeaff43434809e0da95789e88c77915d5179acc8f46ea33
Instruction ID: 3299c0b031c0e1fe2281b99bd24a528ff0331131e662fdb77b0e16fc83453d47
Opcode Fuzzy Hash: 83da1b54e2e08ddaedeaff43434809e0da95789e88c77915d5179acc8f46ea33
Instruction Fuzzy Hash: B0E012E0E42741AAEB01BBF79A46B0A3AD1B73471DF1004BBF10467192CBBC0458CB1E

Function 00490914 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00490B95,00000001,00000000,00490BB9), ref: 0049091E
GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00490924

Strings

user32.dll, xrefs: 00490919
DisableProcessWindowsGhosting, xrefs: 00490914

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: DisableProcessWindowsGhosting$user32.dll
API String ID: 1646373207-834958232
Opcode ID: 4b48ddbf2ae65069f6fda05345d4f43ab7ae7b2b768fb27b4b75cf04a15282ea
Instruction ID: 838b278ec98e31f4c73fd57d7bfbee2b42f08c5e91e18395c18da76804b5d864
Opcode Fuzzy Hash: 4b48ddbf2ae65069f6fda05345d4f43ab7ae7b2b768fb27b4b75cf04a15282ea
Instruction Fuzzy Hash: EEB092C064170168EC1033F60D12B1F0C084881724B1400373810B10C3CD6CD800582D

Function 0045FCBC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 0044AD34: LoadLibraryA.KERNEL32(uxtheme.dll,?,0044EE61,00490B49), ref: 0044AD5B
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044AD73
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044AD85
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044AD97
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044ADA9
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044ADBB
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044ADCD
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044ADDF
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044ADF1
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044AE03
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044AE15
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044AE27
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044AE39
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044AE4B
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044AE5D
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044AE6F
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044AE81
Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044AE93

LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,00490B67), ref: 0045FCCB
GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 0045FCD1

Strings

SHPathPrepareForWriteA, xrefs: 0045FCC1
shell32.dll, xrefs: 0045FCC6

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: SHPathPrepareForWriteA$shell32.dll
API String ID: 2238633743-2683653824
Opcode ID: 674b9a410425b3b73cfc06970759500dafabbd6af8f586181f23aa40a50daa10
Instruction ID: 337f9dc4bf1040498e6f486c22bc5dde57220a7dd07e65f04bb4b60c7b67ef44
Opcode Fuzzy Hash: 674b9a410425b3b73cfc06970759500dafabbd6af8f586181f23aa40a50daa10
Instruction Fuzzy Hash: 83B092D0A81785B88E01B7B2998391A2514A650B0F720047B7C04B94C7CEBC008D6A6F

Function 00413CA0 Relevance: 6.1, APIs: 4, Instructions: 107COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00413CEE
GetDesktopWindow.USER32 ref: 00413DA6

Part of subcall function 00418E68: 6F5BC6F0.COMCTL32(?,00000000,00413F6B,00000000,0041407B,?,?,00492628), ref: 00418E84
Part of subcall function 00418E68: ShowCursor.USER32(00000001,?,00000000,00413F6B,00000000,0041407B,?,?,00492628), ref: 00418EA1

SetCursor.USER32(00000000,?,?,?,?,00413A9B,00000000,00413AAE), ref: 00413DE4

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorDesktopWindow$Show
String ID:
API String ID: 2074268717-0
Opcode ID: c0a5a9a3f23ddf0fdb38005436cf92fc6adf24d58530c29053f60a471aec8e15
Instruction ID: c44ea819ba4037f48297b9dda5801cfcbd8121a3a152854b6b02c08412c937c2
Opcode Fuzzy Hash: c0a5a9a3f23ddf0fdb38005436cf92fc6adf24d58530c29053f60a471aec8e15
Instruction Fuzzy Hash: 90414C75600110BFCB10EF29FAD9B9637E5AB64325F16807BE404CB365DAB8EC81DB58

Function 004089F4 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00400000,?,00000100), ref: 00408A15
LoadStringA.USER32(00400000,0000FF9E,?,00000040), ref: 00408A84
LoadStringA.USER32(00400000,0000FF9F,?,00000040), ref: 00408B1F
MessageBoxA.USER32(00000000,?,?,00002010), ref: 00408B5E

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LoadString$FileMessageModuleName
String ID:
API String ID: 704749118-0
Opcode ID: e08be93b19a1cddc4bd5487b5509b10aac953965d6ff4287a83413ce4527f0a1
Instruction ID: 4e3ae3d55980ca36df37c0f6f31f55762440d7de19fd646938f5a693a080efc6
Opcode Fuzzy Hash: e08be93b19a1cddc4bd5487b5509b10aac953965d6ff4287a83413ce4527f0a1
Instruction Fuzzy Hash: 0F3143706083849AD330EB65C945F9B77E89B86704F40483FB6C8E72D1DB795908876B

Function 0044DFB0 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000000,000001A1,?,00000000), ref: 0044DFF9

Part of subcall function 0044C62C: SendMessageA.USER32(00000000,000001A0,?,00000000), ref: 0044C65E

InvalidateRect.USER32(00000000,00000000,00000001,00000000,000001A1,?,00000000), ref: 0044E07D

Part of subcall function 0042BB5C: SendMessageA.USER32(00000000,0000018E,00000000,00000000), ref: 0042BB70

IsRectEmpty.USER32(?), ref: 0044E03F
ScrollWindowEx.USER32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000006), ref: 0044E062

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Rect$EmptyInvalidateScrollWindow
String ID:
API String ID: 855768636-0
Opcode ID: a016e4b893d0b61d6fc16ea788ceac071314e27b0018c062adb4e940fa0ff4d7
Instruction ID: 7aee670bcfb8eb3b6de293677f7b28f2d941b2dfee79f0c9038e744660d2ac79
Opcode Fuzzy Hash: a016e4b893d0b61d6fc16ea788ceac071314e27b0018c062adb4e940fa0ff4d7
Instruction Fuzzy Hash: BD11907174031027E610BA3E9C86B5F76899B88748F05493FB545EB383DDBDDC094399

Function 0048DAAC Relevance: 6.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

OffsetRect.USER32(?,?,00000000), ref: 0048DB10
OffsetRect.USER32(?,00000000,?), ref: 0048DB2B
OffsetRect.USER32(?,?,00000000), ref: 0048DB45
OffsetRect.USER32(?,00000000,?), ref: 0048DB60

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: OffsetRect
String ID:
API String ID: 177026234-0
Opcode ID: fc16b123eb7b5af0d1f41d7d74d95bc65ca2d2300f8b1348e127f489464c5e53
Instruction ID: 20aeee4d2b07ae62cc9dc5e78f47db44159e8b2d0969b42eb6e8c3539826bbe7
Opcode Fuzzy Hash: fc16b123eb7b5af0d1f41d7d74d95bc65ca2d2300f8b1348e127f489464c5e53
Instruction Fuzzy Hash: DA218EB6B04201ABD700DE69CD85E5BB7EEEBD4304F14CA2AF544C7389D634F84487A6

Function 0048D764 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(8B500000,00000008,?), ref: 0048D779
MulDiv.KERNEL32(50142444,00000008,?), ref: 0048D78D
MulDiv.KERNEL32(F77DE7E8,00000008,?), ref: 0048D7A1
MulDiv.KERNEL32(8BF88BFF,00000008,?), ref: 0048D7BF

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c7c6c338261a481ad8b7901dc756b9c3c7a5dc3a5f053bd0898b94715f12a61
Instruction ID: 600d8a0932f196341a5d2119bb187cb8608b3b3d374fe33bc178acc1610e68b6
Opcode Fuzzy Hash: 1c7c6c338261a481ad8b7901dc756b9c3c7a5dc3a5f053bd0898b94715f12a61
Instruction Fuzzy Hash: 7D113376A04204AFCB40EFA9D8C4D9B77ECEF4D370B14456AF918DB286D634ED408BA4

Function 0041F428 Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON

Download Yara Rule

APIs

GetClassInfoA.USER32(00400000,0041F418,?), ref: 0041F449
UnregisterClassA.USER32(0041F418,00400000), ref: 0041F472
RegisterClassA.USER32(00491598), ref: 0041F47C
SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 0041F4B7

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Class$InfoLongRegisterUnregisterWindow
String ID:
API String ID: 4025006896-0
Opcode ID: 761ca2ece1ab3754932666086e5ff0fe31a56c3d7f92931e99de52f18d346379
Instruction ID: 0e76fd6e7c714867a95bae8c9fe2d4343c59fb837708c2c10e589f0ce1237785
Opcode Fuzzy Hash: 761ca2ece1ab3754932666086e5ff0fe31a56c3d7f92931e99de52f18d346379
Instruction Fuzzy Hash: 380192712401057BCB10EBA8DD81E9B3798A759324B11423BBA16E72E2C6359D198BAC

Function 0040D1A8 Relevance: 6.1, APIs: 4, Instructions: 51COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00400000,?,00000000), ref: 0040D1BF
LoadResource.KERNEL32(00400000,72756F73,0040A960,00400000,00000001,00000000,?,0040D11C,00000000,?,00000000,?,?,00475D88,0000000A,REGDLL_EXE), ref: 0040D1D9
SizeofResource.KERNEL32(00400000,72756F73,00400000,72756F73,0040A960,00400000,00000001,00000000,?,0040D11C,00000000,?,00000000,?,?,00475D88), ref: 0040D1F3
LockResource.KERNEL32(74536563,00000000,00400000,72756F73,00400000,72756F73,0040A960,00400000,00000001,00000000,?,0040D11C,00000000,?,00000000,?), ref: 0040D1FD

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: 06d5a2224ff0889236480c5d79a412c4b439f6556495b070d29e0fa02e81d982
Instruction ID: bdc6fd998ef4e88b0830a639bb7e725ca803f690ad01cf79ba3c1cf188caca31
Opcode Fuzzy Hash: 06d5a2224ff0889236480c5d79a412c4b439f6556495b070d29e0fa02e81d982
Instruction Fuzzy Hash: 9FF0FBB2A056046F9744EE9EA881D6B76DCDE88364320016FF908EB246DA38DD118B78

Function 0046A298 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,00000000), ref: 0046A2E9

Strings

Failed to set NTFS compression state (%d)., xrefs: 0046A2FA
Unsetting NTFS compression on directory: %s, xrefs: 0046A2CF
Setting NTFS compression on directory: %s, xrefs: 0046A2B7

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast
String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on directory: %s$Unsetting NTFS compression on directory: %s
API String ID: 1452528299-1392080489
Opcode ID: 4d3942e9cc61f02bf791f275095a639e0222dadc5439085e038e50f3473c57ee
Instruction ID: fae52b56698cbef2ef65a100aaaf1ff6f22f0878e20b839bb13b77e1b18f05a4
Opcode Fuzzy Hash: 4d3942e9cc61f02bf791f275095a639e0222dadc5439085e038e50f3473c57ee
Instruction Fuzzy Hash: 62018430D18648A6CB0097ED50512DDBBE49F09304F4481EBA855EB382EB791A184F9B

Function 004542B0 Relevance: 6.0, APIs: 4, Instructions: 41registrywindowCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegDeleteValueA.ADVAPI32(?,00000000,?,00000002,00000000,?,?,00000000,00458EC3,?,?,?,?,?,00000000,00458ED6), ref: 004542EC
RegCloseKey.ADVAPI32(00000000,?,00000000,?,00000002,00000000,?,?,00000000,00458EC3,?,?,?,?,?,00000000), ref: 004542F5
RemoveFontResourceA.GDI32(00000000), ref: 00454302
SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 00454316

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
String ID:
API String ID: 4283692357-0
Opcode ID: 2877f501dee16d655d75d116cfb29e793393d1176e080bde7ec29140c7e78512
Instruction ID: 6bcd884f58daa4cf242193067a8401f82c1379502e7cf10432dee752efbb2f93
Opcode Fuzzy Hash: 2877f501dee16d655d75d116cfb29e793393d1176e080bde7ec29140c7e78512
Instruction Fuzzy Hash: 9CF05EB574535136EA10B6B65C87F5B228C8F94749F10883BBA00EF2D3D97CDC05962D

Function 0046AB88 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000), ref: 0046ABD9

Strings

Unsetting NTFS compression on file: %s, xrefs: 0046ABBF
Setting NTFS compression on file: %s, xrefs: 0046ABA7
Failed to set NTFS compression state (%d)., xrefs: 0046ABEA

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast
String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on file: %s$Unsetting NTFS compression on file: %s
API String ID: 1452528299-3038984924
Opcode ID: 1e8bcf552af8bc3392dbf0996a1f185d8ced690d2f94648fef7693de0000dbcf
Instruction ID: e77f6018277675d8139a31bc4823810fa5650a54dc532de9f13faf9e2e869009
Opcode Fuzzy Hash: 1e8bcf552af8bc3392dbf0996a1f185d8ced690d2f94648fef7693de0000dbcf
Instruction Fuzzy Hash: 4F016230E186486ACB04D7AD90512EEBBE49F09304F4481EFA455E7382EA791A188F9B

Function 00471CE4 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000008,?,00479787,?,?,00000001,00000000,00000002,00000000,0047A008,?,?,?,?,?,00490C38), ref: 00471CED
OpenProcessToken.ADVAPI32(00000000,00000008,?,00479787,?,?,00000001,00000000,00000002,00000000,0047A008), ref: 00471CF3
GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008,?,00479787,?,?,00000001,00000000,00000002,00000000,0047A008), ref: 00471D15
CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008,?,00479787,?,?,00000001,00000000,00000002,00000000), ref: 00471D26

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProcessToken$CloseCurrentHandleInformationOpen
String ID:
API String ID: 215268677-0
Opcode ID: b8dd8522978c37078a23bae837822d7669e7a9385b1b3912b8ae2519caf80a33
Instruction ID: c12eef84649cb6e2f6a6854870b7cf4ad062ba222e75244fe963afc4875e72bb
Opcode Fuzzy Hash: b8dd8522978c37078a23bae837822d7669e7a9385b1b3912b8ae2519caf80a33
Instruction Fuzzy Hash: 2DF037616443056BD610E6B5CD81E5B77DCEB44354F04493A7E98C71D1D678DC089B26

Function 004241E8 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON

Download Yara Rule

APIs

GetLastActivePopup.USER32(?), ref: 004241F4
IsWindowVisible.USER32(?), ref: 00424205
IsWindowEnabled.USER32(?), ref: 0042420F
SetForegroundWindow.USER32(?), ref: 00424219

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$ActiveEnabledForegroundLastPopupVisible
String ID:
API String ID: 2280970139-0
Opcode ID: d9228b7f269806e4fe8e97f345a82837c2af6ea24a9e24666224f8ff684892d2
Instruction ID: e71b939943bb08068cd538cfbf2adeec964b373e7692791c6f26669312c8020f
Opcode Fuzzy Hash: d9228b7f269806e4fe8e97f345a82837c2af6ea24a9e24666224f8ff684892d2
Instruction Fuzzy Hash: 23E08CA178253593AE22B6A72D81A9B018CCD453C434A01A7BC08FB283DBACCC0082BC

Function 00406284 Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON

Download Yara Rule

APIs

GlobalHandle.KERNEL32 ref: 00406287
GlobalUnWire.KERNEL32(00000000), ref: 0040628E
GlobalReAlloc.KERNEL32(00000000,00000000), ref: 00406293
GlobalFix.KERNEL32(00000000), ref: 00406299

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$AllocHandleWire
String ID:
API String ID: 2210401237-0
Opcode ID: ccca6f24380267978f803e90f3f817f3fcf2956047d1379c6398f3f6a54b6072
Instruction ID: ad050c8fb554795a0ca7e59246f03ac17dd57b6c6051e6027a9978793207e39e
Opcode Fuzzy Hash: ccca6f24380267978f803e90f3f817f3fcf2956047d1379c6398f3f6a54b6072
Instruction Fuzzy Hash: A0B009C5814A05B9EC0833B24C0BD3F141CD88072C3808A6FB458BA1839C7C9C402A3D

Function 00465C24 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 247windowCOMMON

Download Yara Rule

APIs

GetSystemMenu.USER32(00000000,00000000,0000F060,00000001), ref: 00465E11
EnableMenuItem.USER32(00000000,00000000,00000000), ref: 00465E17

Strings

CurPageChanged, xrefs: 00465F9F

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$EnableItemSystem
String ID: CurPageChanged
API String ID: 3692539535-2490978513
Opcode ID: b1625e4752ee74af58aba40311290ea900500bae59df2d2b2d41ad1c9696669c
Instruction ID: ab7830cd034902a018f3633d5f7e813821d05f3ecf729ff0a8a04420c7cd6334
Opcode Fuzzy Hash: b1625e4752ee74af58aba40311290ea900500bae59df2d2b2d41ad1c9696669c
Instruction Fuzzy Hash: 7CA10734604604EFC741DB69D989EAA73F5EF89304F2541F6F8049B362EB38AE41DB49

Function 00467704 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON

Download Yara Rule

Strings

Failed to proceed to next wizard page; aborting., xrefs: 004677F0
Failed to proceed to next wizard page; showing wizard., xrefs: 00467804

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Failed to proceed to next wizard page; aborting.$Failed to proceed to next wizard page; showing wizard.
API String ID: 0-1974262853
Opcode ID: ca7d52e32b1f50b24c16d12faf74625e74990e5f2a97b77bfd751917ec34c771
Instruction ID: 54b8d4b4028f273aede26eca5f3620dfaa6aeb886877892ecf599f8e019bb906
Opcode Fuzzy Hash: ca7d52e32b1f50b24c16d12faf74625e74990e5f2a97b77bfd751917ec34c771
Instruction Fuzzy Hash: BF31E034A08204EFDB01EB65C985E9D77F5EB49718F6140BBF80497352EB78AE00CA59

Function 00402584 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.KERNEL32(00492420,00000000,)), ref: 004025C7
RtlLeaveCriticalSection.KERNEL32(00492420,0040263D), ref: 00402630

Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(00492420,00000000,00401A82,?,?,0040222E,02132B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(00492420,00492420,00000000,00401A82,?,?,0040222E,02132B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,00492420,00000000,00401A82,?,?,0040222E,02132B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(00492420,00401A89,00000000,00401A82,?,?,0040222E,02132B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C

Strings

), xrefs: 004025AE

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocInitializeLocal
String ID: )
API String ID: 2227675388-1084416617
Opcode ID: 4485ac256982a062d4fa7b498a16ced20a2b64ccb8ee85a4042039cc97c61c73
Instruction ID: 5ca06efdeebc3fba4ee02943ae555fbbec684c5e6e5b72b014691e2301117c59
Opcode Fuzzy Hash: 4485ac256982a062d4fa7b498a16ced20a2b64ccb8ee85a4042039cc97c61c73
Instruction Fuzzy Hash: 9B1101317052047FEB25AB7A9F1A62B6AD4D795758B24087FF404F32D2D9FD8C02826C

Function 0048EC92 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 0048ECCB

Strings

@, xrefs: 0048EC98
/INITPROCWND=$%x , xrefs: 0048ECF6

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window
String ID: /INITPROCWND=$%x $@
API String ID: 2353593579-4169826103
Opcode ID: 9fceb97f9dee9116b4f9cd4460141dcdd6850024def755ee183cc3526b898cc5
Instruction ID: f0e425cee1880468264a3bcbee4eb035e6200ab2a1fbac31d2564d6a1bb1e37f
Opcode Fuzzy Hash: 9fceb97f9dee9116b4f9cd4460141dcdd6850024def755ee183cc3526b898cc5
Instruction Fuzzy Hash: 9B11D371A042499FDB01EBA5D841BEE7BF8EB49314F50487BE404E7292D77CA909CB9C

Function 00446AF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9

SysFreeString.OLEAUT32(?), ref: 00446BA2

Strings

Unknown Method, xrefs: 00446B7B
NIL Interface Exception, xrefs: 00446B44

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: String$AllocByteCharFreeMultiWide
String ID: NIL Interface Exception$Unknown Method
API String ID: 3952431833-1023667238
Opcode ID: 6cfdb488caeb7d7681ac0af27f1ef08cc2626e2ae4e3480024423c9f119b8ea1
Instruction ID: 34182cf724be706de40d5a6da2d3ea217801cbd4a50a487fa4911f02854a4a1d
Opcode Fuzzy Hash: 6cfdb488caeb7d7681ac0af27f1ef08cc2626e2ae4e3480024423c9f119b8ea1
Instruction Fuzzy Hash: F211B9706003489FDB10DFA5CC52AAEBBBCEB49704F52407AF500E7681D679AD04C76A

Function 0048E504 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,0048E5CC,?,0048E5C0,00000000,0048E5A7), ref: 0048E572
CloseHandle.KERNEL32(0048E60C,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,0048E5CC,?,0048E5C0,00000000), ref: 0048E589

Part of subcall function 0048E45C: GetLastError.KERNEL32(00000000,0048E4F4,?,?,?,?), ref: 0048E480

Strings

D, xrefs: 0048E54C

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreateErrorHandleLastProcess
String ID: D
API String ID: 3798668922-2746444292
Opcode ID: ae870745a4cac2ffd9d929a47141e3125d0b46157059bed4d3fb6d2d61e0bba6
Instruction ID: 6a615ac2cff9bf009bed2b39286a60f6aa18dfcc8d35b7c44523146efba21c0d
Opcode Fuzzy Hash: ae870745a4cac2ffd9d929a47141e3125d0b46157059bed4d3fb6d2d61e0bba6
Instruction Fuzzy Hash: 060165B1604248BFDB04EBD2CC52E9F7BECDF08718F51043AB504E7291E6785E05C658

Function 00454DEC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000000,00000B06,00000000,00000000), ref: 00454E01
SendMessageA.USER32(00000000,00000B00,00000000,00000000), ref: 00454E93

Strings

Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 00454E2D

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)
API String ID: 3850602802-809544686
Opcode ID: a1adc5262f18ccc09dab35f6281ca63863273ffb2e92d3f90e9b3158a6a75f82
Instruction ID: c0f4a4cb65a707f69109a7cbf24843c611ca21f6354bed41214754854ac40189
Opcode Fuzzy Hash: a1adc5262f18ccc09dab35f6281ca63863273ffb2e92d3f90e9b3158a6a75f82
Instruction Fuzzy Hash: 2F11C8716443506BD300EB699C82B5F7BA89B95308F04847FFA81DF3D2C3B95844D76A

Function 0046F8A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00406EF0: DeleteFileA.KERNEL32(00000000,00492628,004906E1,00000000,00490736,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406EFB

MoveFileA.KERNEL32(00000000,00000000), ref: 0046F906

Part of subcall function 0046F758: GetLastError.KERNEL32(00000000,0046F844,?,?,?,00493060,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0046F8CB,00000001), ref: 0046F779

Strings

MoveFile, xrefs: 0046F8E1
DeleteFile, xrefs: 0046F8BF

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$DeleteErrorLastMove
String ID: DeleteFile$MoveFile
API String ID: 3195829115-139070271
Opcode ID: b0be4341a0637d195a70b7a110039d5830df33d111ea9a508efd80c07e6ee36d
Instruction ID: f1cebc0cb96c5cf1ed8be3b38952e05ad97f7cd0b069703ba66f8283a9432f3b
Opcode Fuzzy Hash: b0be4341a0637d195a70b7a110039d5830df33d111ea9a508efd80c07e6ee36d
Instruction Fuzzy Hash: 35F062A12051446BDE10BB69B54275B23889F0239DB1041BBBCC06B387EB3D9C0E87AF

Function 0048F902 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 00453AF8: GetCurrentProcess.KERNEL32(00000028), ref: 00453B07
Part of subcall function 00453AF8: OpenProcessToken.ADVAPI32(00000000,00000028), ref: 00453B0D

SetForegroundWindow.USER32(?), ref: 0048F934

Strings

Not restarting Windows because Uninstall is being run from the debugger., xrefs: 0048F95F
Restarting Windows., xrefs: 0048F911

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Process$CurrentForegroundOpenTokenWindow
String ID: Not restarting Windows because Uninstall is being run from the debugger.$Restarting Windows.
API String ID: 3179053593-4147564754
Opcode ID: af8013956ed1e441d462507a332d2bb0e9ba5b4fab94b57e1f2de3ed3b9a88cc
Instruction ID: 6d3c2020791d7036b49287d64f904da8ce72110519df1e124044460b8ab960db
Opcode Fuzzy Hash: af8013956ed1e441d462507a332d2bb0e9ba5b4fab94b57e1f2de3ed3b9a88cc
Instruction Fuzzy Hash: 1001F2B0204240BBE701FB75E942B9C27D89748309F50847BF440AB2D3CABCAD4C8B2D

Function 00453B88 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(?), ref: 00453BA7
Sleep.KERNEL32(?), ref: 00453BB7
GetLastError.KERNEL32 ref: 00453BCA
GetLastError.KERNEL32 ref: 00453BD4

Memory Dump Source

Source File: 00000001.00000002.2229871335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2229780581.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2229962935.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.2230014834.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: 969b63f88efd9142312768dae2b6b417aa730e42294b83da23101a3e3622ccc6
Instruction ID: 70cd491ee1c602b8227b57ee529d2398dd08f77e1846977ffbd05afa78f388ef
Opcode Fuzzy Hash: 969b63f88efd9142312768dae2b6b417aa730e42294b83da23101a3e3622ccc6
Instruction Fuzzy Hash: 2CF0B432B04514679F20BD9F9985A6F628CDA943E7720016FFD05DF303C43AEE4956A9

Analysis Process: Registration.exePID: 5812, Parent PID: 6008COMMON

Execution Graph

Execution Coverage:	22.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1523
Total number of Limit Nodes:	27

Executed Functions

Function 0040515C Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 8ef9b48ed96d6a8df8db933101511442404bdd0abec70889978d036278c5d13e
Instruction ID: b78bf48cff894a3999656c5243e329942f020ab22272e2e872fdbeeaebf0035e
Opcode Fuzzy Hash: 8ef9b48ed96d6a8df8db933101511442404bdd0abec70889978d036278c5d13e
Instruction Fuzzy Hash: EDE09271B0021426D711A9699C86AEB735DDB58310F0006BFB904EB3C6EDB49E8046ED

Function 00408EFC Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00408F95,?,?,?,?,00000000,?,00409A87), ref: 00408F1C
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408F22
GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,Wow64DisableWow64FsRedirection,00000000,00408F95,?,?,?,?,00000000,?,00409A87), ref: 00408F36
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408F3C

Strings

shell32.dll, xrefs: 00408F68
Wow64RevertWow64FsRedirection, xrefs: 00408F2C
kernel32.dll, xrefs: 00408F17, 00408F31
Wow64DisableWow64FsRedirection, xrefs: 00408F12

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
API String ID: 1646373207-2130885113
Opcode ID: 8f04cc14bccfcdb17213992c023d8f7c3ecead8bf0913e3ac44b7e7d270b511d
Instruction ID: ef4badd54955bda93fd7c631ce084268f05c1d5093e10ec72b10b69b713a5d4b
Opcode Fuzzy Hash: 8f04cc14bccfcdb17213992c023d8f7c3ecead8bf0913e3ac44b7e7d270b511d
Instruction Fuzzy Hash: D701F770108301EEE700BB72DE57B163A59D745718F60443FF248761C2CE7C4904CA2D

Function 00409EE4 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00409F40
SetWindowLongA.USER32(000304A0,000000FC,00409730), ref: 00409F57

Part of subcall function 00406AB8: GetCommandLineA.KERNEL32(00000000,00406AFC,?,?,?,?,00000000,?,00409FC8,?), ref: 00406AD0

Part of subcall function 004097BC: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,02092270,004098A8,00000000,0040988F), ref: 0040982C
Part of subcall function 004097BC: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,02092270,004098A8,00000000), ref: 00409840
Part of subcall function 004097BC: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409859
Part of subcall function 004097BC: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 0040986B
Part of subcall function 004097BC: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,02092270,004098A8), ref: 00409874

RemoveDirectoryA.KERNEL32(00000000,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A043
73A25CF0.USER32(000304A0,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A057

Strings

STATIC, xrefs: 00409F39
/SL5="$%x,%d,%d,, xrefs: 00409F97
InnoSetupLdrWindow, xrefs: 00409F34

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryExitLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 978128352-3001827809
Opcode ID: 236cca2b7f0ad913bc20f36f3a7df695144f04c2335042181becfcebe84b62ef
Instruction ID: 4f29ae81ace6c5531c846cbde0b22070d88524e95894dc47e3de1b2ea254153d
Opcode Fuzzy Hash: 236cca2b7f0ad913bc20f36f3a7df695144f04c2335042181becfcebe84b62ef
Instruction Fuzzy Hash: 19412A70600205DFD711EBA9EE85B9E7BA5EB88304F10427BF510B72E2DB789805DB5D

Function 00409F08 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00409394: GetLastError.KERNEL32(00000000,00409437,?,0040B240,?,02092270), ref: 004093B8

CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00409F40
SetWindowLongA.USER32(000304A0,000000FC,00409730), ref: 00409F57

Part of subcall function 00406AB8: GetCommandLineA.KERNEL32(00000000,00406AFC,?,?,?,?,00000000,?,00409FC8,?), ref: 00406AD0

Part of subcall function 004097BC: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,02092270,004098A8,00000000,0040988F), ref: 0040982C
Part of subcall function 004097BC: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,02092270,004098A8,00000000), ref: 00409840
Part of subcall function 004097BC: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409859
Part of subcall function 004097BC: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 0040986B
Part of subcall function 004097BC: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,02092270,004098A8), ref: 00409874

RemoveDirectoryA.KERNEL32(00000000,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A043
73A25CF0.USER32(000304A0,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A057

Strings

STATIC, xrefs: 00409F39
/SL5="$%x,%d,%d,, xrefs: 00409F97
InnoSetupLdrWindow, xrefs: 00409F34

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryErrorExitLastLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 240127915-3001827809
Opcode ID: cecf565c0961afba62185dae83a1111a0a24350c08567557d89fa88e41d9bdcc
Instruction ID: 8d10768f6f352a97fd7f45d9d75da35781c42c574274e542ef9de71c66c7d0f2
Opcode Fuzzy Hash: cecf565c0961afba62185dae83a1111a0a24350c08567557d89fa88e41d9bdcc
Instruction Fuzzy Hash: 26410B70A00205DBD711EBA9EE86B9E7BA5EB48304F10427BF510B73E2DB789805DB5D

Function 004097BC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,02092270,004098A8,00000000,0040988F), ref: 0040982C
CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,02092270,004098A8,00000000), ref: 00409840
MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409859
GetExitCodeProcess.KERNEL32(?,0040B240), ref: 0040986B
CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,02092270,004098A8), ref: 00409874

Part of subcall function 00409394: GetLastError.KERNEL32(00000000,00409437,?,0040B240,?,02092270), ref: 004093B8

Strings

D, xrefs: 00409806

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
String ID: D
API String ID: 3356880605-2746444292
Opcode ID: c5e523d568ed87ab69b8de1fa4de2ba8e9d12516204b82cc72ca68b77ef72ee6
Instruction ID: 4b44df64f6e4367ebc453b3e314358db19e806afbd12f45635a8daf6f5489de3
Opcode Fuzzy Hash: c5e523d568ed87ab69b8de1fa4de2ba8e9d12516204b82cc72ca68b77ef72ee6
Instruction Fuzzy Hash: F71145716102086EDB10FBE6CC52F9E77ACDF49714F50413BBA04F72C6DA785D048669

Function 004019DC Relevance: 9.1, APIs: 6, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
LocalFree.KERNEL32(00000000,00000000,00401AB4), ref: 00401A1B
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401AB4), ref: 00401A3A
LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401AB4), ref: 00401A79
RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
String ID:
API String ID: 3782394904-0
Opcode ID: 2760f6fc436d2282df077fa3fe2c561b0ff429e9c23b98cc44d100e589fe962f
Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
Opcode Fuzzy Hash: 2760f6fc436d2282df077fa3fe2c561b0ff429e9c23b98cc44d100e589fe962f
Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D

Function 00409EF6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00409F40
SetWindowLongA.USER32(000304A0,000000FC,00409730), ref: 00409F57
RemoveDirectoryA.KERNEL32(00000000,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A043
73A25CF0.USER32(000304A0,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A057

Strings

/SL5="$%x,%d,%d,, xrefs: 00409F97

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: Window$CreateDirectoryLongRemove
String ID: /SL5="$%x,%d,%d,
API String ID: 3138356250-3932573195
Opcode ID: b613a7ce4edcb41dc67f34e270572c8bd45005561bf10fdcf5b8ae4482e344bf
Instruction ID: 92da378220fa86c3d7769582b63b95c30d1cbd5b696cf01c1bf744cbf4438da8
Opcode Fuzzy Hash: b613a7ce4edcb41dc67f34e270572c8bd45005561bf10fdcf5b8ae4482e344bf
Instruction Fuzzy Hash: B6313870A00205DFC715EBA9EE85B9E3BA5EB48304F10427BE450B73E2DB789805DB9D

Function 00409948 Relevance: 7.6, APIs: 5, Instructions: 78
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?), ref: 0040995A
VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409965
VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 004099A6
VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 004099D8
VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 004099E8

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: Virtual$ProtectQuery$InfoSystem
String ID:
API String ID: 2441996862-0
Opcode ID: 2c2c90e72dc40e46b51dc553d84ebc029875cc2798a18ec57c7a7b28b8fc0619
Instruction ID: c51dc94dc7e70e4f078c95023904a162ea503a2a47d9e89981edb447ffe3f24e
Opcode Fuzzy Hash: 2c2c90e72dc40e46b51dc553d84ebc029875cc2798a18ec57c7a7b28b8fc0619
Instruction Fuzzy Hash: 5F216DF12002046BDA309A598D85E6BB7D89B45360F08492FFA89E37C3D738ED40D669

Function 00403D02 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
ExitProcess.KERNEL32 ref: 00403DE5

Strings

Error, xrefs: 00403D91
Runtime error at 00000000, xrefs: 00403D96, 00403DA9

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ExitMessageProcess
String ID: Error$Runtime error at 00000000
API String ID: 1220098344-2970929446
Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E

Function 00409188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00409277,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091CE
GetLastError.KERNEL32(00000000,00000000,?,00000000,00409277,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091D7

Strings

.tmp, xrefs: 004091B7

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: 2a9b5b531dfd0466f51cddb5784c326d8b9171bad11d05e807471eb9e268ae76
Instruction ID: b3c939f821d6d3b02d73a6ffc60c10d65ff6e2c1a1ef0f9f166dc2fc0ea9728e
Opcode Fuzzy Hash: 2a9b5b531dfd0466f51cddb5784c326d8b9171bad11d05e807471eb9e268ae76
Instruction Fuzzy Hash: 16214774A00209ABDB01EFA1C9429DFB7B9EB88304F50457FE501B73C2DA7C9E058BA5

Function 00409330 Relevance: 5.0, APIs: 4, Instructions: 45
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040934F
Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040935F
GetLastError.KERNEL32(?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 00409372
GetLastError.KERNEL32(?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040937C

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: 3a4a69ca31a42f451232f6dfa0c76d71d3bd0a4d90442bfbcbe60d550a1314de
Instruction ID: e54841d902c556b0a825a3a9b48dc11fcb5fd53647a295a33fe7abc41a02d5de
Opcode Fuzzy Hash: 3a4a69ca31a42f451232f6dfa0c76d71d3bd0a4d90442bfbcbe60d550a1314de
Instruction Fuzzy Hash: C6F0B472A0031497CB34A5EF9986A6F628DEADA768710403BFD04F73C3D538DD014AAD

Function 00409C56 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409CBA

Strings

.tmp, xrefs: 00409D00

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: Message
String ID: .tmp
API String ID: 2030045667-2986845003
Opcode ID: e37c67d54dac57feaabedb1cd41a5786e804cc8be819c9315e680249df306dc9
Instruction ID: 59ccd3a8e5ff0a6346b3f4a7db234678dac937939a17de0d6313a761c5d443a3
Opcode Fuzzy Hash: e37c67d54dac57feaabedb1cd41a5786e804cc8be819c9315e680249df306dc9
Instruction Fuzzy Hash: B141C130604241DFD715EF29DE92A5A7BA6FB49308B11457AF800B73E2CB79AC01DB9D

Function 00409C71 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409CBA

Strings

.tmp, xrefs: 00409D00

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: Message
String ID: .tmp
API String ID: 2030045667-2986845003
Opcode ID: f91dc667a2d24a60a81ae003db88dd446dde78fb0bef1b00c0f9948de59b2fab
Instruction ID: 097be32f3f4cb42389ad5c0a501b1885a0adcc09f85d4dbd7a75a59d9c7c1898
Opcode Fuzzy Hash: f91dc667a2d24a60a81ae003db88dd446dde78fb0bef1b00c0f9948de59b2fab
Instruction Fuzzy Hash: 6A41AF30600245DFD715EF29DE92A5A7BA6FB49308B10457AF800B73E2CB79AC01DB9D

Function 00408E14 Relevance: 3.0, APIs: 2, Instructions: 42
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileA.KERNEL32(00000000,00000000,00408E71,?,0000000D,00000000), ref: 00408E4B
GetLastError.KERNEL32(00000000,00000000,00408E71,?,0000000D,00000000), ref: 00408E53

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID:
API String ID: 2018770650-0
Opcode ID: 5ad5950806733bcf976988d4047345537b4de7b768f241e6fe6ec66469b23289
Instruction ID: 8e3a3489f19a851cbc55d1ffa575bc1ec5a38ce87ee949def71102c7139105aa
Opcode Fuzzy Hash: 5ad5950806733bcf976988d4047345537b4de7b768f241e6fe6ec66469b23289
Instruction Fuzzy Hash: 6FF0AF71A04308AACB01DBB59D4189EB3A8EB4871875049BBE804F36C1EA385E0095D8

Function 0040A091 Relevance: 3.0, APIs: 2, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RemoveDirectoryA.KERNEL32(00000000,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A043
73A25CF0.USER32(000304A0,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A057

Part of subcall function 00409330: Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040934F
Part of subcall function 00409330: GetLastError.KERNEL32(?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 00409372
Part of subcall function 00409330: GetLastError.KERNEL32(?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040937C

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ErrorLast$DirectoryRemoveSleep
String ID:
API String ID: 936953547-0
Opcode ID: 0a9a254d274ac92dca22db73f0530a1f3c1fd5e301e13facd71e410900e3005e
Instruction ID: e699c83f6f305330f0c2698d9d65548414d6799202a3aea6d5bad6df6870d186
Opcode Fuzzy Hash: 0a9a254d274ac92dca22db73f0530a1f3c1fd5e301e13facd71e410900e3005e
Instruction Fuzzy Hash: FBF03170641201DBD725EB69EEC9B1637A5AF84309F00413BA101B62F1CB7C8851DB4E

Function 00406EC4 Relevance: 3.0, APIs: 2, Instructions: 33
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNEL32(00008000), ref: 00406ECE
LoadLibraryA.KERNEL32(00000000,00000000,00406F18,?,00000000,00406F36,?,00008000), ref: 00406EFD

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: 730de3fdc093f184fd2de9ac27439434a3bd3e782f0b7281efe78e7bb3385372
Instruction ID: 5e20ffdb52ff7e8261d23daca573ea8644dcd49689b218f11c6781c5bce8f48d
Opcode Fuzzy Hash: 730de3fdc093f184fd2de9ac27439434a3bd3e782f0b7281efe78e7bb3385372
Instruction Fuzzy Hash: D7F089705147047EDB119F769C6241ABBECD749B047534875F910A26D2E53C4C208568

Function 00407544 Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0040755B
GetLastError.KERNEL32(?,?,?,?,00000000), ref: 0040756A

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ErrorFileLastRead
String ID:
API String ID: 1948546556-0
Opcode ID: 92944724dee91b38b7ee5b374f910e74d6c8544434624f4b14ecda59d71e3572
Instruction ID: 34e576fd7e6559e3ef6c853e67441063c40c11266019ec046b6cc2e4d5471cd5
Opcode Fuzzy Hash: 92944724dee91b38b7ee5b374f910e74d6c8544434624f4b14ecda59d71e3572
Instruction Fuzzy Hash: ABE06DA1A081507AEB20965AAC85FAB66DC8BC5314F04417BF904DB282C678DC00C27A

Function 00407584 Relevance: 3.0, APIs: 2, Instructions: 30COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,?,?,00000000), ref: 004075A3
GetLastError.KERNEL32(?,?,?,00000000), ref: 004075AB

Part of subcall function 004073A4: GetLastError.KERNEL32(004072A4,00407442,?,?,0209054C,?,00409AE1,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 004073A7

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: 64234936368745cadff0884a95fa07edb9d6d799bdb4626fca8da24a174aceff
Instruction ID: 1215520e40270bbf1c42edbfe5ddbfad2f0444ede1f1e4d22e24bec04403dad1
Opcode Fuzzy Hash: 64234936368745cadff0884a95fa07edb9d6d799bdb4626fca8da24a174aceff
Instruction Fuzzy Hash: 6FE092B66081006BD700D55DC881A9B33DCDFC5364F044136BA54EB2C1D6B5EC008376

Function 004074DC Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 004074F3
GetLastError.KERNEL32(?,00000000,?,00000001), ref: 004074FF

Part of subcall function 004073A4: GetLastError.KERNEL32(004072A4,00407442,?,?,0209054C,?,00409AE1,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 004073A7

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: 7dcdc125b41699120aae8acb46450914bebfaac92dc1c1f3d4146a6219e6b847
Instruction ID: 3a188f8a391a656106576682ef5fc0e36605e971047c99b326a67709d18e7f8b
Opcode Fuzzy Hash: 7dcdc125b41699120aae8acb46450914bebfaac92dc1c1f3d4146a6219e6b847
Instruction Fuzzy Hash: B4E04FB1600210AFEB20EEB98981B9272D89F44364F0485B6EA14DF2C6D274DC00C766

Function 00401430 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: c2c164bf1270d4a813d1c1f6386065a20bb20e5e17a0c6be31043b1a06862ade
Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
Opcode Fuzzy Hash: c2c164bf1270d4a813d1c1f6386065a20bb20e5e17a0c6be31043b1a06862ade
Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9

Function 004051D0 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,00405306), ref: 004051EF

Part of subcall function 00404C2C: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404C49

Part of subcall function 0040515C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: DefaultInfoLoadLocaleStringSystem
String ID:
API String ID: 1658689577-0
Opcode ID: 9ea3c66d670cb0c44a2644de082ff92dfdb36693542507e19320d23b5394a13d
Instruction ID: c760dbbb10683706500036a577470844d35ac6ab0c013c9c95042e4326961867
Opcode Fuzzy Hash: 9ea3c66d670cb0c44a2644de082ff92dfdb36693542507e19320d23b5394a13d
Instruction Fuzzy Hash: 3B313D75E00119ABCB00EF95C8C19EEB779FF84304F158977E815BB285E739AE058B98

Function 004068B4 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

CharPrevA.USER32(00000000,00000000,?,?,?,00000000,0040693A,00000000,00406960,?,?,?,?,00000000,?,00406975), ref: 004068DC

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: 71189d5fdb67734adcc989176e972d73cabe0a8508cd7dda32cb2fd1e54b45a1
Instruction ID: 028ce23b60034aad2079abf39c8673be77ca980571763ae766079fdae63e366f
Opcode Fuzzy Hash: 71189d5fdb67734adcc989176e972d73cabe0a8508cd7dda32cb2fd1e54b45a1
Instruction Fuzzy Hash: 59F0BE523019341BC6117A7F18815AFA7888B86709752417FF506FB382DE3EAE6352AE

Function 0040748E Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004074D0

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 15eb5b8bcf830c4b195572af03a6c999168ba8d47e453751ce572d84692466fb
Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
Opcode Fuzzy Hash: 15eb5b8bcf830c4b195572af03a6c999168ba8d47e453751ce572d84692466fb
Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8

Function 00407490 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004074D0

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 460f9172ef9680e9bf065e809d42603cad769bb4ead04fe75bdd308fccde6f1f
Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
Opcode Fuzzy Hash: 460f9172ef9680e9bf065e809d42603cad769bb4ead04fe75bdd308fccde6f1f
Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8

Function 00406918 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

Part of subcall function 004068B4: CharPrevA.USER32(00000000,00000000,?,?,?,00000000,0040693A,00000000,00406960,?,?,?,?,00000000,?,00406975), ref: 004068DC

GetFileAttributesA.KERNEL32(00000000,00000000,00406960,?,?,?,?,00000000,?,00406975,00406CA3,00000000,00406CE8,?,?,?), ref: 00406943

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: AttributesCharFilePrev
String ID:
API String ID: 4082512850-0
Opcode ID: ce07a51bfea017e2e55e9614cb9ba507b4cfa1873d9ff840f51688b3279052b8
Instruction ID: 89044d1ea86e4fdb03922753e0a58770fdf95516ab6f2bcb8662fa4781c06fed
Opcode Fuzzy Hash: ce07a51bfea017e2e55e9614cb9ba507b4cfa1873d9ff840f51688b3279052b8
Instruction Fuzzy Hash: 04E09B713043047FD701EFB2DD53E59B7ECD789704B524476B501F7682D5785E108468

Function 004075E0 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004075F7

Part of subcall function 004073A4: GetLastError.KERNEL32(004072A4,00407442,?,?,0209054C,?,00409AE1,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 004073A7

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 40637416ea930bd2570c4396363680a61cc257afb866cc0a67376a26f5c88c76
Instruction ID: cd18fb99e22355188e9d2f817127a110343b64b119c62ac1cd4bac3fbb067e43
Opcode Fuzzy Hash: 40637416ea930bd2570c4396363680a61cc257afb866cc0a67376a26f5c88c76
Instruction Fuzzy Hash: 66E06D726081106BEB10A65ED880E6B67DCCFC6364F04447BBA04EB241C575AC0096B6

Function 004071A8 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00408F7F,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,Wow64DisableWow64FsRedirection,00000000,00408F95), ref: 004071C7

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: b5d7a52e02d208d464bf7f6ecdaab9899475a573c382e68083ca8db3329c0493
Instruction ID: 5be2c53bb0bc0b7205463fa080de9070734fc39b970025fcf129f6524892d52e
Opcode Fuzzy Hash: b5d7a52e02d208d464bf7f6ecdaab9899475a573c382e68083ca8db3329c0493
Instruction Fuzzy Hash: F8E0D8B179830135F22500A44C87B76160E4780700F20403A3B10EE3D2D9BEA50A415F

Function 004075C4 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNEL32(?,020B8000,00409E9B,00000000), ref: 004075CB

Part of subcall function 004073A4: GetLastError.KERNEL32(004072A4,00407442,?,?,0209054C,?,00409AE1,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 004073A7

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ErrorFileLast
String ID:
API String ID: 734332943-0
Opcode ID: db8739a5fd2cf61c38ac8d555984da3fa994a5017d3c1d655494e9af8eb405ba
Instruction ID: 3dced8f94abca6fd64a7c9696b134c452ef52fe1396460a469a389ba9e9200de
Opcode Fuzzy Hash: db8739a5fd2cf61c38ac8d555984da3fa994a5017d3c1d655494e9af8eb405ba
Instruction Fuzzy Hash: 78C04CA160410057DB50A7BE8AC2A0672D85F5820430441B6B908DB287D678EC009615

Function 00406F1F Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,00406F3D), ref: 00406F30

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 3473aa6fdb671349066f074fc3b2aebd5c1d3b8cb352d1e979c386aa55b3b604
Instruction ID: f94a5d2238f2ee5303b4d558b5d93000027bb0092eeb8c65c9d9a83f01a259cd
Opcode Fuzzy Hash: 3473aa6fdb671349066f074fc3b2aebd5c1d3b8cb352d1e979c386aa55b3b604
Instruction Fuzzy Hash: A4B09BB661C2015DE705DAD5745153863D4D7C47103E14577F114D25C0D53C94154518

Function 00406F3B Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,00406F3D), ref: 00406F30

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 5557acf2148e23312bf2bdc7768f633380236e382c485dac7de260305449c299
Instruction ID: 8ce709a7dcc0858879a49907ae7d49f16bd3fabbd46d8b550b3201db24fc95e8
Opcode Fuzzy Hash: 5557acf2148e23312bf2bdc7768f633380236e382c485dac7de260305449c299
Instruction Fuzzy Hash: 46A022B8C00003B2CE80E2F08080A3C23282A883003C00AA2320EB2080C23EC0000A0A

Function 00407DB4 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407E44

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4b604b7c04c55a97cf12a425da2613599e639526dade8246110179d0dcd9af86
Instruction ID: e346e479d4e19dc6fbf4ec70e04c611644565a823529d475df5ed673f567dbda
Opcode Fuzzy Hash: 4b604b7c04c55a97cf12a425da2613599e639526dade8246110179d0dcd9af86
Instruction Fuzzy Hash: 521172716082059BDB10FF19C881B5B3794AF84359F04847AF958AB3C6DA38EC008B6B

Function 00401658 Relevance: 1.3, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(00000000,00000000,00004000,?,?,?,?,?,004018BF), ref: 004016B2

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: a2f32dd8ef58eb042d1926e7c5d87192c2fb778a874e681f692e1318d4ea2181
Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
Opcode Fuzzy Hash: a2f32dd8ef58eb042d1926e7c5d87192c2fb778a874e681f692e1318d4ea2181
Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8

Function 00407460 Relevance: 1.3, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 00407470

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 57bb830fb3630d9a83ec57f7eac22a277ae175c199a92d969abe11a9c095749b
Instruction ID: 0a303eee8e17872e34e3f08f3f74197a254d67d3e0467507f6d8b9a4d6bdce8a
Opcode Fuzzy Hash: 57bb830fb3630d9a83ec57f7eac22a277ae175c199a92d969abe11a9c095749b
Instruction Fuzzy Hash: 9FD0A7C1B00A6017D315F6BF498865B96C85F88685F08843BF684E73D1D67CAC00C3CD

Function 00407D5C Relevance: 1.3, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,00407E3A), ref: 00407D73

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: f18d662fc38f0284a7c8bdb2170b2a8644905928442529ab0c2341243e9dd2c5
Instruction ID: 987a95dec6bedafdacc6f30d71d69a0298e18a8a9a30f6cccb61f0e346f0d057
Opcode Fuzzy Hash: f18d662fc38f0284a7c8bdb2170b2a8644905928442529ab0c2341243e9dd2c5
Instruction Fuzzy Hash: 6FD0E9B17557045BDB90EEB94CC1B1237D97F48600F5044B66904EB296E674E800D614

Non-executed Functions

Function 004092A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028), ref: 004092AF
OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004092B5
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004092CE
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 004092F5
GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004092FA
ExitWindowsEx.USER32(00000002,00000000), ref: 0040930B

Strings

SeShutdownPrivilege, xrefs: 004092C7

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: 2a0162333a77e08806ee048c8adb2592b0adbd8e17023ac1d43b711a23017a7c
Instruction ID: 46e638963846eb8b1a8eef1e5041d40b59806408d3aca7422040dec9ba119927
Opcode Fuzzy Hash: 2a0162333a77e08806ee048c8adb2592b0adbd8e17023ac1d43b711a23017a7c
Instruction Fuzzy Hash: 3FF012B079430276E620AAB58D07F6B62885BC5B48F50493EBA51FA1D3D7BCD8044A6E

Function 00406F48 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0040704D), ref: 00406F71
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00406F77
RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0040704D), ref: 00406FC5

Strings

kernel32.dll, xrefs: 00406F6C
GetUserDefaultUILanguage, xrefs: 00406F67
Control Panel\Desktop\ResourceLocale, xrefs: 00406FD4
Locale, xrefs: 00406FB4
.DEFAULT\Control Panel\International, xrefs: 00406F9C

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: f607686cc0d7273f9df9d94dd6e76e9aefdf0fdd96e28e4fed3be5d0e4603d73
Instruction ID: 82a514a35929d101a3f87db01d263b67a2005a07a92a8f1bbb0e3c876c3699bd
Opcode Fuzzy Hash: f607686cc0d7273f9df9d94dd6e76e9aefdf0fdd96e28e4fed3be5d0e4603d73
Instruction Fuzzy Hash: F3214130E44209AFDB10EAA1CC56B9F77B8AB44304F60857BA605F72C1D77CAA05C79E

Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
GetLastError.KERNEL32(000000F5), ref: 00403C1E

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
String ID:
API String ID: 1694776339-0
Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D

Function 00405314 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,0040555C,?,?,?,?,00000000,00000000,00000000,?,0040653B,00000000,0040654E), ref: 0040532E

Part of subcall function 0040515C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A

Part of subcall function 004051A8: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004053AA,?,?,?,00000000,0040555C), ref: 004051BB

Strings

m/d/yy, xrefs: 004053FD
mmmm d, yyyy, xrefs: 0040541F
:mm:ss, xrefs: 0040552A
AMPM, xrefs: 004054F9
:mm, xrefs: 00405510

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: InfoLocale$DefaultSystem
String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
API String ID: 1044490935-665933166
Opcode ID: 161572950381ad7cbc257d6fe5eb76d638651fb1e2415ab537dea70fc89fa197
Instruction ID: f22f4b18e1885e1925b87b286fa486de3d96a381b4aec2b7527aff107c54c5fa
Opcode Fuzzy Hash: 161572950381ad7cbc257d6fe5eb76d638651fb1e2415ab537dea70fc89fa197
Instruction Fuzzy Hash: 8E514234B00648ABDB00EBA59C91B9F776ADB89304F50957BB514BB3C6CA3DCA058B5C

Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: ByteCharMultiWide$AllocString
String ID:
API String ID: 262959230-0
Opcode ID: daf431a3c2bb6397145c0312c95092c7dd6e0c4ca2be07fc82856b41fd6094de
Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
Opcode Fuzzy Hash: daf431a3c2bb6397145c0312c95092c7dd6e0c4ca2be07fc82856b41fd6094de
Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD

Function 004030DC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00409A6E), ref: 004030E3
GetCommandLineA.KERNEL32(00000000,00409A6E), ref: 004030EE

Strings

U1hd.@, xrefs: 00403103
X6R, xrefs: 004030F3

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: CommandHandleLineModule
String ID: U1hd.@$X6R
API String ID: 2123368496-3194098095
Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD

Function 00401918 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,02090590,?,00000000,?,?,00401B95,00401BAA,00401CEE), ref: 0040192E
RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,02090590,?,00000000,?,?,00401B95,00401BAA,00401CEE), ref: 00401941
LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,02090590,?,00000000,?,?,00401B95,00401BAA,00401CEE), ref: 0040196B
RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,02090590,?,00000000,?,?,00401B95,00401BAA,00401CEE), ref: 004019C8

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: CriticalSection$AllocEnterInitializeLeaveLocal
String ID:
API String ID: 730355536-0
Opcode ID: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
Opcode Fuzzy Hash: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D

Function 00409A04 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409A0E
SizeofResource.KERNEL32(00000000,00000000,?,00409AF9,00000000,0040A08C,?,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 00409A21
LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,00409AF9,00000000,0040A08C,?,00000001,00000000,00000002,00000000,0040A0D4,?,00000000), ref: 00409A33
LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00409AF9,00000000,0040A08C,?,00000001,00000000,00000002,00000000,0040A0D4), ref: 00409A44

Memory Dump Source

Source File: 00000009.00000002.2186382224.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2186331725.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186442695.000000000040B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000009.00000002.2186504419.0000000000411000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_Registration.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: 13ffe1952f0d95e29d084444e35be522072a07585fb49b2685a126b429e6487b
Instruction ID: d67f3324bf52c58dde7a17cbdb2efc6a036c8c105ddb558a6a56d7c7a7ea3d45
Opcode Fuzzy Hash: 13ffe1952f0d95e29d084444e35be522072a07585fb49b2685a126b429e6487b
Instruction Fuzzy Hash: 30E07E913A434225FA6036F708C3B6A014C8BA670EF04503BBB00792C3DEBC8C04452E

Analysis Process: Registration.tmpPID: 6564, Parent PID: 5812COMMON

Execution Graph

Execution Coverage:	17.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	2000
Total number of Limit Nodes:	100

Executed Functions

Function 00485FE0 Relevance: 136.6, APIs: 22, Strings: 55, Instructions: 1871COMMON

Download Yara Rule

Strings

DIREXISTS, xrefs: 00486060
FILEORDIREXISTS, xrefs: 00486099
REGDELETEVALUE, xrefs: 00486AEA
REGKEYEXISTS, xrefs: 00486915
REGQUERYBINARYVALUE, xrefs: 00486ECA
GETCMDTAIL, xrefs: 004864DF
STRINGCHANGEEX, xrefs: 004867B9
SETNTFSCOMPRESSION, xrefs: 004875B9
REGDELETEKEYINCLUDINGSUBKEYS, xrefs: 00486A34
ISADMINLOGGEDON, xrefs: 0048749F
SETINIINT, xrefs: 00486349
GETSHORTNAME, xrefs: 00486675
ISINISECTIONEMPTY, xrefs: 00486292
REGQUERYMULTISTRINGVALUE, xrefs: 00486D2B
REGQUERYDWORDVALUE, xrefs: 00486DED
REMOVEQUOTES, xrefs: 0048663D
GETUILANGUAGE, xrefs: 0048751B
GETSYSTEMDIR, xrefs: 004866DA
FONTEXISTS, xrefs: 004874E7
GETSYSWOW64DIR, xrefs: 00486702
ADDQUOTES, xrefs: 00486605
REGQUERYSTRINGVALUE, xrefs: 00486C69
REMOVEBACKSLASH, xrefs: 00486595
DELETEINIENTRY, xrefs: 0048641F
CHARLENGTH, xrefs: 00487578
ISPOWERUSERLOGGEDON, xrefs: 004874C3
USINGWINNT, xrefs: 0048682D
GETINIBOOL, xrefs: 004861CB
REGWRITEMULTISTRINGVALUE, xrefs: 004871E1
REMOVEBACKSLASHUNLESSROOT, xrefs: 004865CD
REGDELETEKEYIFEMPTY, xrefs: 00486A8F
CONVERTPERCENTSTRING, xrefs: 004868D4
GETWINDIR, xrefs: 004866B2
FILEEXISTS, xrefs: 00486027
FILECOPY, xrefs: 00486851
PARAMSTR, xrefs: 0048652B
STRINGCHANGE, xrefs: 00486752
PARAMCOUNT, xrefs: 00486507
GETTEMPDIR, xrefs: 0048672A
ADDPERIOD, xrefs: 00487540
GETINISTRING, xrefs: 004860D2
REGWRITEDWORDVALUE, xrefs: 004872EB
REGWRITESTRINGVALUE, xrefs: 00486FE9
SETINISTRING, xrefs: 004862DA
ADDBACKSLASH, xrefs: 0048655D
REGWRITEEXPANDSTRINGVALUE, xrefs: 00487100
SETINIBOOL, xrefs: 004863B4
REGWRITEBINARYVALUE, xrefs: 004873BF
REGGETSUBKEYNAMES, xrefs: 00486B8F
GETINIINT, xrefs: 00486146
REGGETVALUENAMES, xrefs: 00486BFC
REGVALUEEXISTS, xrefs: 00486992
GETENV, xrefs: 004864A7
DELETEINISECTION, xrefs: 0048646D
INIKEYEXISTS, xrefs: 00486236

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID:
String ID: ADDBACKSLASH$ADDPERIOD$ADDQUOTES$CHARLENGTH$CONVERTPERCENTSTRING$DELETEINIENTRY$DELETEINISECTION$DIREXISTS$FILECOPY$FILEEXISTS$FILEORDIREXISTS$FONTEXISTS$GETCMDTAIL$GETENV$GETINIBOOL$GETINIINT$GETINISTRING$GETSHORTNAME$GETSYSTEMDIR$GETSYSWOW64DIR$GETTEMPDIR$GETUILANGUAGE$GETWINDIR$INIKEYEXISTS$ISADMINLOGGEDON$ISINISECTIONEMPTY$ISPOWERUSERLOGGEDON$PARAMCOUNT$PARAMSTR$REGDELETEKEYIFEMPTY$REGDELETEKEYINCLUDINGSUBKEYS$REGDELETEVALUE$REGGETSUBKEYNAMES$REGGETVALUENAMES$REGKEYEXISTS$REGQUERYBINARYVALUE$REGQUERYDWORDVALUE$REGQUERYMULTISTRINGVALUE$REGQUERYSTRINGVALUE$REGVALUEEXISTS$REGWRITEBINARYVALUE$REGWRITEDWORDVALUE$REGWRITEEXPANDSTRINGVALUE$REGWRITEMULTISTRINGVALUE$REGWRITESTRINGVALUE$REMOVEBACKSLASH$REMOVEBACKSLASHUNLESSROOT$REMOVEQUOTES$SETINIBOOL$SETINIINT$SETINISTRING$SETNTFSCOMPRESSION$STRINGCHANGE$STRINGCHANGEEX$USINGWINNT
API String ID: 0-3658119371
Opcode ID: 00233e81f4e9017ff61a8c25c8204a2c741892d3ca34ffd55c4700511107f7b0
Instruction ID: 1f533a3817926901e21f115ced2a71318d89b1f82f9318c6f77aeb51c9d307cf
Opcode Fuzzy Hash: 00233e81f4e9017ff61a8c25c8204a2c741892d3ca34ffd55c4700511107f7b0
Instruction Fuzzy Hash: E6D24174B042155BDB00FF79C8925AEB6A5AF99704F21883FF401AB346DE3CED068799

Function 0046AC90 Relevance: 76.2, APIs: 4, Strings: 39, Instructions: 906timeCOMMON

Download Yara Rule

APIs

LocalFileTimeToFileTime.KERNEL32(-00000034,?,00000000,0046BC78,?,00000000,0046BCC1,?,00000000,0046BDFA,?,00000000,?,00000000,?,0046C7BA), ref: 0046AEF6

Part of subcall function 00453230: FindClose.KERNEL32(00000000,000000FF,0046AF0D,00000000,0046BC78,?,00000000,0046BCC1,?,00000000,0046BDFA,?,00000000,?,00000000), ref: 00453246

Part of subcall function 00468DA4: FileTimeToLocalFileTime.KERNEL32(?), ref: 00468DAC
Part of subcall function 00468DA4: FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00468DBB

Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720

Part of subcall function 00452B60: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,00452D37,?,00000000,00452DFB), ref: 00452C87

Strings

@, xrefs: 0046AD90
Time stamp of existing file: %s, xrefs: 0046AFCC
Version of our file: %u.%u.%u.%u, xrefs: 0046B091
, xrefs: 0046B170, 0046B338, 0046B3B6
-- File entry --, xrefs: 0046ACE3
.tmp, xrefs: 0046B54F
Non-default bitness: 32-bit, xrefs: 0046AE5C
Dest file is protected by Windows File Protection., xrefs: 0046AE8E
InUn, xrefs: 0046B6DD
Version of existing file: %u.%u.%u.%u, xrefs: 0046B11D
Version of existing file: (none), xrefs: 0046B292
Existing file is protected by Windows File Protection. Skipping., xrefs: 0046B384
Stripped read-only attribute., xrefs: 0046B45F
Time stamp of existing file: (failed to read), xrefs: 0046AFD8
Failed to strip read-only attribute., xrefs: 0046B46B
Couldn't read time stamp. Skipping., xrefs: 0046B2CD
Existing file's MD5 sum is different from our file. Proceeding., xrefs: 0046B25C
Will register the file (a type library) later., xrefs: 0046BA82
Time stamp of our file: (failed to read), xrefs: 0046AF48
Dest filename: %s, xrefs: 0046AE35
Existing file has a later time stamp. Skipping., xrefs: 0046B367
Skipping due to "onlyifdoesntexist" flag., xrefs: 0046AF6F
Existing file's MD5 sum matches our file. Skipping., xrefs: 0046B24D
Incrementing shared file count (64-bit)., xrefs: 0046BAFB
Dest file exists., xrefs: 0046AF5C
User opted not to strip the existing file's read-only attribute. Skipping., xrefs: 0046B42E
Same time stamp. Skipping., xrefs: 0046B2ED
Time stamp of our file: %s, xrefs: 0046AF3C
Skipping due to "onlyifdestfileexists" flag., xrefs: 0046B492
Incrementing shared file count (32-bit)., xrefs: 0046BB14
Same version. Skipping., xrefs: 0046B27D
Installing the file., xrefs: 0046B4A1
Existing file is a newer version. Skipping., xrefs: 0046B1A3
User opted not to overwrite the existing file. Skipping., xrefs: 0046B3E5
Non-default bitness: 64-bit, xrefs: 0046AE50
Failed to read existing file's MD5 sum. Proceeding., xrefs: 0046B268
Version of our file: (none), xrefs: 0046B09D
Will register the file (a DLL/OCX) later., xrefs: 0046BA8E
Uninstaller requires administrator: %s, xrefs: 0046B70D

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Time$File$Local$CloseFindFullNamePathQuerySystemValue
String ID: $-- File entry --$.tmp$@$Couldn't read time stamp. Skipping.$Dest file exists.$Dest file is protected by Windows File Protection.$Dest filename: %s$Existing file has a later time stamp. Skipping.$Existing file is a newer version. Skipping.$Existing file is protected by Windows File Protection. Skipping.$Existing file's MD5 sum is different from our file. Proceeding.$Existing file's MD5 sum matches our file. Skipping.$Failed to read existing file's MD5 sum. Proceeding.$Failed to strip read-only attribute.$InUn$Incrementing shared file count (32-bit).$Incrementing shared file count (64-bit).$Installing the file.$Non-default bitness: 32-bit$Non-default bitness: 64-bit$Same time stamp. Skipping.$Same version. Skipping.$Skipping due to "onlyifdestfileexists" flag.$Skipping due to "onlyifdoesntexist" flag.$Stripped read-only attribute.$Time stamp of existing file: %s$Time stamp of existing file: (failed to read)$Time stamp of our file: %s$Time stamp of our file: (failed to read)$Uninstaller requires administrator: %s$User opted not to overwrite the existing file. Skipping.$User opted not to strip the existing file's read-only attribute. Skipping.$Version of existing file: %u.%u.%u.%u$Version of existing file: (none)$Version of our file: %u.%u.%u.%u$Version of our file: (none)$Will register the file (a DLL/OCX) later.$Will register the file (a type library) later.
API String ID: 2131814033-2943590984
Opcode ID: 5fb6c0f3e9bf07f34872c3d5d71dc0fbbb10165b890e156bfd65b62c1ae01e20
Instruction ID: f65b5c2ab3d31a984aea8a7ca3a316d928a56dcdaf1079f5525a9e75dbf3fe7a
Opcode Fuzzy Hash: 5fb6c0f3e9bf07f34872c3d5d71dc0fbbb10165b890e156bfd65b62c1ae01e20
Instruction Fuzzy Hash: F0926030A042489BDB11DFA5C495BDDBBB5EF05308F1440ABE844AB392E7789E85CF5A

Function 00423BB4 Relevance: 21.4, APIs: 14, Instructions: 395
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f139f164c0e73484df2e9b5e32d1aad147e5cc2f2eda65c890871099dedccf24
Instruction ID: b3874c0ebfa8e5c98eb4c3a27b14194d81e346ea4a69c1a5551916dd99319231
Opcode Fuzzy Hash: f139f164c0e73484df2e9b5e32d1aad147e5cc2f2eda65c890871099dedccf24
Instruction Fuzzy Hash: E4E1B134704125EFD710DF6AE585A5E77B0EB44304FA580A6E5069B362CB7CEE82DB18

Function 00462994 Relevance: 13.9, APIs: 4, Strings: 3, Instructions: 1620
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0048DA54: GetWindowRect.USER32(00000000), ref: 0048DA6A

LoadBitmapA.USER32(00400000,STOPIMAGE), ref: 00462D63

Part of subcall function 0041D658: GetObjectA.GDI32(?,00000018,00462D7D), ref: 0041D683

Part of subcall function 004627F0: SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 0046288D
Part of subcall function 004627F0: ExtractIconA.SHELL32(00400000,00000000,?), ref: 004628B3
Part of subcall function 004627F0: SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 0046290F
Part of subcall function 004627F0: ExtractIconA.SHELL32(00400000,00000000,?), ref: 00462935

Part of subcall function 0048DCB0: MulDiv.KERNEL32(0000000D,?,0000000D), ref: 0048DCBA

Part of subcall function 0048D9A4: 73A1A570.USER32(00000000,?,?,?), ref: 0048D9C6
Part of subcall function 0048D9A4: SelectObject.GDI32(?,00000000), ref: 0048D9EC
Part of subcall function 0048D9A4: 73A1A480.USER32(00000000,?,0048DA4A,0048DA43,?,00000000,?,?,?), ref: 0048DA3D

Part of subcall function 0048DCA0: MulDiv.KERNEL32(0000004B,?,00000006), ref: 0048DCAA

GetSystemMenu.USER32(00000000,00000000,0000000C,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,00000000,?), ref: 004639DB
AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 004639EC
AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 00463A04

Strings

(Default), xrefs: 00463F97
, xrefs: 00462E25
STOPIMAGE, xrefs: 00462D58

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Menu$AppendExtractFileIconInfoObject$A480A570BitmapLoadRectSelectSystemWindow
String ID: $(Default)$STOPIMAGE
API String ID: 2907157918-770201673
Opcode ID: edd87f1fb70ff78689207597ef215f3f1d8daab5004934605c616b6dfe41ea42
Instruction ID: 0ce2a7c8654b4bda645b85becf187eb8cd9f620879433755a56cf3d7b5830d6a
Opcode Fuzzy Hash: edd87f1fb70ff78689207597ef215f3f1d8daab5004934605c616b6dfe41ea42
Instruction Fuzzy Hash: 97F2E4386005609FCB00EF59D9D9F9A73F1BF8A304F1542B6E5049B36AD774AC46CB8A

Function 00478B6C Relevance: 9.1, APIs: 6, Instructions: 149fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000,?,?,00479E8F,?,?,00000000), ref: 00478BCC
FindNextFileA.KERNEL32(000000FF,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000,?,?,00479E8F,?), ref: 00478C15
FindClose.KERNEL32(000000FF,000000FF,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000,?,?,00479E8F), ref: 00478C22
FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000,?,?,00479E8F,?), ref: 00478C6E
FindNextFileA.KERNEL32(000000FF,?,00000000,00478D3B,?,00000000,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000), ref: 00478D17
FindClose.KERNEL32(000000FF,00478D42,00478D3B,?,00000000,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000), ref: 00478D35

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: a084e4e5c8f054e2080612fc2f017d72a6014d092eaae7f95311f756252c2dca
Instruction ID: 54e57abadac26bdf6b50859d29d6f630f81932fdc3dee25b4239eb6d38c32597
Opcode Fuzzy Hash: a084e4e5c8f054e2080612fc2f017d72a6014d092eaae7f95311f756252c2dca
Instruction Fuzzy Hash: 9C512171900658AFCB21EF65CC49ADEB7B8EB48315F1084BAA408E7391DA389F45CF58

Function 0046F16C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000000,0046F2BE,?,?,00000001,0049307C), ref: 0046F1C5
FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,0046F2BE,?,?,00000001,0049307C), ref: 0046F28A
FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,0046F2BE,?,?,00000001,0049307C), ref: 0046F298

Strings

unins???.*, xrefs: 0046F1AF
unins, xrefs: 0046F218

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID: unins$unins???.*
API String ID: 3541575487-1009660736
Opcode ID: c33e9ed9a5c64a779be56cc970f5b851d3c24f2eac79a6b11c153832b8d2d33a
Instruction ID: 3c9c22acd9639b612fd9d01020641e4b72dcc3c09d6e577180f12476a66c67e0
Opcode Fuzzy Hash: c33e9ed9a5c64a779be56cc970f5b851d3c24f2eac79a6b11c153832b8d2d33a
Instruction Fuzzy Hash: 2831D474600108AFDB50EB69D891ADEB7BCEF05308F5044F6E848E72A2E7399F458F19

Function 004511DC Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000000,0045123F,?,?,-00000001,00000000), ref: 00451219
GetLastError.KERNEL32(00000000,?,00000000,0045123F,?,?,-00000001,00000000), ref: 00451221

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorFileFindFirstLast
String ID:
API String ID: 873889042-0
Opcode ID: a602d2efdf960d6167be496792d274a39b8ae1fe5526e10b942367c2e78b3dad
Instruction ID: 48b66b5ea5a2bd036d7052275c493811c4e0670e4fb7de4650a4648509248124
Opcode Fuzzy Hash: a602d2efdf960d6167be496792d274a39b8ae1fe5526e10b942367c2e78b3dad
Instruction Fuzzy Hash: B0F0F971A04604AB8B10DB6AAC4249EB7ECDB45725B6046BBFC14F3292DA784E048559

Function 00408508 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,004924C0,00000001,?,004085D3,?,00000000,004086B2), ref: 00408526

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e78cb18e13a677ec314dcfb13bf641d8481e9719d632e97f187bed88d7cfff22
Instruction ID: fb41a53da0808811ac7d324c7af8f56b416e217676924749333d5f26c846bbbb
Opcode Fuzzy Hash: e78cb18e13a677ec314dcfb13bf641d8481e9719d632e97f187bed88d7cfff22
Instruction Fuzzy Hash: 84E0927170022466D711A95A9C86AF6B35C9758314F00427FB948EB3C2EDB89E8046A9

Function 00423B2C Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON

Download Yara Rule

APIs

NtdllDefWindowProc_A.USER32(?,?,?,?,?,004240F9,?,00000000,00424104), ref: 00423B56

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: NtdllProc_Window
String ID:
API String ID: 4255912815-0
Opcode ID: c9ca02dc5c13b0bcd4898fe3f6bac102fe768f9dff7234e6a92afc66219a27c4
Instruction ID: 62037174fb3a4e63d39f4d80a9d1e591ad15120c94b51c82d4663250cb3dbf53
Opcode Fuzzy Hash: c9ca02dc5c13b0bcd4898fe3f6bac102fe768f9dff7234e6a92afc66219a27c4
Instruction Fuzzy Hash: A0F0C579205608AFCB40DF9DC588D4AFBE8FB4C260B158295B988CB321C234FE808F94

Function 0042ED38 Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON

Download Yara Rule

APIs

NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0042ED54

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: NtdllProc_Window
String ID:
API String ID: 4255912815-0
Opcode ID: 91b0dd6747560fde216d2f50548a1967917e8f2ec5623530882f2ca8682825d1
Instruction ID: 530d004986d911579cf02e8422d66cb1dcb863e7172150f09f51376a0a0a5638
Opcode Fuzzy Hash: 91b0dd6747560fde216d2f50548a1967917e8f2ec5623530882f2ca8682825d1
Instruction Fuzzy Hash: 64D0A77121010DAFCB00DE9AE840D6F33ACEB88700BA0C806F518C7201C234EC108BB4

Function 0047C39C Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 68
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0047C3AD
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0047C3BA
GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 0047C3C8
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0047C3D0
GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 0047C3DC
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 0047C3FD
GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 0047C410
GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0047C416
GetSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 0047C42D

Strings

GetSystemWow64DirectoryA, xrefs: 0047C3F7
IsWow64Process, xrefs: 0047C3CA
RegDeleteKeyExA, xrefs: 0047C406
GetNativeSystemInfo, xrefs: 0047C3B4
kernel32.dll, xrefs: 0047C3A8
advapi32.dll, xrefs: 0047C40B

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressProc$HandleInfoModuleSystem$CurrentNativeProcess
String ID: GetNativeSystemInfo$GetSystemWow64DirectoryA$IsWow64Process$RegDeleteKeyExA$advapi32.dll$kernel32.dll
API String ID: 2230631259-2623177817
Opcode ID: 88536f7c12e65bd0d8273b1485407be1152ee2236569315de8ce4967890ede1f
Instruction ID: 06dcc6403529f5206617775aef830b133aa19bd788f334af9eebe881936bbdd9
Opcode Fuzzy Hash: 88536f7c12e65bd0d8273b1485407be1152ee2236569315de8ce4967890ede1f
Instruction Fuzzy Hash: 0511E255044341A8CB20B3B55DE6BFB26488B51B18F68C43F688C762D3D67CCC888AAF

Function 00464310 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 155
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegCloseKey.ADVAPI32(?,0046452A,?,?,00000001,00000000,00000000,00464545,?,00000000,00000000,?), ref: 00464513

Strings

Inno Setup: Setup Type, xrefs: 00464422
Inno Setup: Deselected Tasks, xrefs: 004644A1
Inno Setup: Deselected Components, xrefs: 00464454
Inno Setup: Selected Components, xrefs: 00464432
Inno Setup: Selected Tasks, xrefs: 0046447F
Inno Setup: User Info: Name, xrefs: 004644CF
Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0046436F
Inno Setup: No Icons, xrefs: 004643FB
Inno Setup: User Info: Serial, xrefs: 004644F5
Inno Setup: App Path, xrefs: 004643D2
%s\%s_is1, xrefs: 0046438D
Inno Setup: Icon Group, xrefs: 004643EE
Inno Setup: User Info: Organization, xrefs: 004644E2

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseOpen
String ID: %s\%s_is1$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$Software\Microsoft\Windows\CurrentVersion\Uninstall
API String ID: 47109696-1093091907
Opcode ID: 2dace371a504d3622bb4c392a291c113b8a8ef6f8f3038c4c22fc6123b261eec
Instruction ID: fc5077364d37a5906c2ffbe53c2f2339136cb7e8b2833831ee8049aef900e6f6
Opcode Fuzzy Hash: 2dace371a504d3622bb4c392a291c113b8a8ef6f8f3038c4c22fc6123b261eec
Instruction Fuzzy Hash: 1D51D070A00244ABDF11DB64C552BDEBBF4EF85304F6080ABE941A7391E738AF01CB59

Function 0046DA44 Relevance: 23.3, APIs: 8, Strings: 5, Instructions: 554
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegDeleteValueA.ADVAPI32(?,00000000,?,00000002,00000000,00000000,0046DFBB,?,?,?,?,00000000,0046E115,?,?,00000001), ref: 0046DBCC
RegCloseKey.ADVAPI32(?,?,00000000,?,00000002,00000000,00000000,0046DFBB,?,?,?,?,00000000,0046E115,?,?), ref: 0046DBD5

Part of subcall function 0046D898: GetLastError.KERNEL32(00000000,00000000,00000000,0046D96C,?,?,00000001,0049307C), ref: 0046D925

RegDeleteValueA.ADVAPI32(?,00000000,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?,?,00000000,0046E115,?,?), ref: 0046DCF3

Part of subcall function 0042DC0C: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DC38

RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?,?), ref: 0046DDC8
RegSetValueExA.ADVAPI32(?,00000000,00000000,00000002,00000000,00000001,?,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?), ref: 0046DEBC
RegSetValueExA.ADVAPI32(?,00000000,00000000,00000004,?,00000004,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?,?), ref: 0046DF1E

Part of subcall function 0046D898: GetLastError.KERNEL32(00000000,00000000,00000000,0046D96C,?,?,00000001,0049307C), ref: 0046D93B

RegSetValueExA.ADVAPI32(?,00000000,00000000,00000003,00000000,00000000,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?,?), ref: 0046DF6E
RegCloseKey.ADVAPI32(?,0046DFB1,?,00000000,0046DFBB,?,?,?,?,00000000,0046E115,?,?,00000001,0049307C), ref: 0046DFA4

Strings

{olddata}, xrefs: 0046DD79, 0046DE10
olddata, xrefs: 0046DDE4, 0046DE43
|0I, xrefs: 0046DE59, 0046DE8F
break, xrefs: 0046DE51
Cannot access 64-bit registry keys on this version of Windows, xrefs: 0046DB22

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Value$CloseDeleteErrorLast$CreateQuery
String ID: Cannot access 64-bit registry keys on this version of Windows$break$olddata${olddata}$|0I
API String ID: 2797102135-3741232538
Opcode ID: 510315223b3e7d17fd25f769fbec2c80403fa708f72efa79370d2c1b57f16338
Instruction ID: e94ff9ff62352b89d827cbe010cb1ec31ebc1fc567b363989c2fb2b4bcf8395d
Opcode Fuzzy Hash: 510315223b3e7d17fd25f769fbec2c80403fa708f72efa79370d2c1b57f16338
Instruction Fuzzy Hash: 90222974F01248AFDB10DF99D981B9EBBF9AF08304F504066F904AB392D778AE05CB19

Function 0046CE64 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 317
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720

WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0046CFF7
SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046D0EA
SHChangeNotify.SHELL32(00000002,00000001,00000000,00000000), ref: 0046D100
SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046D125

Strings

Filename: %s, xrefs: 0046CF99
.lnk, xrefs: 0046CEED
{group}\, xrefs: 0046CEBB
.pif, xrefs: 0046CF10, 0046D06E
.url, xrefs: 0046CF33
Desktop.ini, xrefs: 0046D1A6
target.lnk, xrefs: 0046D16F

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ChangeNotify$FullNamePathPrivateProfileStringWrite
String ID: .lnk$.pif$.url$Desktop.ini$Filename: %s$target.lnk${group}\
API String ID: 971782779-3668018701
Opcode ID: f1617ab6b71b35178ead2c9d1e8d3e2785dbb240c4cc6a8745c954e4cd1abf1d
Instruction ID: 7241237f7b2753aa4bad096b30eb67052993fe11f1c9b15bd1d8ff4051f223ab
Opcode Fuzzy Hash: f1617ab6b71b35178ead2c9d1e8d3e2785dbb240c4cc6a8745c954e4cd1abf1d
Instruction Fuzzy Hash: E5D10174E002499FDB01EF99D885BDDBBF5AF08318F14406AF804B7392D678AE45CB69

Function 0042381C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041F36C: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041ED4C,?,00423837,00423BB4,0041ED4C), ref: 0041F38A

GetClassInfoA.USER32(00400000,00423624), ref: 00423847
RegisterClassA.USER32(00491630), ref: 0042385F
GetSystemMetrics.USER32(00000000), ref: 00423881
GetSystemMetrics.USER32(00000001), ref: 00423890
SetWindowLongA.USER32(004105F8,000000FC,00423634), ref: 004238EC
SendMessageA.USER32(004105F8,00000080,00000001,00000000), ref: 0042390D
GetSystemMenu.USER32(004105F8,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4,0041ED4C), ref: 00423918
DeleteMenu.USER32(00000000,0000F030,00000000,004105F8,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4,0041ED4C), ref: 00423927
DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,004105F8,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 00423934
DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,004105F8,00000000,00000000,00400000,00000000,00000000,00000000), ref: 0042394A

Strings

$6B, xrefs: 0042383B, 004238BC

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Menu$DeleteSystem$ClassMetrics$AllocInfoLongMessageRegisterSendVirtualWindow
String ID: $6B
API String ID: 183575631-3519776487
Opcode ID: 47bdfcdbd3a205a5ca3d24adb9d9dadf15126c7ed9d013279667879ae497aebb
Instruction ID: 44122239756f869d7af1fdba3570d6082de878778f6117c7260872992629901f
Opcode Fuzzy Hash: 47bdfcdbd3a205a5ca3d24adb9d9dadf15126c7ed9d013279667879ae497aebb
Instruction Fuzzy Hash: 2B31A1B17402107AEB10BF659C82F663698AB14708F10007BFA41EF2E7DABDED04876C

Function 004760F0 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 95
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(00000000,SHGetFolderPathA), ref: 004761F2

Strings

shell32.dll, xrefs: 0047619D
Failed to load DLL "%s", xrefs: 004761D5
SHFOLDERDLL, xrefs: 0047612F
_isetup\_shfoldr.dll, xrefs: 00476122
SHGetFolderPathA, xrefs: 004761E7
Failed to get address of SHGetFolderPathA function, xrefs: 00476203
Failed to get version numbers of _shfoldr.dll, xrefs: 00476148
shfolder.dll, xrefs: 00476155, 0047618E

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressProc
String ID: Failed to get address of SHGetFolderPathA function$Failed to get version numbers of _shfoldr.dll$Failed to load DLL "%s"$SHFOLDERDLL$SHGetFolderPathA$_isetup\_shfoldr.dll$shell32.dll$shfolder.dll
API String ID: 190572456-1072092678
Opcode ID: a2d535c16ed515cbd8098ffcc1ef3c8eebb3befa93ef48f17ab6feb59f006cbe
Instruction ID: 226347d15c1c5d11692c613386f90c3546301fb27c77df9f9534ec7b1eb9fe62
Opcode Fuzzy Hash: a2d535c16ed515cbd8098ffcc1ef3c8eebb3befa93ef48f17ab6feb59f006cbe
Instruction Fuzzy Hash: 68312130A009499FCB50EF95D9819DEB7B6EB45304F91C4B7E808E7252D738AE09CB59

Function 0042ED78 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 90
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetActiveWindow.USER32 ref: 0042EDA7
GetFocus.USER32 ref: 0042EDAF
RegisterClassA.USER32(004917AC), ref: 0042EDD0
CreateWindowExA.USER32(00000000,TWindowDisabler-Window,0042EEA4,88000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0042EE0E
CreateWindowExA.USER32(00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000), ref: 0042EE54
ShowWindow.USER32(00000000,00000008,00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000,00000000,TWindowDisabler-Window), ref: 0042EE65
SetFocus.USER32(00000000,00000000,0042EE87,?,?,?,00000001,00000000,?,004564AE,00000000,00492628), ref: 0042EE6C

Strings

(&I, xrefs: 0042EE7E, 0042EE37, 0042EE44
TWindowDisabler-Window, xrefs: 0042EE07, 0042EE4D

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Window$CreateFocus$ActiveClassRegisterShow
String ID: (&I$TWindowDisabler-Window
API String ID: 3167913817-491212620
Opcode ID: 0122d0094c073fd8bf14a0cd964e37acc17639e17fa1c41221806966c4b8c800
Instruction ID: 82027174cfd9f418450fe8ca69ab33f3320fea0b1784bdf35dac21ea3b2746f1
Opcode Fuzzy Hash: 0122d0094c073fd8bf14a0cd964e37acc17639e17fa1c41221806966c4b8c800
Instruction Fuzzy Hash: E0218171740710BAE710EB62ED02F1B76A8EB04B04F62453BF604AB6D1D7B86D50C6ED

Function 00401A90 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlEnterCriticalSection.KERNEL32(00492420,00000000,00401B68), ref: 00401ABD
LocalFree.KERNEL32(00000000,00000000,00401B68), ref: 00401ACF
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401B68), ref: 00401AEE
LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401B68), ref: 00401B2D
RtlLeaveCriticalSection.KERNEL32(00492420,00401B6F), ref: 00401B58
RtlDeleteCriticalSection.KERNEL32(00492420,00401B6F), ref: 00401B62

Strings

|$I, xrefs: 00401B11
@$I, xrefs: 00401ADB, 00401AF5, 00401AFD
P$I, xrefs: 00401B07

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
String ID: @$I$P$I$|$I
API String ID: 3782394904-2452420409
Opcode ID: 13d60d6258edcbf522f01d7291c019f1f170a7a552ba6335bbe69aef08fb1927
Instruction ID: fb38efb60124e33bd0d6d544a4e8ce278d04d8a52801059130394851150c0a80
Opcode Fuzzy Hash: 13d60d6258edcbf522f01d7291c019f1f170a7a552ba6335bbe69aef08fb1927
Instruction Fuzzy Hash: C611BF30A017407AEB15AB659E82F263BE8A76170CF44007BF40067AF2D7FC9840C7AE

Function 0047A510 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 167
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000), ref: 0047A6B8
FreeLibrary.KERNEL32(00000000), ref: 0047A6CC
SendNotifyMessageA.USER32(000304A0,00000496,00002710,00000000), ref: 0047A731

Strings

Deinitializing Setup., xrefs: 0047A52E
Not restarting Windows because Setup is being run from the debugger., xrefs: 0047A6ED
Restarting Windows., xrefs: 0047A70C
DeinitializeSetup, xrefs: 0047A5C9
GetCustomSetupExitCode, xrefs: 0047A56D

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: FreeLibrary$MessageNotifySend
String ID: DeinitializeSetup$Deinitializing Setup.$GetCustomSetupExitCode$Not restarting Windows because Setup is being run from the debugger.$Restarting Windows.
API String ID: 3817813901-1884538726
Opcode ID: 78b835aae470662fe73809d145c460ccb161a85a566a8cb911e3e43f7e712c62
Instruction ID: f287f9a6f42f295c8f4485c9d1258599c6f04b79e283e83c7e33560143f14427
Opcode Fuzzy Hash: 78b835aae470662fe73809d145c460ccb161a85a566a8cb911e3e43f7e712c62
Instruction Fuzzy Hash: 8C51D034600200AFD315DF65D885B9EBBA4FB9A315F61C4BBE808C73A1CB389D55CB5A

Function 0045196C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00451A05,?,?,?,?,00000000,?,00490B53), ref: 0045198C
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00451992
GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00451A05,?,?,?,?,00000000,?,00490B53), ref: 004519A6
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004519AC

Strings

Wow64RevertWow64FsRedirection, xrefs: 0045199C
shell32.dll, xrefs: 004519D8
kernel32.dll, xrefs: 00451987, 004519A1
Wow64DisableWow64FsRedirection, xrefs: 00451982

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
API String ID: 1646373207-2130885113
Opcode ID: 3bf36bcfd98ce10bad23e2f9ae0128a2780410d433234e43a73a8982a17feb5d
Instruction ID: bc30ab95aa3e68d9a300d6e2b8d7baffeb65242bdbb5e2da560ca488e233ca82
Opcode Fuzzy Hash: 3bf36bcfd98ce10bad23e2f9ae0128a2780410d433234e43a73a8982a17feb5d
Instruction Fuzzy Hash: AF0184B0241744FEDB12EB729C56B5A3A98D711B19F60487BF840A51A3D7FC4D08CA6D

Function 00475DC4 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 108
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00475F37,?,?,00000000,00492628,00000000,00000000,?,00490529,00000000,004906D2,?,00000000), ref: 00475E57
GetLastError.KERNEL32(00000000,00000000,00000000,00475F37,?,?,00000000,00492628,00000000,00000000,?,00490529,00000000,004906D2,?,00000000), ref: 00475E60

Strings

_isetup, xrefs: 00475E42
\_RegDLL.tmp, xrefs: 00475EC4
\_setup64.tmp, xrefs: 00475EEF
Created temporary directory: , xrefs: 00475DF9
REGDLL_EXE, xrefs: 00475ED4

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: Created temporary directory: $REGDLL_EXE$\_RegDLL.tmp$\_setup64.tmp$_isetup
API String ID: 1375471231-1421604804
Opcode ID: d971e988ddd947d72368aaad927c191851754868bdd5cef345a65f7cfcfe1743
Instruction ID: 2992479d9a41277d4ba3c51ea03d54e21519c43d7d484cf0d062ff4dd53bb91c
Opcode Fuzzy Hash: d971e988ddd947d72368aaad927c191851754868bdd5cef345a65f7cfcfe1743
Instruction Fuzzy Hash: 0E415674A105099BDB00EF91D881ADEB7B9FF44305F50843BE815BB396DB78AE058B58

Function 00430158 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23registryclipboardthreadCOMMON

Download Yara Rule

APIs

RegisterClipboardFormatA.USER32(commdlg_help), ref: 00430160
RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 0043016F
GetCurrentThreadId.KERNEL32 ref: 00430189
GlobalAddAtomA.KERNEL32(00000000), ref: 004301AA

Strings

commdlg_help, xrefs: 0043015B
commdlg_FindReplace, xrefs: 0043016A
WndProcPtr%.8X%.8X, xrefs: 0043019B

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ClipboardFormatRegister$AtomCurrentGlobalThread
String ID: WndProcPtr%.8X%.8X$commdlg_FindReplace$commdlg_help
API String ID: 4130936913-2943970505
Opcode ID: 28029589c3db21dee67d6af112ea14edfd7444fd649c35e836976e13e9a64ada
Instruction ID: 59c811c4a41a2c0c62e5dc841fd9799240dd828c67306f5793c7ecde0d0b434c
Opcode Fuzzy Hash: 28029589c3db21dee67d6af112ea14edfd7444fd649c35e836976e13e9a64ada
Instruction Fuzzy Hash: F0F0A7705483409AD700EB35C902B1A7BE4AB58708F004A3FF458A63E1D77A9900CB1F

Function 004547A4 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 178COMMON

Download Yara Rule

APIs

756FE550.OLE32(00491A3C,00000000,00000001,00491774,?,00000000,0045499A), ref: 004547E0

Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9

756FE550.OLE32(00491764,00000000,00000001,00491774,?,00000000,0045499A), ref: 00454804
SysFreeString.OLEAUT32(00000000), ref: 0045495F

Strings

IShellLink::QueryInterface, xrefs: 004548D7
IPersistFile::Save, xrefs: 00454931
CoCreateInstance, xrefs: 0045480F

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: E550String$AllocByteCharFreeMultiWide
String ID: CoCreateInstance$IPersistFile::Save$IShellLink::QueryInterface
API String ID: 2757340368-615220198
Opcode ID: 30c84a6b22ae8ec60ba87615f6782f2ed58e1117184a8e9cdc9aaee44ca2ff94
Instruction ID: 20b93dc07a47b2b5ead177be154b0c5a355cf91e616f5ebb89302d411650f3f2
Opcode Fuzzy Hash: 30c84a6b22ae8ec60ba87615f6782f2ed58e1117184a8e9cdc9aaee44ca2ff94
Instruction Fuzzy Hash: F15120B5A00105AFDB50EFA9C885F9F77F8AF49309F044066B904EB262D778DD88CB19

Function 00453578 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 155COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,D:"G,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,00453794,00453794,?,00453794,00000000), ref: 00453720
CloseHandle.KERNEL32(?,?,D:"G,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,00453794,00453794,?,00453794), ref: 0045372D

Part of subcall function 004534E4: WaitForInputIdle.USER32(?,00000032), ref: 00453510
Part of subcall function 004534E4: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00453532
Part of subcall function 004534E4: GetExitCodeProcess.KERNEL32(?,?), ref: 00453541
Part of subcall function 004534E4: CloseHandle.KERNEL32(?,0045356E,00453567,?,?,?,00000000,?,?,00453741,?,?,?,D:"G,00000000,00000000), ref: 00453561

Strings

.cmd, xrefs: 00453623
COMMAND.COM" /C , xrefs: 0045368C
D:"G, xrefs: 004536F8, 004536FB
cmd.exe" /C ", xrefs: 00453655
.bat, xrefs: 00453608

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
String ID: .bat$.cmd$COMMAND.COM" /C $D:"G$cmd.exe" /C "
API String ID: 854858120-4270494884
Opcode ID: bccf3e7cba150ee1aae3b47e09a506dfff9cf5ab091d589901dc61c2f7b9f919
Instruction ID: e48de0c09470f56e814a1eaeb461330263aa011ed8558adaef5bf8b5374a4d6d
Opcode Fuzzy Hash: bccf3e7cba150ee1aae3b47e09a506dfff9cf5ab091d589901dc61c2f7b9f919
Instruction Fuzzy Hash: AD517874A0034DABCB11EF95C881B9DBBB9AF48746F50403BBC04B7382D7789B198B58

Function 00423634 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96windowCOMMON

Download Yara Rule

APIs

LoadIconA.USER32(00400000,MAINICON), ref: 004236C4
GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418F8E,00000000,?,?,?,00000001), ref: 004236F1
OemToCharA.USER32(?,?), ref: 00423704
CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418F8E,00000000,?,?,?,00000001), ref: 00423744

Strings

MAINICON, xrefs: 004236B9
2, xrefs: 00423692

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Char$FileIconLoadLowerModuleName
String ID: 2$MAINICON
API String ID: 3935243913-3181700818
Opcode ID: 224cf75db4ea10a89a7eebe0d84fc4cc31f478398fb3606dfc63747a48c8d72c
Instruction ID: 65266eba4a5d446380783eb4ad5427bb3c2b6e1eaca800c785880fb46d02af3b
Opcode Fuzzy Hash: 224cf75db4ea10a89a7eebe0d84fc4cc31f478398fb3606dfc63747a48c8d72c
Instruction Fuzzy Hash: E53193B0A042559ADB10EF29C8C57C67BE89F14308F4441BAE944DB393D7BED988CB59

Function 00418EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55threadCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(00000000), ref: 00418EE5
GlobalAddAtomA.KERNEL32(00000000), ref: 00418F06
GetCurrentThreadId.KERNEL32 ref: 00418F21
GlobalAddAtomA.KERNEL32(00000000), ref: 00418F42

Part of subcall function 00423070: 73A1A570.USER32(00000000,?,?,00000000,?,00418F7B,00000000,?,?,?,00000001), ref: 004230C6
Part of subcall function 00423070: EnumFontsA.GDI32(00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000,?,?,?,00000001), ref: 004230D9
Part of subcall function 00423070: 73A24620.GDI32(00000000,0000005A,00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000), ref: 004230E1
Part of subcall function 00423070: 73A1A480.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000), ref: 004230EC

Part of subcall function 00423634: LoadIconA.USER32(00400000,MAINICON), ref: 004236C4
Part of subcall function 00423634: GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418F8E,00000000,?,?,?,00000001), ref: 004236F1
Part of subcall function 00423634: OemToCharA.USER32(?,?), ref: 00423704
Part of subcall function 00423634: CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418F8E,00000000,?,?,?,00000001), ref: 00423744

Part of subcall function 0041F0C0: GetVersion.KERNEL32(?,00418F98,00000000,?,?,?,00000001), ref: 0041F0CE
Part of subcall function 0041F0C0: SetErrorMode.KERNEL32(00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F0EA
Part of subcall function 0041F0C0: LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F0F6
Part of subcall function 0041F0C0: SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F104
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F134
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F15D
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F172
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F187
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F19C
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F1B1
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F1C6
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F1DB
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F1F0
Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F205

Strings

Delphi%.8X, xrefs: 00418EF7
ControlOfs%.8X%.8X, xrefs: 00418F33

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressProc$AtomCharCurrentErrorGlobalLoadMode$A24620A480A570EnumFileFontsIconLibraryLowerModuleNameProcessThreadVersion
String ID: ControlOfs%.8X%.8X$Delphi%.8X
API String ID: 3864787166-2767913252
Opcode ID: ef7e27ba16645ad8f4c699e646a7607366e766e332a0da38ca4bd420b63be1db
Instruction ID: b182b06b3bcb1b2e8c3ba80a322d5fe38ad1e868bfed4ce1d31fb71d0c0c557e
Opcode Fuzzy Hash: ef7e27ba16645ad8f4c699e646a7607366e766e332a0da38ca4bd420b63be1db
Instruction Fuzzy Hash: 051142B06142406AC740FF36998274A76E1EBA4308F40853FF448EB3E1DB7D9945CB6E

Function 004135E4 Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

SetWindowLongA.USER32(?,000000FC,?), ref: 0041360C
GetWindowLongA.USER32(?,000000F0), ref: 00413617
GetWindowLongA.USER32(?,000000F4), ref: 00413629
SetWindowLongA.USER32(?,000000F4,?), ref: 0041363C
SetPropA.USER32(?,00000000,00000000), ref: 00413653
SetPropA.USER32(?,00000000,00000000), ref: 0041366A

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: LongWindow$Prop
String ID:
API String ID: 3887896539-0
Opcode ID: 0a6263d03eac2d2bce2c4b1186c1d291e8e55930424baaf96426919c90c6d239
Instruction ID: f31fb67a9e11a3f95cb2897c8c98fc4a52a333ae5d38a5fa38f8a355adb326ca
Opcode Fuzzy Hash: 0a6263d03eac2d2bce2c4b1186c1d291e8e55930424baaf96426919c90c6d239
Instruction Fuzzy Hash: C911CC75500245BFDB00EF99DC84E9A37E8AB19364F104266F918DB2A1D738D9908B64

Function 00453BEC Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,00453D83,?,00000000,00453DC3), ref: 00453CC9

Strings

PendingFileRenameOperations2, xrefs: 00453C98
SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00453C4C
WININIT.INI, xrefs: 00453CF8
PendingFileRenameOperations, xrefs: 00453C68

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseOpen
String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
API String ID: 47109696-2199428270
Opcode ID: f76b3d85ebc38cf40c8e9ce28396bee8e6c12bbe233298d73d3cca6c324ead01
Instruction ID: aa5cd69e504587c061a58de22e540fe2c0eb6883408e267526cdea27caab368f
Opcode Fuzzy Hash: f76b3d85ebc38cf40c8e9ce28396bee8e6c12bbe233298d73d3cca6c324ead01
Instruction Fuzzy Hash: AF51D730E002489BDB10EF61DC52ADEB7B9EF44745F50857BE804A7292DB3CAF09CA18

Function 004627F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115windowCOMMON

Download Yara Rule

APIs

SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 0046288D
ExtractIconA.SHELL32(00400000,00000000,?), ref: 004628B3

Part of subcall function 00462730: DrawIconEx.USER32(00000000,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000003), ref: 004627C8
Part of subcall function 00462730: DestroyCursor.USER32(00000000), ref: 004627DE

SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 0046290F
ExtractIconA.SHELL32(00400000,00000000,?), ref: 00462935

Strings

c:\directory, xrefs: 00462888

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Icon$ExtractFileInfo$CursorDestroyDraw
String ID: c:\directory
API String ID: 2926980410-3984940477
Opcode ID: 29e0c85cb7bbc84e991fe9b864147cbcc3941f6a1fa61eb28117cfda4f6013bc
Instruction ID: 427904fd0b382b2f05c77991b1ac4ddebc586400d5837c21677a4a344efa396e
Opcode Fuzzy Hash: 29e0c85cb7bbc84e991fe9b864147cbcc3941f6a1fa61eb28117cfda4f6013bc
Instruction Fuzzy Hash: CD418D70700644BFDB10DB55CD8AFDBBBE8AB49304F1040A6F90497291D6B8AE84CA59

Function 0047BB48 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 213COMMON

Download Yara Rule

APIs

SetActiveWindow.USER32(?,?,00000000,0047BE5D,?,?,00000001,?), ref: 0047BC59
SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 0047BCCE

Strings

, xrefs: 0047BD8B
Need to restart Windows? %s, xrefs: 0047BD0B

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ActiveChangeNotifyWindow
String ID: $Need to restart Windows? %s
API String ID: 1160245247-4200181552
Opcode ID: ed1255ec7530e5d27df6289ed88c297b95d2c2b5d9591ca7c9600edd0e9b0b88
Instruction ID: f4c1e1fff3503470ea18fdaabc6d14c851de77ee15ab21044676623dc6a244ae
Opcode Fuzzy Hash: ed1255ec7530e5d27df6289ed88c297b95d2c2b5d9591ca7c9600edd0e9b0b88
Instruction Fuzzy Hash: 0F9170346042449FCB01EF69D886B9A77F5EF56308F1080BBE8049B366DB78AD45CB99

Function 00469F80 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON

Download Yara Rule

APIs

Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720

Part of subcall function 0042CAA4: CharPrevA.USER32(?,00000000,?,00000001,?,?,0042CBD2,00000000,0042CBF8,?,00000001,?,?,00000000,?,0042CC4A), ref: 0042CACC

GetLastError.KERNEL32(00000000,0046A17D,?,?,00000001,0049307C), ref: 0046A05A
SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046A0D4
SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046A0F9

Strings

Creating directory: %s, xrefs: 0046A042

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ChangeNotify$CharErrorFullLastNamePathPrev
String ID: Creating directory: %s
API String ID: 2168629741-483064649
Opcode ID: f0ea55da9561c7475a5743fab90f50c64dd7051ef843fcce111b49f539560e2f
Instruction ID: 39b67aeb1d7855c22aabfe2f82cf891ef9e94af442bcdac43ae26702b455444b
Opcode Fuzzy Hash: f0ea55da9561c7475a5743fab90f50c64dd7051ef843fcce111b49f539560e2f
Instruction Fuzzy Hash: 8A512374E00248ABDB01DFA9C982BDEB7F5AF49304F50846AE851B7382D7785E04CF5A

Function 0045333C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 004533EA
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,004534B0), ref: 00453454

Strings

sfc.dll, xrefs: 004533AC
SfcIsFileProtected, xrefs: 004533E4

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressByteCharMultiProcWide
String ID: SfcIsFileProtected$sfc.dll
API String ID: 2508298434-591603554
Opcode ID: 4b50ca8e1327cf77ffaefa782f18a20e389156e08d40e3b6f393e5ded95c096a
Instruction ID: 1adb4bde248a8b19f2f304064bd770535e454300abe4aaf5ea9dda1ac3de6c9a
Opcode Fuzzy Hash: 4b50ca8e1327cf77ffaefa782f18a20e389156e08d40e3b6f393e5ded95c096a
Instruction Fuzzy Hash: C741B470A00218ABEB21DF55DD85B9DB7B8AB0534AF5040BBF808A3292D7785F48DA5C

Function 00450C8C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

74D41520.VERSION(00000000,?,?,?,0048F996), ref: 00450CAC
74D41500.VERSION(00000000,?,00000000,?,00000000,00450D27,?,00000000,?,?,?,0048F996), ref: 00450CD9
74D41540.VERSION(?,00450D50,?,?,00000000,?,00000000,?,00000000,00450D27,?,00000000,?,?,?,0048F996), ref: 00450CF3

Strings

aE, xrefs: 00450D37, 00450CFF

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: D41500D41520D41540
String ID: aE
API String ID: 2153611984-88912727
Opcode ID: 5f4df345e488c05fd5bd4e33c36db4a7a4bcf57642fa48d89191aa24049eff36
Instruction ID: fa6cca6fee997d329f140acf62b9c68117f89c9724db0c09afd566eb7417e920
Opcode Fuzzy Hash: 5f4df345e488c05fd5bd4e33c36db4a7a4bcf57642fa48d89191aa24049eff36
Instruction Fuzzy Hash: 66215379A00649AFDB01DAE98C41DBFB7FCEB49301F55407AFD04E3242D679AE088769

Function 00404D2A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404DC5
ExitProcess.KERNEL32 ref: 00404E0D

Strings

Runtime error at 00000000, xrefs: 00404DBE, 00404DD1
Error, xrefs: 00404DB9

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ExitMessageProcess
String ID: Error$Runtime error at 00000000
API String ID: 1220098344-2970929446
Opcode ID: cb3f50221c7fc4a280dd17ceecd31964af7b7a4f5716c995046d60236483f2a1
Instruction ID: 54305f10cd77fd258ec0cbb2b3b89b3afa079266c0d37f3845e7031a68d66c88
Opcode Fuzzy Hash: cb3f50221c7fc4a280dd17ceecd31964af7b7a4f5716c995046d60236483f2a1
Instruction Fuzzy Hash: 1E21C560A44281AAEB16A775EE817163B9197E5348F048177E700B73F3C6FC8C84C7AE

Function 00453F24 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegCloseKey.ADVAPI32(?,00453F8F,?,00000001,00000000), ref: 00453F82

Strings

PendingFileRenameOperations2, xrefs: 00453F63
SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00453F30
PendingFileRenameOperations, xrefs: 00453F54

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseOpen
String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
API String ID: 47109696-2115312317
Opcode ID: 6aa32a05bdffddbfdf104d4ca92a91a02612c013f845a1d49a6d42f410d0fa0d
Instruction ID: 2fe5d9dd412f96f0258c427e8e9e7532a7d77a38f3856869fbc3dabfb8f5c388
Opcode Fuzzy Hash: 6aa32a05bdffddbfdf104d4ca92a91a02612c013f845a1d49a6d42f410d0fa0d
Instruction Fuzzy Hash: 1DF0C233B443087FDB09DA62AC07A1AB3ECD744B56FA0446BF80086582DA79AE04922C

Function 0046C624 Relevance: 6.3, APIs: 4, Instructions: 263fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(000000FF,?,00000000,0046C7F5,?,00000000,?,00000001,00000000,0046C9C3,?,00000000,?,00000000,?,0046CB7E), ref: 0046C7D1
FindClose.KERNEL32(000000FF,0046C7FC,0046C7F5,?,00000000,?,00000001,00000000,0046C9C3,?,00000000,?,00000000,?,0046CB7E,?), ref: 0046C7EF
FindNextFileA.KERNEL32(000000FF,?,00000000,0046C917,?,00000000,?,00000001,00000000,0046C9C3,?,00000000,?,00000000,?,0046CB7E), ref: 0046C8F3
FindClose.KERNEL32(000000FF,0046C91E,0046C917,?,00000000,?,00000001,00000000,0046C9C3,?,00000000,?,00000000,?,0046CB7E,?), ref: 0046C911

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Find$CloseFileNext
String ID:
API String ID: 2066263336-0
Opcode ID: f7e06fb7b52dbd29acea3ba7f6c3f0cef2f575a7995ebfd0a6c3e967ea8d6e65
Instruction ID: 1dd2fae92c3a96226fdad02eb244197cfc035410fb76892232ec07de3388933a
Opcode Fuzzy Hash: f7e06fb7b52dbd29acea3ba7f6c3f0cef2f575a7995ebfd0a6c3e967ea8d6e65
Instruction Fuzzy Hash: 21B12D7490424D9FCF11DFA5C881ADEBBB9BF4C304F5081AAE848B3251E7389A45CF59

Function 0042121C Relevance: 6.1, APIs: 4, Instructions: 127windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(00000000), ref: 00421309
SetMenu.USER32(00000000,00000000), ref: 00421326
SetMenu.USER32(00000000,00000000), ref: 0042135B
SetMenu.USER32(00000000,00000000), ref: 00421377

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Menu
String ID:
API String ID: 3711407533-0
Opcode ID: 69c3d24cbd3908ab398b23ff4996bcca6d71d6d9efd1b021582025e8ce73b4a6
Instruction ID: 0f81d55959a1cf47e4f4fbe1fb89748b5e36cc62268cbc8ca2fac5ad34181ecf
Opcode Fuzzy Hash: 69c3d24cbd3908ab398b23ff4996bcca6d71d6d9efd1b021582025e8ce73b4a6
Instruction Fuzzy Hash: 1341C37070025557EB20BB3AA88579A76924F65308F4901BFBC44DF3A7CA7DCC4683AC

Function 00416AEA Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,?,?,?), ref: 00416B2C
SetTextColor.GDI32(?,00000000), ref: 00416B46
SetBkColor.GDI32(?,00000000), ref: 00416B60
CallWindowProcA.USER32(?,?,?,?,?), ref: 00416B88

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Color$CallMessageProcSendTextWindow
String ID:
API String ID: 601730667-0
Opcode ID: 831653d1d8648c3fe7cb1a6018f65aa2cb4bbe39bc5b54727707e04c0b0daf1f
Instruction ID: b033cece6509217f2327ce801b750aa6be190e92d4bc00e16b2453bc82832c42
Opcode Fuzzy Hash: 831653d1d8648c3fe7cb1a6018f65aa2cb4bbe39bc5b54727707e04c0b0daf1f
Instruction Fuzzy Hash: DA112EB2204610AFC710EE6ECDC5E9777ECEF49314715882AB59ADB612D638F8418B29

Function 00423A2C Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

EnumWindows.USER32(004239C4), ref: 00423A50
GetWindow.USER32(?,00000003), ref: 00423A65
GetWindowLongA.USER32(?,000000EC), ref: 00423A74
SetWindowPos.USER32(00000000,00424104,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,00424153,?,?,00423D1B), ref: 00423AAA

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Window$EnumLongWindows
String ID:
API String ID: 4191631535-0
Opcode ID: 2ac3058ad058fb58bc43d272a33111b98432a4fbb6a4c2e0798833925aa94dac
Instruction ID: 2aa942e0144c2f66fd74dad5558343876cb1daa91c8e5ea9adb7241dccc7aa7f
Opcode Fuzzy Hash: 2ac3058ad058fb58bc43d272a33111b98432a4fbb6a4c2e0798833925aa94dac
Instruction Fuzzy Hash: C9112E70704610ABDB10DF68DD85F5A77E4EB08725F11066AF994AB2E2C3789D41CB58

Function 00423070 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,?,?,00000000,?,00418F7B,00000000,?,?,?,00000001), ref: 004230C6
EnumFontsA.GDI32(00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000,?,?,?,00000001), ref: 004230D9
73A24620.GDI32(00000000,0000005A,00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000), ref: 004230E1
73A1A480.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000), ref: 004230EC

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: A24620A480A570EnumFonts
String ID:
API String ID: 2630238358-0
Opcode ID: 541138733ee3697c01f8c81797123c03923b2bd4d964166bd9626717c6dd975c
Instruction ID: afad048246e6630919bdfa9f1eb422a1972ed3af21ea5203bed7575143a0f70f
Opcode Fuzzy Hash: 541138733ee3697c01f8c81797123c03923b2bd4d964166bd9626717c6dd975c
Instruction Fuzzy Hash: 9D01D2717043002AE700BF7A5C82B9B3A549F05319F44023BF804AF2C2D6BE9905876E

Function 004534E4 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

WaitForInputIdle.USER32(?,00000032), ref: 00453510
MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00453532
GetExitCodeProcess.KERNEL32(?,?), ref: 00453541
CloseHandle.KERNEL32(?,0045356E,00453567,?,?,?,00000000,?,?,00453741,?,?,?,D:"G,00000000,00000000), ref: 00453561

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
String ID:
API String ID: 4071923889-0
Opcode ID: cb2ec6e2e327cbe717a960b84219f2604a12aee98f16707f6853b19b6914ee48
Instruction ID: 976b375f78923eada3d8d1f25cef2af6e5c381faa9b0e8b7c45c7f6a29b52fc4
Opcode Fuzzy Hash: cb2ec6e2e327cbe717a960b84219f2604a12aee98f16707f6853b19b6914ee48
Instruction Fuzzy Hash: 48019670A4060C7AEB209BA98C06E6B7AACDB057A1F610167B904D72C2E5789E008A68

Function 00475FC4 Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00475FE5
GetLastError.KERNEL32 ref: 00475FEF
GetTickCount.KERNEL32 ref: 00475FF9
Sleep.KERNEL32(00000032), ref: 00476009

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorLast$CountSleepTick
String ID:
API String ID: 2227064392-0
Opcode ID: aadb22e46f36e2e7530594f2afb87a8d879590c282ab00bcab08a1c1c09b4d0e
Instruction ID: ac2bc92c64288a8ae8ad87d3879801b84766de851918f2f303a3950bd66c2a85
Opcode Fuzzy Hash: aadb22e46f36e2e7530594f2afb87a8d879590c282ab00bcab08a1c1c09b4d0e
Instruction Fuzzy Hash: E8E02B31309D8045CE2879BE18827FF458AEB85324B35493FF0CED6282CC1C4C05A92E

Function 004598F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166COMMON

Download Yara Rule

APIs

Part of subcall function 0044FC44: SetEndOfFile.KERNEL32(?,?,004599C5,00000000,00459B68,?,00000000,00000002,00000002), ref: 0044FC4B

FlushFileBuffers.KERNEL32(?), ref: 00459B34

Strings

EndOffset range exceeded, xrefs: 00459A56
NumRecs range exceeded, xrefs: 00459A1F

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: File$BuffersFlush
String ID: EndOffset range exceeded$NumRecs range exceeded
API String ID: 3593489403-659731555
Opcode ID: ef07b891dab5b5a605824b16cda2af0af612d2c73a3dda369383fcccd61e714c
Instruction ID: 995539901c97ad68f5746cda8c194ef6f3d3db8d93705507f5965892a0295e18
Opcode Fuzzy Hash: ef07b891dab5b5a605824b16cda2af0af612d2c73a3dda369383fcccd61e714c
Instruction Fuzzy Hash: D2613E34A00258CBDB25DF15C881ADAB3B5EB49305F0081EAED49AB352D778AEC9CF54

Function 00490B04 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 00403344: GetModuleHandleA.KERNEL32(00000000,00490B12), ref: 0040334B
Part of subcall function 00403344: GetCommandLineA.KERNEL32(00000000,00490B12), ref: 00403356

Part of subcall function 00409B20: 6F571CD0.COMCTL32(00490B21), ref: 00409B20

Part of subcall function 004108FC: GetCurrentThreadId.KERNEL32 ref: 0041094A

Part of subcall function 00418FE8: GetVersion.KERNEL32(00490B35), ref: 00418FE8

Part of subcall function 0044EE30: GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00490B49), ref: 0044EE6B
Part of subcall function 0044EE30: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044EE71

Part of subcall function 0045196C: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00451A05,?,?,?,?,00000000,?,00490B53), ref: 0045198C
Part of subcall function 0045196C: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00451992
Part of subcall function 0045196C: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00451A05,?,?,?,?,00000000,?,00490B53), ref: 004519A6
Part of subcall function 0045196C: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004519AC

Part of subcall function 0045FCBC: LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,00490B67), ref: 0045FCCB
Part of subcall function 0045FCBC: GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 0045FCD1

Part of subcall function 004678D8: GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 004678ED

Part of subcall function 00472434: GetModuleHandleA.KERNEL32(kernel32.dll,?,00490B71), ref: 0047243A
Part of subcall function 00472434: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00472447
Part of subcall function 00472434: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00472457

Part of subcall function 0048DD14: RegisterClipboardFormatA.USER32(QueryCancelAutoPlay), ref: 0048DD2D

SetErrorMode.KERNEL32(00000001,00000000,00490BB9), ref: 00490B8B

Part of subcall function 00490914: GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00490B95,00000001,00000000,00490BB9), ref: 0049091E
Part of subcall function 00490914: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00490924

Part of subcall function 0042447C: SendMessageA.USER32(?,0000B020,00000000,?), ref: 0042449B

Part of subcall function 0042426C: SetWindowTextA.USER32(?,00000000), ref: 00424284

ShowWindow.USER32(?,00000005,00000000,00490BB9), ref: 00490BFC

Part of subcall function 0047B260: SetActiveWindow.USER32(?), ref: 0047B304

Strings

Setup, xrefs: 00490BE2

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressProc$HandleModule$Window$ActiveClipboardCommandCurrentErrorF571FormatLibraryLineLoadMessageModeRegisterSendShowTextThreadVersion
String ID: Setup
API String ID: 4284711697-3839654196
Opcode ID: 9cd33b1c8937315f38dc0f2c665d92361368b818e9e874b20810c8ec2ffb4ac9
Instruction ID: 93c4262b2fd0981b4a3bf9bbc89b82d5fe8812d296d35f6d6b268422da34e6e8
Opcode Fuzzy Hash: 9cd33b1c8937315f38dc0f2c665d92361368b818e9e874b20810c8ec2ffb4ac9
Instruction Fuzzy Hash: CC31C635204204AED605BBB7ED1391E3BA4EB8971CB61447FF404929A3DE7C5C518A7E

Function 0042DA40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(?,ProductType,00000000,?,00000000,?,00000000,0042DB61), ref: 0042DA78
RegQueryValueExA.ADVAPI32(?,ProductType,00000000,?,00000000,00000000,?,ProductType,00000000,?,00000000,?,00000000,0042DB61), ref: 0042DAD0

Strings

ProductType, xrefs: 0042DA76, 0042DACE

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: QueryValue
String ID: ProductType
API String ID: 3660427363-120863269
Opcode ID: 89ea911e9e9e379bcd7576c1b2be37ecd37960a6dd03b5e8f89076a5a954d953
Instruction ID: 22425fb9ba400e549f89719797a15a519fe31236383ac1a1c9c2ba634efda0a6
Opcode Fuzzy Hash: 89ea911e9e9e379bcd7576c1b2be37ecd37960a6dd03b5e8f89076a5a954d953
Instruction Fuzzy Hash: 67416934E04128EFDF21DF95D890BEFBBB8EB45304F9185A7E510A7280D778AA44CB58

Function 004521A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0045228F,?,?,00000000,00492628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004521E6
GetLastError.KERNEL32(00000000,00000000,?,00000000,0045228F,?,?,00000000,00492628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004521EF

Strings

.tmp, xrefs: 004521CF

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: 95b321a80a7f49f3410ff19ad884a03b5149450dce792f72d1a7e619d8ed1185
Instruction ID: 1cc7738378c32de01c08681629a8df9cd6432d6ac9a10e78220417a5cd0dd7bd
Opcode Fuzzy Hash: 95b321a80a7f49f3410ff19ad884a03b5149450dce792f72d1a7e619d8ed1185
Instruction Fuzzy Hash: 68213579A002089BDB01EFA1C9529DFB7B9EF49305F50457BF801B7342DA7C9E058A65

Function 0042DB8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(?,Inno Setup: No Icons,00000000,00000000,00000000,00000000), ref: 0042DBA0
RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,Inno Setup: No Icons,00000000,00000000,00000000), ref: 0042DBE0

Strings

Inno Setup: No Icons, xrefs: 0042DB9E

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Value$EnumQuery
String ID: Inno Setup: No Icons
API String ID: 1576479698-2016326496
Opcode ID: 27395a03c974edef8614e4d703d92d77d0c005b30616b294ab8beb4a4c35b9de
Instruction ID: 963321e0e52aed92ccfb8a2f54d21a93e2c319f999d6bed2d0c39c2fe313cf58
Opcode Fuzzy Hash: 27395a03c974edef8614e4d703d92d77d0c005b30616b294ab8beb4a4c35b9de
Instruction Fuzzy Hash: 7201F731B4536069F73085166D11B7BA9889B41B64F65003BF940EA3C0D2D9AC04E36E

Function 004758D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,00475B5A,00000000,00475B70,?,?,?,?,00000000), ref: 00475936

Strings

RegisteredOwner, xrefs: 00475913
RegisteredOrganization, xrefs: 00475925

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Close
String ID: RegisteredOrganization$RegisteredOwner
API String ID: 3535843008-1113070880
Opcode ID: 5b499c5ebe2b66368d529b8309cb579cd96a88c5063b61e29b949e59bb2d7f3f
Instruction ID: 48b656342ec2bd2b5ab7dbcfa9b326a46bbbd2cb26f9bcc12124a5356ca6e139
Opcode Fuzzy Hash: 5b499c5ebe2b66368d529b8309cb579cd96a88c5063b61e29b949e59bb2d7f3f
Instruction Fuzzy Hash: 63F0F6B0B04144EBEB00DA72AC9279B3759D742304F60807BA2058F251D6B9AF01D74C

Function 0046F3F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,0046F62F), ref: 0046F41D
CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,0046F62F), ref: 0046F434

Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B

Strings

CreateFile, xrefs: 0046F429

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseCreateErrorFileHandleLast
String ID: CreateFile
API String ID: 2528220319-823142352
Opcode ID: 899fe239746195574542a439d2491a0f3f2a2d764e3d90abb24cfaf40692d0e9
Instruction ID: 8566c0baceda2c5727a8425b1213297a8e6c3c46ac1f7708f5e95aedaf673be2
Opcode Fuzzy Hash: 899fe239746195574542a439d2491a0f3f2a2d764e3d90abb24cfaf40692d0e9
Instruction Fuzzy Hash: EDE065342843047FDA10E669DCC6F0677989B14728F108161F6446F3E2C5B5EC448659

Function 004678D8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 0042E1E0: SetErrorMode.KERNEL32(00008000), ref: 0042E1EA
Part of subcall function 0042E1E0: LoadLibraryA.KERNEL32(00000000,00000000,0042E234,?,00000000,0042E252,?,00008000), ref: 0042E219

GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 004678ED

Strings

SHPathPrepareForWriteA, xrefs: 004678D8
shell32.dll, xrefs: 004678E2

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressErrorLibraryLoadModeProc
String ID: SHPathPrepareForWriteA$shell32.dll
API String ID: 2492108670-2683653824
Opcode ID: c944a9074854445ab3124fdf5b50c6e0e0c2ff548dc294e090d25f8eecb682ac
Instruction ID: fa085d398d84bf6bdc376de8b0adffa78d8cd9c0cd14655664e75f653ebd6975
Opcode Fuzzy Hash: c944a9074854445ab3124fdf5b50c6e0e0c2ff548dc294e090d25f8eecb682ac
Instruction Fuzzy Hash: 90B092E0B0474092EF0077BA584AB1A1454D78079CB64883BB040AB289EE7C8A18EB9E

Function 0047A918 Relevance: 4.6, APIs: 3, Instructions: 98windowCOMMON

Download Yara Rule

APIs

GetSystemMenu.USER32(00000000,00000000,00000000,0047AA50), ref: 0047A9E8
AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 0047A9F9
AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 0047AA11

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Menu$Append$System
String ID:
API String ID: 1489644407-0
Opcode ID: f080a53e69ae36a7c53ecc201a6def57175b7aa651597f400192a04eb8f0c766
Instruction ID: 9416a2e69f94d1bacdcd5589100605e7a17a6fee69d6532038c11be2b18ca1fe
Opcode Fuzzy Hash: f080a53e69ae36a7c53ecc201a6def57175b7aa651597f400192a04eb8f0c766
Instruction Fuzzy Hash: BB31E5B07043442AE711EB359C82BAE3B945B91308F40843FB940AB2E3C67C9D18879E

Function 0044AA68 Relevance: 4.6, APIs: 3, Instructions: 74COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,?,00000000,00000000,0044AB69,?,0047B27B,?,?), ref: 0044AADD
SelectObject.GDI32(?,00000000), ref: 0044AB00
73A1A480.USER32(00000000,?,0044AB40,00000000,0044AB39,?,00000000,?,00000000,00000000,0044AB69,?,0047B27B,?,?), ref: 0044AB33

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: A480A570ObjectSelect
String ID:
API String ID: 1230475511-0
Opcode ID: 6206e762a1325ba623ac8cb259efe5e16e8ff7365d7f6aa6f873279f897fc210
Instruction ID: 5ebdf1d2f2544012dfa55b31c85aaba12dd464d1382fd60bb62d336af458de0c
Opcode Fuzzy Hash: 6206e762a1325ba623ac8cb259efe5e16e8ff7365d7f6aa6f873279f897fc210
Instruction Fuzzy Hash: 6E21C170E44248AFEB11DFA5C841B9EBBB9EB48304F4180BAF500A7281C77C9950CB2A

Function 0044A79C Relevance: 4.6, APIs: 3, Instructions: 72COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0044A828,?,0047B27B,?,?), ref: 0044A7FA
DrawTextW.USER32(?,?,00000000,?,?), ref: 0044A80D
DrawTextA.USER32(?,00000000,00000000,?,?), ref: 0044A841

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: DrawText$ByteCharMultiWide
String ID:
API String ID: 65125430-0
Opcode ID: 8317c523276f314509038111108d47a2590dbd1258818dab6b6b76e6ad298f5c
Instruction ID: 547ddd58e113f665f2c4bd30cca118ef6da0f4e8a03e0e68a63751e0d3c3e5d9
Opcode Fuzzy Hash: 8317c523276f314509038111108d47a2590dbd1258818dab6b6b76e6ad298f5c
Instruction Fuzzy Hash: 2F1108B27406047FEB00EBAA8C82D6FB7ECDB48724F10813BF504E72C0D5389E018A69

Function 004243A4 Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004243BA
TranslateMessage.USER32(?), ref: 00424437
DispatchMessageA.USER32(?), ref: 00424441

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Message$DispatchPeekTranslate
String ID:
API String ID: 4217535847-0
Opcode ID: 5ba890f0d626e851ae5eb072c17b98b7617e900c1ccbace483623866fa51125f
Instruction ID: 29ec6bb2c2fe33ce96073087ef8f049612c87f0656b6e82933878d2f51458537
Opcode Fuzzy Hash: 5ba890f0d626e851ae5eb072c17b98b7617e900c1ccbace483623866fa51125f
Instruction Fuzzy Hash: 1F11C43030435056DA20E6A4B94179B73D4CFC1708F85485EF9C957382D7BD9E4487AB

Function 004165EC Relevance: 4.5, APIs: 3, Instructions: 39COMMON

Download Yara Rule

APIs

SetPropA.USER32(00000000,00000000), ref: 00416612
SetPropA.USER32(00000000,00000000), ref: 00416627
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,00000000,00000000,?,00000000,00000000), ref: 0041664E

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Prop$Window
String ID:
API String ID: 3363284559-0
Opcode ID: b31ba192d97bc2a8128d85a50ffa45febb98a78fe245b4b5ec301087639eabad
Instruction ID: 675018db8e1bdf4ebffe2da0d9b09b3c9fe28390eae3e6cfa7bb9a74213a9f8e
Opcode Fuzzy Hash: b31ba192d97bc2a8128d85a50ffa45febb98a78fe245b4b5ec301087639eabad
Instruction Fuzzy Hash: 9DF0B271701210BFDB109B599C85FA632DCBB19B15F160176BE08EF286D6B8DD40C7A8

Function 004014E4 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004017ED), ref: 00401513
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004017ED), ref: 0040153A

Strings

@$I, xrefs: 00401522

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Virtual$AllocFree
String ID: @$I
API String ID: 2087232378-1899187264
Opcode ID: 08da3f0d1e78bfe9c634c9aa4f5f35e672582809eb99289594877bc0e4020af2
Instruction ID: 725a70dfb87e22c3967cff80d89a5dac4b2b1bb1b28326949d670fe9fc14322f
Opcode Fuzzy Hash: 08da3f0d1e78bfe9c634c9aa4f5f35e672582809eb99289594877bc0e4020af2
Instruction Fuzzy Hash: 82F0A772B0073067EB60596A4C81F5359C49FC5794F154076FD0DFF3E9D6B58C0142A9

Function 0041EDFC Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 0041EE0C
IsWindowEnabled.USER32(?), ref: 0041EE16
EnableWindow.USER32(?,00000000), ref: 0041EE3C

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Window$EnableEnabledVisible
String ID:
API String ID: 3234591441-0
Opcode ID: 26f15855b103a5989d821e845a8b5a76b466f6557515be23c42bc0ec7e566d17
Instruction ID: 96e98aa39eb8546384e417ef666d490cadeddd778781aa4cd60f09ebcc6840ac
Opcode Fuzzy Hash: 26f15855b103a5989d821e845a8b5a76b466f6557515be23c42bc0ec7e566d17
Instruction Fuzzy Hash: 65E0EDB42003016AEB11AB27DCC1B5B769CBB54354F468477AD169B2A3DA3DD8408A78

Function 004062A0 Relevance: 4.5, APIs: 3, Instructions: 7COMMON

Download Yara Rule

APIs

GlobalHandle.KERNEL32 ref: 004062A1
GlobalUnWire.KERNEL32(00000000), ref: 004062A8
GlobalFree.KERNEL32(00000000), ref: 004062AD

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Global$FreeHandleWire
String ID:
API String ID: 318822183-0
Opcode ID: 811b5650058efd060b0480522622cea17f29fa46ba8acc2a698c355084a7e242
Instruction ID: 232b5a29dca1329e6ee8fbf729e049d74cb9239d0bdd557acda0a77be920d3a5
Opcode Fuzzy Hash: 811b5650058efd060b0480522622cea17f29fa46ba8acc2a698c355084a7e242
Instruction Fuzzy Hash: 73A001C4804A04A9D80072B2080BA2F244CD8413283D0496B7440B2183883C8C40593A

Function 0047B260 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetActiveWindow.USER32(?), ref: 0047B304

Strings

InitializeWizard, xrefs: 0047B2A7

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ActiveWindow
String ID: InitializeWizard
API String ID: 2558294473-2356795471
Opcode ID: 124072f308fbbda3f3d5133afbc5e0579539145d9362100629ae5ec4042e49b8
Instruction ID: 4e25cab65ed988d36d771276a92aef87a17e854c81311b79447974de30300cc1
Opcode Fuzzy Hash: 124072f308fbbda3f3d5133afbc5e0579539145d9362100629ae5ec4042e49b8
Instruction Fuzzy Hash: CA11A330204204AFD701EB69FD45B5A77E4E755324F2084BBF40A877A1D7796C41DB5D

Function 00476018 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00476060

Strings

Failed to remove temporary directory: , xrefs: 00476079

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CountTick
String ID: Failed to remove temporary directory:
API String ID: 536389180-3544197614
Opcode ID: 8eaa77d6da94d3eb7a991c9334ea7c1cfd0c78d7d0c6d11cc61aa5cf67c36756
Instruction ID: 6ffa0d28bc3bfc953a6b8bbcd879379d441b58bb6ad8f3d837193fbc1ee90d1a
Opcode Fuzzy Hash: 8eaa77d6da94d3eb7a991c9334ea7c1cfd0c78d7d0c6d11cc61aa5cf67c36756
Instruction Fuzzy Hash: B301F530610B44AADB11EB72CC46BDF77A9DB05709FA1843BF804A7192D6BDAE08890C

Function 004757F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,?,?,00475A36,00000000,00475B70), ref: 00475835

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 00475805

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseOpen
String ID: Software\Microsoft\Windows\CurrentVersion
API String ID: 47109696-1019749484
Opcode ID: fa53c5ce891189ef9d1e8cc992b6a6fdf318a9d01ee2f73af1ff47e81a74a3e4
Instruction ID: 6f23ae70e013487785b82a96322c3c90f2bad5c8cb9ef8bfae3d8b83ecadceb2
Opcode Fuzzy Hash: fa53c5ce891189ef9d1e8cc992b6a6fdf318a9d01ee2f73af1ff47e81a74a3e4
Instruction Fuzzy Hash: A1F08231B0451467EA04B69A9C42B9EA79D9B84758F21407BF908DF342D9F99E0242AD

Function 0042DC44 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

Strings

System\CurrentControlSet\Control\Windows, xrefs: 0042DC5E

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Open
String ID: System\CurrentControlSet\Control\Windows
API String ID: 71445658-1109719901
Opcode ID: 22e0c054078c54348808a8319995cc634a026ba4b678fe1ea34de8a5361bc097
Instruction ID: 29d81e93da8360ba13d0a113dd5009aeb6b598c84d67836305bbff2bc9e8969e
Opcode Fuzzy Hash: 22e0c054078c54348808a8319995cc634a026ba4b678fe1ea34de8a5361bc097
Instruction Fuzzy Hash: B7D09E72910128BB9B109A89DC41DF7775DDB19760F44401AF904A7141C1B4AC519BE4

Function 00452758 Relevance: 3.2, APIs: 2, Instructions: 190fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(000000FF,?,00000000,0045298B,?,00000000,004529F5,?,?,-00000001,00000000,?,00476075,00000000,00475FC4,00000000), ref: 00452967
FindClose.KERNEL32(000000FF,00452992,0045298B,?,00000000,004529F5,?,?,-00000001,00000000,?,00476075,00000000,00475FC4,00000000,00000001), ref: 00452985

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Find$CloseFileNext
String ID:
API String ID: 2066263336-0
Opcode ID: 09049b30850274fb98c985aa90fa84b01608d95ba05b352687fa3fb381e1261c
Instruction ID: a46e81b432fa17c8035645edee6d72e6358aab5d3d8117a0f5ee062976db862c
Opcode Fuzzy Hash: 09049b30850274fb98c985aa90fa84b01608d95ba05b352687fa3fb381e1261c
Instruction Fuzzy Hash: 48819074A0024D9FCF11DFA5C941BEFBBB4AF4A305F1480A7D85463392D3789A4ACB98

Function 00450F64 Relevance: 3.1, APIs: 2, Instructions: 60processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(00000000,00000000,?,?,00455ECC,00000000,00455EB4,?,?,?,00000000,00450FDE,?,?,?,00000001), ref: 00450FB8
GetLastError.KERNEL32(00000000,00000000,?,?,00455ECC,00000000,00455EB4,?,?,?,00000000,00450FDE,?,?,?,00000001), ref: 00450FC0

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CreateErrorLastProcess
String ID:
API String ID: 2919029540-0
Opcode ID: f3603e2291ac4d2bff5630acf20c922798bf03bd121a7c5ca53d5b2f3657e726
Instruction ID: 90ec035facff387a728fa34ee480b9bdab906da10ba2c5f97b54275381758835
Opcode Fuzzy Hash: f3603e2291ac4d2bff5630acf20c922798bf03bd121a7c5ca53d5b2f3657e726
Instruction Fuzzy Hash: 6E115E76604208AF8B50DEADDC41DDFB7ECEB4D310B51456AFD08E3241D674EE158B64

Function 0040AF70 Relevance: 3.1, APIs: 2, Instructions: 51COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0040AF8A
FreeResource.KERNEL32(00000000,00400000,00000000,0000000A,F0E80040,00000000,?,?,0040B0E7,00000000,0040B0FF,?,?,?,00000000), ref: 0040AF9B

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Resource$FindFree
String ID:
API String ID: 4097029671-0
Opcode ID: 8c30dec602ece8ae2a8e71100469382659f92ae3bfb2da213009fea87c39b6d5
Instruction ID: 1221a5199f13f7129315330983e0874b2bf41397b47310acc6f6b643a0b38e17
Opcode Fuzzy Hash: 8c30dec602ece8ae2a8e71100469382659f92ae3bfb2da213009fea87c39b6d5
Instruction Fuzzy Hash: FB012FB1300300AFDB00EF69DC82E1A33A9EB493087108077F500BB2D0DA799C11962A

Function 0041EE4C Relevance: 3.0, APIs: 2, Instructions: 49threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0041EE9B
73A25940.USER32(00000000,0041EDFC,00000000,00000000,0041EEB8,?,00000000,0041EEEF,?,0042E7E8,?,00000001), ref: 0041EEA1

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: A25940CurrentThread
String ID:
API String ID: 2655091166-0
Opcode ID: 10cd4d059b02f226dcedeab6d983f116a71722e0e95fe1aa277000ca600bc38b
Instruction ID: ca42cadf64aab9fc9bda363da699102df16a4657dc233dc8dc005950a55e731a
Opcode Fuzzy Hash: 10cd4d059b02f226dcedeab6d983f116a71722e0e95fe1aa277000ca600bc38b
Instruction Fuzzy Hash: 8A015B79A04705AFD705CF66DC11996BBF8E789720B2388B7E804D36A0F6345810DE18

Function 004513FC Relevance: 3.0, APIs: 2, Instructions: 48fileCOMMON

Download Yara Rule

APIs

MoveFileA.KERNEL32(00000000,00000000), ref: 0045143E
GetLastError.KERNEL32(00000000,00000000,00000000,00451464), ref: 00451446

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorFileLastMove
String ID:
API String ID: 55378915-0
Opcode ID: fc062a3957a1edb5bf0d59c77c23fa964479a41f7c559747da197f0b7ccab451
Instruction ID: 85188aecbac2644b80406732be01adbb240331f4a8ceeac9c47b7ffc740a9c29
Opcode Fuzzy Hash: fc062a3957a1edb5bf0d59c77c23fa964479a41f7c559747da197f0b7ccab451
Instruction Fuzzy Hash: 6D01D671B04604AB8B01DB799C425AEB7ECDB49725760457BFC08E3252EA3C4E048959

Function 0040170C Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(00000000,00000000,00004000,?,?,?,?,?,00401973), ref: 00401766

Strings

@$I, xrefs: 0040173B, 0040177B

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: FreeVirtual
String ID: @$I
API String ID: 1263568516-1899187264
Opcode ID: b62b8f1c307d4adcebf6fa1a253ea1af05d3ba4dba9aec1dff74914ddceb4cab
Instruction ID: 8116451f728c5aa32ea3c360de9e7882c02e29ec9bc76b399c7381bc7e3fefdc
Opcode Fuzzy Hash: b62b8f1c307d4adcebf6fa1a253ea1af05d3ba4dba9aec1dff74914ddceb4cab
Instruction Fuzzy Hash: F40170766057109FC3109F29DCC0E2677E8D780378F05413EDA84673A1D37A6C0187D8

Function 00450EEC Relevance: 3.0, APIs: 2, Instructions: 43COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00450F4B), ref: 00450F25
GetLastError.KERNEL32(00000000,00000000,00000000,00450F4B), ref: 00450F2D

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: 082057bd9afaa096a0e4b8126ab3c4003cc3e6ea7bf304598bc7be587df6c026
Instruction ID: 364ad505462443d826447c2aa905436d5e11e331cb720e50727da1269184da6e
Opcode Fuzzy Hash: 082057bd9afaa096a0e4b8126ab3c4003cc3e6ea7bf304598bc7be587df6c026
Instruction Fuzzy Hash: 27F02876A04604AFCB10DF759C4299EB7E8DB09311B6049BBFC08E3242E6794E048598

Function 00451084 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000,00000000,004510E1,?,-00000001,?), ref: 004510BB
GetLastError.KERNEL32(00000000,00000000,004510E1,?,-00000001,?), ref: 004510C3

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID:
API String ID: 2018770650-0
Opcode ID: 1e6d19b18d0b7f1f4b814b2fe5639d31bbd572e79ae8d41c2ab74e80d74ea6ed
Instruction ID: 5ed2bb2a065b1eb56cf610b2c64d6d851a3618404264b5220afa4eae7dc9580f
Opcode Fuzzy Hash: 1e6d19b18d0b7f1f4b814b2fe5639d31bbd572e79ae8d41c2ab74e80d74ea6ed
Instruction Fuzzy Hash: F9F02871A04244AFCF00DFB59C4259EB7E8DB0871176089BBFC04E3692EB384E048558

Function 0045158C Relevance: 3.0, APIs: 2, Instructions: 42COMMON

Download Yara Rule

APIs

RemoveDirectoryA.KERNEL32(00000000,00000000,004515E9,?,-00000001,00000000), ref: 004515C3
GetLastError.KERNEL32(00000000,00000000,004515E9,?,-00000001,00000000), ref: 004515CB

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: DirectoryErrorLastRemove
String ID:
API String ID: 377330604-0
Opcode ID: 3de0d6eef76c1e463ac159392944c7fd45740d6beb844e58639b2c615591adf4
Instruction ID: 4a7b75eba7857019093cf0bd5fd6fc682383d33b89e08eccdc707f1e9448c37c
Opcode Fuzzy Hash: 3de0d6eef76c1e463ac159392944c7fd45740d6beb844e58639b2c615591adf4
Instruction Fuzzy Hash: F0F0F475A00608BB8B01DBB5AC4259EB3ECDB4831176049BBFC04E3242F6384E048598

Function 004231E4 Relevance: 3.0, APIs: 2, Instructions: 35COMMON

Download Yara Rule

APIs

LoadCursorA.USER32(00000000,00007F00), ref: 004231F1
LoadCursorA.USER32(00000000,00000000), ref: 0042321B

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CursorLoad
String ID:
API String ID: 3238433803-0
Opcode ID: 97721f6b4bea7dfcfee2643c439e1d77a1de27f79bc3f669c874631e657f12ca
Instruction ID: 43eb0a081647544f07c75950a444ff3626244229c91a8f980807230630bdce3f
Opcode Fuzzy Hash: 97721f6b4bea7dfcfee2643c439e1d77a1de27f79bc3f669c874631e657f12ca
Instruction Fuzzy Hash: 56F05C11740110A6D6105D7E6CC0E2A7268DBC1735B7103BBFB7BD32D2C62E5C01417D

Function 0042E1E0 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00008000), ref: 0042E1EA
LoadLibraryA.KERNEL32(00000000,00000000,0042E234,?,00000000,0042E252,?,00008000), ref: 0042E219

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: df3f20b22e32febbdad40190a0324c62e8b0ac07168a33a3d01648edd1efc6b6
Instruction ID: a5bf76ec7fc0037a961c30f1a8367ec2ab03dc69631e0c622de06244be8b127b
Opcode Fuzzy Hash: df3f20b22e32febbdad40190a0324c62e8b0ac07168a33a3d01648edd1efc6b6
Instruction Fuzzy Hash: 6CF08270B14744BEDB019F779C6282BBBECEB4DB1479248B6F800A2691E63C4C10CD39

Function 0044FC10 Relevance: 3.0, APIs: 2, Instructions: 22COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,?,00000002,?,00000080,0046A731,?,00000000), ref: 0044FC26
GetLastError.KERNEL32(?,00000000,?,00000002,?,00000080,0046A731,?,00000000), ref: 0044FC2E

Part of subcall function 0044F9CC: GetLastError.KERNEL32(0044F7E8,0044FA8E,?,00000000,?,0048FEBC,00000001,00000000,00000002,00000000,0049001D,?,?,00000005,00000000,00490051), ref: 0044F9CF

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: 7c96a5db1a3bbf5f7122b7c230bcc380228b32d8ca3eb191d321d7672d53e95a
Instruction ID: 0bfc23328500fe2646c690ed3ecabb54a6fbe8d678c9a11fa1a44a4ad9cb7e95
Opcode Fuzzy Hash: 7c96a5db1a3bbf5f7122b7c230bcc380228b32d8ca3eb191d321d7672d53e95a
Instruction Fuzzy Hash: 59E012B1304205ABFB10EA7599C1F3B22D8EB44354F00447AB944CF287E674CC0A8B25

Function 00477198 Relevance: 1.6, APIs: 1, Instructions: 128windowCOMMON

Download Yara Rule

APIs

SendNotifyMessageA.USER32(000304A0,00000496,00002711,00000000), ref: 00477350

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: MessageNotifySend
String ID:
API String ID: 3556456075-0
Opcode ID: 252e5136d57f140269efebacecac5dd0592624cb6a566e5f719c9ce0fa9de95c
Instruction ID: 16409b2b564c283e2081e6b17d670531f43b9e979188f2c8fa02a8160c9bfcf5
Opcode Fuzzy Hash: 252e5136d57f140269efebacecac5dd0592624cb6a566e5f719c9ce0fa9de95c
Instruction Fuzzy Hash: 8B4186343040009BC710FF66EC8255A77A9AB55309790C5B7B8049F3ABCA78EE06DB9D

Function 0040857C Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,004086B2), ref: 0040859B

Part of subcall function 00406D8C: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00406DA9

Part of subcall function 00408508: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,004924C0,00000001,?,004085D3,?,00000000,004086B2), ref: 00408526

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: DefaultInfoLoadLocaleStringSystem
String ID:
API String ID: 1658689577-0
Opcode ID: 80ecc8c9aace017e09db60a449651f58f9edaaa4523f5ba9ad143ce156ad8401
Instruction ID: 8b9545330178279bc2ddac5e6fa168bd58cc03261140f3a6a95c7e376186b839
Opcode Fuzzy Hash: 80ecc8c9aace017e09db60a449651f58f9edaaa4523f5ba9ad143ce156ad8401
Instruction Fuzzy Hash: 86315035E00109ABCB00EF95CC819EEB779FF84314F518577E815BB285E738AE018B98

Function 0041FB44 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

SetScrollInfo.USER32(00000000,?,?,00000001), ref: 0041FBE1

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: InfoScroll
String ID:
API String ID: 629608716-0
Opcode ID: de4704f2c710e71cab7264c2153380fdf922c8bbe904c6d895339fb26e0428f4
Instruction ID: 2699cc02af870d89e6a5ad5e313ee30afbb4c435a81dca5bff53af4edc800ccf
Opcode Fuzzy Hash: de4704f2c710e71cab7264c2153380fdf922c8bbe904c6d895339fb26e0428f4
Instruction Fuzzy Hash: E22142B16087456FC340DF39D440696BBE4BB88314F04493EE498C3741D774E996CBD6

Function 00466FE4 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 0041EE4C: GetCurrentThreadId.KERNEL32 ref: 0041EE9B
Part of subcall function 0041EE4C: 73A25940.USER32(00000000,0041EDFC,00000000,00000000,0041EEB8,?,00000000,0041EEEF,?,0042E7E8,?,00000001), ref: 0041EEA1

SHPathPrepareForWriteA.SHELL32(00000000,00000000,00000000,00000000,00000000,00467042,?,00000000,?,?,00467247,?,00000000,00467286), ref: 00467026

Part of subcall function 0041EF00: IsWindow.USER32(?), ref: 0041EF0E
Part of subcall function 0041EF00: EnableWindow.USER32(?,00000001), ref: 0041EF1D

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Window$A25940CurrentEnablePathPrepareThreadWrite
String ID:
API String ID: 390483697-0
Opcode ID: 369f86e8a7e3fc3249e22cf5b4f477e6a4efde8ea112a63605dc209f0644bffd
Instruction ID: cfd77c3cf2038ba034cdb19c096b63f1e12f26539d14daa02010a8575a632133
Opcode Fuzzy Hash: 369f86e8a7e3fc3249e22cf5b4f477e6a4efde8ea112a63605dc209f0644bffd
Instruction Fuzzy Hash: 15F02E70288300FFE3049B62ED1AB2577E8E308718F60083BF40082181E6BD4C40D52D

Function 004164F8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,00000000,00400000,?), ref: 0041652D

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: a90cc2cdc4384ce14c959999bf908b8a2b5a488b97049405d08f79aee015cd0a
Instruction ID: a820f4678b9f5f8a39c028f8276f7672b34f9079ce199e45b6728efe25cce622
Opcode Fuzzy Hash: a90cc2cdc4384ce14c959999bf908b8a2b5a488b97049405d08f79aee015cd0a
Instruction Fuzzy Hash: D5F019B2200510AFDB84CF9CD9C0F9373ECEB0C210B0481A6FA08CF24AD260EC108BB0

Function 0041495C Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?), ref: 00414997

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
Instruction ID: 59ac3629b8f45f7a6bca1b57e2bf54285868c68ba6336e642f1ef9b7bb8d2b05
Opcode Fuzzy Hash: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
Instruction Fuzzy Hash: B2F0DA762042019FC740DF6CC8C488A77E5FF89255B5546A9F989CB356C731EC54CB91

Function 0042CBB0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

Part of subcall function 0042CAA4: CharPrevA.USER32(?,00000000,?,00000001,?,?,0042CBD2,00000000,0042CBF8,?,00000001,?,?,00000000,?,0042CC4A), ref: 0042CACC

GetFileAttributesA.KERNEL32(00000000,00000000,0042CBF8,?,00000001,?,?,00000000,?,0042CC4A,00000000,004511A1,00000000,004511C2,?,00000000), ref: 0042CBDB

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AttributesCharFilePrev
String ID:
API String ID: 4082512850-0
Opcode ID: 22241e4889f104e7f41f6a8233d5b92d6a893f3137f18e20c265477f4e7dcce1
Instruction ID: bcc2a10ba17e46f4a9e3aa80fd67cbe88bd74874a982435321d161081e45760d
Opcode Fuzzy Hash: 22241e4889f104e7f41f6a8233d5b92d6a893f3137f18e20c265477f4e7dcce1
Instruction Fuzzy Hash: 96E09B71304308BFD701EF62EC93E5EBBECDB85714BA14476F400E7641D5B9AE008418

Function 0044FADC Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 0044FB1C

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: e365771525bbe6f599be3d6842bf1733d2c6ed5763df5b87705b12eab983d8cf
Instruction ID: b9ff2f1e843887c32db999b8e56f693fcf835da1e8ac5748e56ca63b18eefbc2
Opcode Fuzzy Hash: e365771525bbe6f599be3d6842bf1733d2c6ed5763df5b87705b12eab983d8cf
Instruction Fuzzy Hash: 64E092A53501083ED340EEACAC52FA337CC9319754F048033B988C7351D4619D11CBA8

Function 0042E660 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004519EF,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E67F

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 5cdf8f27468f89c1e221846afb926f353a68fd9131fa2110eec1806da2fbbfdd
Instruction ID: e1450acef62d714b472a60d6f425ebfa2555b1e5ba62ff61a1a92b84590c1f2f
Opcode Fuzzy Hash: 5cdf8f27468f89c1e221846afb926f353a68fd9131fa2110eec1806da2fbbfdd
Instruction Fuzzy Hash: 2EE020723843111AF23550676C47B7F170D4790704F9580263B10DE3D2D9AEDD0F02AD

Function 00406300 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

CreateWindowExA.USER32(00000000,00423624,00000000,94CA0000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4), ref: 00406329

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
Instruction ID: 1d12608fc0467a25e6c73015cc4d191371d7057fe5102c86e19c90aa3d4ae925
Opcode Fuzzy Hash: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
Instruction Fuzzy Hash: 4CE002B2204309BFDB00DE8ADDC1DABB7ACFB4C654F844105BB1C972428275AD608BB1

Function 0042DC0C Relevance: 1.5, APIs: 1, Instructions: 26registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DC38

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 4b7bbc01810c708f4eaeb9f3bdda72a1e52bfbbcd703bba3a005b41c2dde64c7
Instruction ID: 95aeb9dab0603b99a781f8c682cffbd0ba2012b3d2683d11ab3130478c649cf3
Opcode Fuzzy Hash: 4b7bbc01810c708f4eaeb9f3bdda72a1e52bfbbcd703bba3a005b41c2dde64c7
Instruction Fuzzy Hash: C3E07EB2600129AF9B40DE8DDC81EEB37ADAB1D350F408016FA08D7200C2B4EC519BB4

Function 00453230 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(00000000,000000FF,0046AF0D,00000000,0046BC78,?,00000000,0046BCC1,?,00000000,0046BDFA,?,00000000,?,00000000), ref: 00453246

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 15c20ed8949bce4e0717e7564957b6ac880824dbd77f88015e5955f017df5fa2
Instruction ID: f302fe2a993c29ff2beb40c6401580d32031e9c3f18c83ad647966ccae7ffc8f
Opcode Fuzzy Hash: 15c20ed8949bce4e0717e7564957b6ac880824dbd77f88015e5955f017df5fa2
Instruction Fuzzy Hash: 85E01B70508B008BCB14DF3E848135676D15F89321F04C9AABC58CB3D7DA3C85559A67

Function 00414624 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(0048DB6E,?,0048DB90,?,?,00000000,0048DB6E,?,?), ref: 00414643

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
Instruction ID: 3a83c41fa5c3d176b15f2666d2672a78f9af76d4247255e2ff0bda4df6ea0631
Opcode Fuzzy Hash: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
Instruction Fuzzy Hash: 59E012723001199F8250CE5EDC88C57FBEDEBC966130983A6F508C7306DA31EC44C7A0

Function 00406AE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

CompareStringA.KERNEL32(00000400,00000000,00000000,00000000,00000000,00000000,00000000,?,0042C585,00000000,0042C5A2,?,?,00000000,?,00000000), ref: 00406B0D

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CompareString
String ID:
API String ID: 1825529933-0
Opcode ID: f42634be0faa333b05a4ae354d565eb4a013819038b6e29f1d9658e93d9dcb4d
Instruction ID: f6665c11947ada4625099ec4a58cd3d7eb013588aad78fe549ce1534c5c33ddb
Opcode Fuzzy Hash: f42634be0faa333b05a4ae354d565eb4a013819038b6e29f1d9658e93d9dcb4d
Instruction Fuzzy Hash: DAD092D17416203BD250BA7E1C82F5B48CC8B1861FF00413AB208FB2D2C97C8F0512AE

Function 00406EB0 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406EC4

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 53bf0c971a6682272cbe113517155efe353acdf78c65c7717e273512bbedbf67
Instruction ID: 4d76dac8211929e62cce8888c47837621b30d3b0c7e20a3f427cea6db45cb60b
Opcode Fuzzy Hash: 53bf0c971a6682272cbe113517155efe353acdf78c65c7717e273512bbedbf67
Instruction Fuzzy Hash: 48D05B763082507AD620965BAC44DA76BDCCBC5770F11063EB558C71C1D6309C01C775

Function 004235F4 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 004235A0: SystemParametersInfoA.USER32(00000048,00000000,00000000,00000000), ref: 004235B5

ShowWindow.USER32(004105F8,00000009,?,00000000,0041ED4C,004238E2,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4), ref: 0042360F

Part of subcall function 004235D0: SystemParametersInfoA.USER32(00000049,00000000,00000000,00000000), ref: 004235EC

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: InfoParametersSystem$ShowWindow
String ID:
API String ID: 3202724764-0
Opcode ID: d050ecf06affd445c8476fb8db8e66551967dae665e53ebf1b4b46b6f13db43a
Instruction ID: 2a465d5d678e454343823bde05cb816eafc76b3616d44e2642b2febe52ce8396
Opcode Fuzzy Hash: d050ecf06affd445c8476fb8db8e66551967dae665e53ebf1b4b46b6f13db43a
Instruction Fuzzy Hash: F8D0A7123422343143203BB73845A8B46BC4DC62A7388043BB548CB303FD1E8F5130BC

Function 0042426C Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

SetWindowTextA.USER32(?,00000000), ref: 00424284

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 627cc26754df0e5d4ac2449ef7fa78a92304547f29cb65040aa964a78537c4ea
Instruction ID: 464bc4534e7500a79cd72818e7fe6fdc88b43f9c3cedd93f67ec80ba9b13fbd8
Opcode Fuzzy Hash: 627cc26754df0e5d4ac2449ef7fa78a92304547f29cb65040aa964a78537c4ea
Instruction Fuzzy Hash: A8D05BE270113017C741BAED54C4AC577CC4B4825671540B7F904EF257C638CD404398

Function 00453AB0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?), ref: 00453AC6

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 5296a1f906bcaa54e59ae334d9b19b6ea28d15cb2d3d13e924c6b19246622dfc
Instruction ID: 059ce6dee4a85458501d0894a56d11df68a23133cc4b2401fd590ab7d757c589
Opcode Fuzzy Hash: 5296a1f906bcaa54e59ae334d9b19b6ea28d15cb2d3d13e924c6b19246622dfc
Instruction Fuzzy Hash: 5AD0C2B120420053C701AE68DC8269B358C8B84316F10483E7CC6DA2C3E67DDF48A75A

Function 0042CC50 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,004513D1,00000000,004513EA,?,-00000001,00000000), ref: 0042CC5B

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 36a704d27392c584da48404d951af4ee67a016d0087b0b4451a7b59f91f2b214
Instruction ID: 2bac27eb1d407cf782e128ad06cad9207e8ea826622c3fbf81ad2ed97ccd6d21
Opcode Fuzzy Hash: 36a704d27392c584da48404d951af4ee67a016d0087b0b4451a7b59f91f2b214
Instruction Fuzzy Hash: 4BD012E030129015DA1459BE29C979F02888B96735FA41F7BB96CE22E2E23DCC562018

Function 0042CC08 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,00000000,0045084B,00000000), ref: 0042CC13

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 2ad41afce022a7edf35b9913b4ba60846e4e43961883ad7ce5a0ddd1fe693583
Instruction ID: 1275fb06175802a4eec18308edc692cabbb6af922db63e061f4609c964e4cce9
Opcode Fuzzy Hash: 2ad41afce022a7edf35b9913b4ba60846e4e43961883ad7ce5a0ddd1fe693583
Instruction Fuzzy Hash: 41C08CE13022001A9A1065FE2CC511F02C8891423A3A42F37F42EE33D2DA3D8C17201A

Function 00406E60 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,0040A86C,0040CE18,?,00000000,?), ref: 00406E7D

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 00499271b5b01f05d9d83e2d2f7f211c07fae1a2865fa10bd36806d3138a4949
Instruction ID: fbce42704b7dd2fd8be74a622cf743b4adaa06f64be9adac3ea2875d17ee2119
Opcode Fuzzy Hash: 00499271b5b01f05d9d83e2d2f7f211c07fae1a2865fa10bd36806d3138a4949
Instruction Fuzzy Hash: EAC048A13C130032F92035A60C87F16008C5754F0AE60C43AB740BF1C2D8E9A818022C

Function 00406EF0 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000,00492628,004906E1,00000000,00490736,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406EFB

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 34c222f4aa39b239facbaef86046878073365967e51e1b05f0a2c0fa4b12be0b
Instruction ID: f501027f96a9746725af0604134d36a8ca8c314a7ca2a7be08ed73c27bcd633e
Opcode Fuzzy Hash: 34c222f4aa39b239facbaef86046878073365967e51e1b05f0a2c0fa4b12be0b
Instruction Fuzzy Hash: 97B012E13D220A2ACE0079FE4CC191700CC462C6163405A3A3406EB1C3D93CC4180414

Function 00407248 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

SetCurrentDirectoryA.KERNEL32(00000000,?,0048FE4A,00000000,0049001D,?,?,00000005,00000000,00490051,?,?,00000000), ref: 00407253

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CurrentDirectory
String ID:
API String ID: 1611563598-0
Opcode ID: 9535ee1be264027bcd2620f9ebef8565d8f2b6e57c19aceceeb3ce428e827e8a
Instruction ID: c18bf430a4858a09d5fd0626d157798880aaaa8ea81a5298b6cf69089c3012d4
Opcode Fuzzy Hash: 9535ee1be264027bcd2620f9ebef8565d8f2b6e57c19aceceeb3ce428e827e8a
Instruction Fuzzy Hash: B0B012E03D161B27CA0079FE4CC191A01CC46292163501B3A3006E71C3D83CC8080514

Function 0044FC44 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNEL32(?,?,004599C5,00000000,00459B68,?,00000000,00000002,00000002), ref: 0044FC4B

Part of subcall function 0044F9CC: GetLastError.KERNEL32(0044F7E8,0044FA8E,?,00000000,?,0048FEBC,00000001,00000000,00000002,00000000,0049001D,?,?,00000005,00000000,00490051), ref: 0044F9CF

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorFileLast
String ID:
API String ID: 734332943-0
Opcode ID: 8565589d8368efb46956d1874a8e26a129873ee61e8d9e49f27d8550732299f7
Instruction ID: 11690378e1580f57f3c17dd11fe21b7b3ca8148d791c98b53b9e0a2d440cb67b
Opcode Fuzzy Hash: 8565589d8368efb46956d1874a8e26a129873ee61e8d9e49f27d8550732299f7
Instruction Fuzzy Hash: 4DC04CA130055197DF00A6AE85C1A0767D86E083083505076B909CF217E668D8044A18

Function 0042E23B Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,0042E259), ref: 0042E24C

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 0a051d32a78ad3617f7ea1dbaf78ac9652f3e2ca0c092313af1445ab26d6b84d
Instruction ID: 74ebc363d3dd9adc156b0186d58570fa2bbeeb99e87a8c897359723e7ad10afe
Opcode Fuzzy Hash: 0a051d32a78ad3617f7ea1dbaf78ac9652f3e2ca0c092313af1445ab26d6b84d
Instruction Fuzzy Hash: ABB09B7670C6009DB709D6D6755552D63D8D7C47203E145B7F015E2580D53C58004928

Function 00476344 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,0047A6D6), ref: 0047635A

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 89572602d291b516dbb91569fe541cff3f70df9bb6bcb712ac8eb03508536d17
Instruction ID: 33d8f5f36b897b4a22f09290cd909843d3577c0e39989f8199a04e4b2ecda284
Opcode Fuzzy Hash: 89572602d291b516dbb91569fe541cff3f70df9bb6bcb712ac8eb03508536d17
Instruction Fuzzy Hash: A8C002715507409EC760EF75DD8474536E4B716716F55C5375804DA160EB348A84CF08

Function 0047A908 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

PostMessageA.USER32(00000000,00000012,00000000,00000000), ref: 0047A910

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: fd921ee12ed53937ef9beeb787a8c4516caee7dc516e45fafbf488b4906553f2
Instruction ID: 99d67813a2b21335afc3d4281e01727494b67aba3c321737ecd4854f4d206f17
Opcode Fuzzy Hash: fd921ee12ed53937ef9beeb787a8c4516caee7dc516e45fafbf488b4906553f2
Instruction Fuzzy Hash: 5EA002343D530570F470A2514D03F5400001744F15EE1405573093D0C304D92428201E

Function 00416594 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

73A25CF0.USER32(?), ref: 0041659B

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da20a264590b8da76bcc673a24629bda81143ece4f0058ab807c22f450b41b4b
Instruction ID: 444a78761fbc6a727879d8c4239369b0bde5fc0390465f01f64749401816922a
Opcode Fuzzy Hash: da20a264590b8da76bcc673a24629bda81143ece4f0058ab807c22f450b41b4b
Instruction Fuzzy Hash: CDA002756015049ADE04A7A5C849F662298BB44204FC915F971449B092C53C99008E58

Function 0045B160 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0045B1F0

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 40e67bd12d84b901d644a32061550c5eab03b59ca4c5dcb87dd2f004890e4884
Instruction ID: 4e53742ce62a887a6b6d1ed8658a57c71b670a96a09bd10cc268158586706a5e
Opcode Fuzzy Hash: 40e67bd12d84b901d644a32061550c5eab03b59ca4c5dcb87dd2f004890e4884
Instruction Fuzzy Hash: D01175716006049BDB00EF15C88175B77A4EF8435AF04846AFD589B2C7DB38EC09CBEA

Function 0041F36C Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041ED4C,?,00423837,00423BB4,0041ED4C), ref: 0041F38A

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 12d8c903e1d35d4ed3e61744099085c4d88952c6e60055fc50c96d732ccf1ffc
Instruction ID: 0cc0efa10282cde451e00f43d434c8f6590961a15256f6519a3dd582a972fe71
Opcode Fuzzy Hash: 12d8c903e1d35d4ed3e61744099085c4d88952c6e60055fc50c96d732ccf1ffc
Instruction Fuzzy Hash: 21115E746407059BC710DF19C880B86FBE5EF98750F10C53BE9A88B785D374E945CBA9

Function 00451740 Relevance: 1.3, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,004517A9), ref: 0045178B

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 0cb30aea8e3a05673a7cba1544d5d7a5fd50794015932abe3ecd9c104f2fad2b
Instruction ID: 09dacfa996f3112939fbf8ed8dcb85d913dce43742346e85e53a3a3cb706c9d1
Opcode Fuzzy Hash: 0cb30aea8e3a05673a7cba1544d5d7a5fd50794015932abe3ecd9c104f2fad2b
Instruction Fuzzy Hash: 5E01FC396042486F8B11DF699C019AEBBECDB4D32076082B7EC68D3351D7344D159664

Function 0045B108 Relevance: 1.3, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,0045B1E6), ref: 0045B11F

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 738f9e8baf208e14bafd32a0a90fff7df9624ba6fd4da3bc033a9b1b79592317
Instruction ID: 6d5ad091bc6b63f34aeb1917c6f1250fd7e3330d7d8b7736af9f6265ced051ec
Opcode Fuzzy Hash: 738f9e8baf208e14bafd32a0a90fff7df9624ba6fd4da3bc033a9b1b79592317
Instruction Fuzzy Hash: 5BD0E9B17557045BDF90EE794C81B1677D8BB48741F5044766904DB286E774E8048A58

Non-executed Functions

Function 00422804 Relevance: 18.3, APIs: 12, Instructions: 255windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 0042299C
ShowWindow.USER32(00000000,00000003,00000000,00000223,00000000,00000000,00000000,00422B66), ref: 004229AC

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: MessageSendShowWindow
String ID:
API String ID: 1631623395-0
Opcode ID: 33f6deefbc115191b5c84462a2a0755e555bf156aa3c81b7ecc2fa94bcf53dcd
Instruction ID: 8c826587ba7af474f7b14690d684e7097f8878018e5f7bac2df75c57de2d2bfa
Opcode Fuzzy Hash: 33f6deefbc115191b5c84462a2a0755e555bf156aa3c81b7ecc2fa94bcf53dcd
Instruction Fuzzy Hash: 1791A471B00214FFD710EFA9DA86F9E77F4AB15304F5500B6F500AB2A2C7B8AE419B58

Function 0041832C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0041833B
GetWindowPlacement.USER32(?,0000002C), ref: 00418358
GetWindowRect.USER32(?), ref: 00418374
GetWindowLongA.USER32(?,000000F0), ref: 00418382
GetWindowLongA.USER32(?,000000F8), ref: 00418397
ScreenToClient.USER32(00000000), ref: 004183A0
ScreenToClient.USER32(00000000,?), ref: 004183AB

Strings

,, xrefs: 00418344

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Window$ClientLongScreen$IconicPlacementRect
String ID: ,
API String ID: 2266315723-3772416878
Opcode ID: e846b1d96ad6d403d5ac4900d6db5fa2b4fc685dffe037c5368f6a7b37d89c4b
Instruction ID: acb8bb2f18b9e5a8d0717189301f77369ef91ad6b472dfe09f3ff812f2607344
Opcode Fuzzy Hash: e846b1d96ad6d403d5ac4900d6db5fa2b4fc685dffe037c5368f6a7b37d89c4b
Instruction Fuzzy Hash: 70111971505201AFDB00DF69C885F9B77E8AF49314F18067EBD58DB286C739D900CBA9

Function 00490094 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000000,004901D2,?,?,00000000,00492628,?,0049035C,00000000,004903B0,?,?,00000000,00492628), ref: 004900EB
SetFileAttributesA.KERNEL32(00000000,00000010), ref: 0049016E
FindNextFileA.KERNEL32(000000FF,?,00000000,004901AA,?,00000000,?,00000000,004901D2,?,?,00000000,00492628,?,0049035C,00000000), ref: 00490186
FindClose.KERNEL32(000000FF,004901B1,004901AA,?,00000000,?,00000000,004901D2,?,?,00000000,00492628,?,0049035C,00000000,004903B0), ref: 004901A4

Strings

isRS-, xrefs: 0049010B
isRS-???.tmp, xrefs: 004900D5

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstNext
String ID: isRS-$isRS-???.tmp
API String ID: 134685335-3422211394
Opcode ID: 160a431573ac108ef575ece8bc46c4c7652be149d517b616ca723ce1a950838f
Instruction ID: aeb5e1c6dec8106b2d0d5562d2962c543317903ced43ff168440b54f7dc1d23c
Opcode Fuzzy Hash: 160a431573ac108ef575ece8bc46c4c7652be149d517b616ca723ce1a950838f
Instruction Fuzzy Hash: E1318671A006186FDF14EF65CC42ACEBBBDDB49314F5184B7A808B32A1D7389F458E58

Function 00476A70 Relevance: 9.2, APIs: 6, Instructions: 195fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,?,00000000,?,00000000,00476D36,?,00000000,?,00000000,?,00476E7A,00000000,00000000), ref: 00476AD1
FindNextFileA.KERNEL32(000000FF,?,00000000,00476BE1,?,00000000,?,?,00000000,?,00000000,00476D36,?,00000000,?,00000000), ref: 00476BBD
FindClose.KERNEL32(000000FF,00476BE8,00476BE1,?,00000000,?,?,00000000,?,00000000,00476D36,?,00000000,?,00000000), ref: 00476BDB
FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,00000000,?,00000000,00476D36,?,00000000,?,00000000,?,00476E7A,00000000), ref: 00476C34

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Find$File$First$CloseNext
String ID:
API String ID: 2001080981-0
Opcode ID: d6b190be8b29de455945e98b2d6bfad648fbc177e995be75712dfce5e4038bd6
Instruction ID: 14931f8a0e3cac93bb735ea196381e3f6523e98b7e5ca17cfb4e14f2e37d7476
Opcode Fuzzy Hash: d6b190be8b29de455945e98b2d6bfad648fbc177e995be75712dfce5e4038bd6
Instruction Fuzzy Hash: 8F716F7090061DAFCF21EFA5CC41ADFBBB9EB49304F5184AAE408A7291D7399A45CF58

Function 0047C25C Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0047C29A
GetWindowLongA.USER32(00000000,000000F0), ref: 0047C2B8
ShowWindow.USER32(00000000,00000005,00000000,000000F0,00492F5C,0047BAE6,0047BB1A,00000000,0047BB3A,?,?,00000001,00492F5C), ref: 0047C2DA
ShowWindow.USER32(00000000,00000000,00000000,000000F0,00492F5C,0047BAE6,0047BB1A,00000000,0047BB3A,?,?,00000001,00492F5C), ref: 0047C2EE

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Window$Show$IconicLong
String ID:
API String ID: 2754861897-0
Opcode ID: 5cf4e840f6cae0d42adc91e8194042c6acd159831c0ac579fbadf4d2d52173ba
Instruction ID: fd372386a479fdc92fac3e2ef30eced7ce39e9e6ab59154070fbeb580aa605ee
Opcode Fuzzy Hash: 5cf4e840f6cae0d42adc91e8194042c6acd159831c0ac579fbadf4d2d52173ba
Instruction Fuzzy Hash: E9017970E44245B6D710A7B5DD85FE633D56B15304F1840BFB8099B2A7CBBDCC42961C

Function 0048A9FC Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 431sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000,00000000,0048AEF1,?,?,?,?,00000000,00000000,00000000), ref: 0048AA3C
FindWindowA.USER32(00000000,00000000), ref: 0048AA6D

Strings

SENDNOTIFYMESSAGE, xrefs: 0048AB73
CREATEMUTEX, xrefs: 0048AE1D
CHARTOOEMBUFF, xrefs: 0048AE92
SENDBROADCASTMESSAGE, xrefs: 0048AC09
FREEDLL, xrefs: 0048ADE8
LOADDLL, xrefs: 0048ACFF
SLEEP, xrefs: 0048AA26
OEMTOCHARBUFF, xrefs: 0048AE4F
CALLDLLPROC, xrefs: 0048AD61
SENDBROADCASTNOTIFYMESSAGE, xrefs: 0048ACAB
POSTMESSAGE, xrefs: 0048AB17
POSTBROADCASTMESSAGE, xrefs: 0048AC57
SENDMESSAGE, xrefs: 0048AAC1
FINDWINDOWBYWINDOWNAME, xrefs: 0048AA85
FINDWINDOWBYCLASSNAME, xrefs: 0048AA49
REGISTERWINDOWMESSAGE, xrefs: 0048ABCF

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: FindSleepWindow
String ID: CALLDLLPROC$CHARTOOEMBUFF$CREATEMUTEX$FINDWINDOWBYCLASSNAME$FINDWINDOWBYWINDOWNAME$FREEDLL$LOADDLL$OEMTOCHARBUFF$POSTBROADCASTMESSAGE$POSTMESSAGE$REGISTERWINDOWMESSAGE$SENDBROADCASTMESSAGE$SENDBROADCASTNOTIFYMESSAGE$SENDMESSAGE$SENDNOTIFYMESSAGE$SLEEP
API String ID: 3078808852-3310373309
Opcode ID: 0f824bb6d7cbe04a6029fc36d0ccde11824ef55db3fff2ed3095ac2b69fb24d6
Instruction ID: 235d6cf6b0db6f7ade2b2b1cdaf506c84c5948104d9e726c8462171498c33706
Opcode Fuzzy Hash: 0f824bb6d7cbe04a6029fc36d0ccde11824ef55db3fff2ed3095ac2b69fb24d6
Instruction Fuzzy Hash: 52C183A0B402116BE714BF3E8C4252E559A9F95705B12CD3FB406DB78ACEBCDC1A435E

Function 004566B8 Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 186pipeprocessfileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0045671F
QueryPerformanceCounter.KERNEL32(00000000,00000000,004569B2,?,?,00000000,00000000,?,004570AE,?,00000000,00000000), ref: 00456728
GetSystemTimeAsFileTime.KERNEL32(00000000,00000000), ref: 00456732
GetCurrentProcessId.KERNEL32(?,00000000,00000000,004569B2,?,?,00000000,00000000,?,004570AE,?,00000000,00000000), ref: 0045673B
CreateNamedPipeA.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 004567B1
GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000,?,00000000,00000000), ref: 004567BF
CreateFileA.KERNEL32(00000000,C0000000,00000000,00491A80,00000003,00000000,00000000,00000000,0045696E), ref: 00456807
SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,0045695D,?,00000000,C0000000,00000000,00491A80,00000003,00000000,00000000,00000000,0045696E), ref: 00456840

Part of subcall function 0042D7A8: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D7BB

CreateProcessA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 004568E9
CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0045691F
CloseHandle.KERNEL32(000000FF,00456964,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00456957

Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B

Strings

Helper process PID: %u, xrefs: 0045693C
CreateNamedPipe, xrefs: 004567CF
64-bit helper EXE wasn't extracted, xrefs: 00456713
Cannot utilize 64-bit features on this version of Windows, xrefs: 00456700
\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x, xrefs: 00456787
SetNamedPipeHandleState, xrefs: 00456849
CreateFile, xrefs: 00456815
helper %d 0x%x, xrefs: 004568C8
D, xrefs: 00456862
h, xrefs: 0045689C
CreateProcess, xrefs: 004568F2
Starting 64-bit helper process., xrefs: 004566ED

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$h$helper %d 0x%x
API String ID: 770386003-3739555822
Opcode ID: 12990583c43677890b3172fac6db0111b3e08eff4e7b9a172314e4e4284cd7a6
Instruction ID: 11cc02d5b4c65d74a0167c6227b1ef0bb38041da715edce79722e55ed4dc78f9
Opcode Fuzzy Hash: 12990583c43677890b3172fac6db0111b3e08eff4e7b9a172314e4e4284cd7a6
Instruction Fuzzy Hash: FD713370A00744AEDB11DB69CC41B9EBBF8EB09305F5181BAF908FB282D7785944CF69

Function 0041C9B4 Relevance: 33.2, APIs: 22, Instructions: 213windowCOMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,?,0041A8EC,?), ref: 0041C9E8
73A24C40.GDI32(?,00000000,?,0041A8EC,?), ref: 0041C9F4
73A26180.GDI32(0041A8EC,?,00000001,00000001,00000000,00000000,0041CC0A,?,?,00000000,?,0041A8EC,?), ref: 0041CA18
73A24C00.GDI32(?,0041A8EC,?,00000000,0041CC0A,?,?,00000000,?,0041A8EC,?), ref: 0041CA28
SelectObject.GDI32(0041CDE4,00000000), ref: 0041CA43
FillRect.USER32(0041CDE4,?,?), ref: 0041CA7E
SetTextColor.GDI32(0041CDE4,00000000), ref: 0041CA93
SetBkColor.GDI32(0041CDE4,00000000), ref: 0041CAAA
PatBlt.GDI32(0041CDE4,00000000,00000000,0041A8EC,?,00FF0062), ref: 0041CAC0
73A24C40.GDI32(?,00000000,0041CBC3,?,0041CDE4,00000000,?,0041A8EC,?,00000000,0041CC0A,?,?,00000000,?,0041A8EC), ref: 0041CAD3
SelectObject.GDI32(00000000,00000000), ref: 0041CB04
73A18830.GDI32(00000000,00000000,00000001,00000000,00000000,00000000,0041CBB2,?,?,00000000,0041CBC3,?,0041CDE4,00000000,?,0041A8EC), ref: 0041CB1C
73A122A0.GDI32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CBB2,?,?,00000000,0041CBC3,?,0041CDE4,00000000,?), ref: 0041CB25
73A18830.GDI32(0041CDE4,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CBB2,?,?,00000000,0041CBC3), ref: 0041CB34
73A122A0.GDI32(0041CDE4,0041CDE4,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CBB2,?,?,00000000,0041CBC3), ref: 0041CB3D
SetTextColor.GDI32(00000000,00000000), ref: 0041CB56
SetBkColor.GDI32(00000000,00000000), ref: 0041CB6D
73A24D40.GDI32(0041CDE4,00000000,00000000,0041A8EC,?,00000000,00000000,00000000,00CC0020,00000000,00000000,00000000,0041CBB2,?,?,00000000), ref: 0041CB89
SelectObject.GDI32(00000000,?), ref: 0041CB96
DeleteDC.GDI32(00000000), ref: 0041CBAC

Part of subcall function 0041A000: GetSysColor.USER32(?), ref: 0041A00A

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Color$ObjectSelect$A122A18830Text$A26180A570DeleteFillRect
String ID:
API String ID: 1381628555-0
Opcode ID: c8262b5c9687899cb3da658a9da79215068cbf101d5c2b8ed1964b5729b21c16
Instruction ID: ff179a34f285c3436bc621bb31859736a2280516ecfda4d40c06e70735cb6950
Opcode Fuzzy Hash: c8262b5c9687899cb3da658a9da79215068cbf101d5c2b8ed1964b5729b21c16
Instruction Fuzzy Hash: 8E61DE71A44608ABDF10EBE9DC86FDFB7B8EF48704F10446AF504E7281D67CA9408B69

Function 004903C0 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 251synchronizationCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(?,00000005,00000000,00490758,?,?,00000000,?,00000000,00000000,?,00490A99,00000000,00490AA3,?,00000000), ref: 00490443
CreateMutexA.KERNEL32(00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00490758,?,?,00000000,?,00000000,00000000,?,00490A99,00000000), ref: 00490456
ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00490758,?,?,00000000,?,00000000,00000000), ref: 00490466
MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00490487
ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00490758,?,?,00000000,?,00000000), ref: 00490497

Part of subcall function 0042D330: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D3BE,?,?,00000000,?,?,0048FE54,00000000,0049001D,?,?,00000005), ref: 0042D365

Strings

Inno-Setup-RegSvr-Mutex, xrefs: 0049044D
.lst, xrefs: 004904D4
/REG, xrefs: 004903F5
/REGU, xrefs: 00490419
Setup, xrefs: 0049042F
.msg, xrefs: 004904BA

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ShowWindow$CreateFileModuleMultipleMutexNameObjectsWait
String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
API String ID: 2000705611-3672972446
Opcode ID: dbf640bbbb433bf96a31ae5329e44f73dea8e4b7bf11ba219817e0df0dea0d3d
Instruction ID: 6666ff25eec7c53b5eb866eda449138b93a1580bdca8663c56f4b5746ffc9271
Opcode Fuzzy Hash: dbf640bbbb433bf96a31ae5329e44f73dea8e4b7bf11ba219817e0df0dea0d3d
Instruction Fuzzy Hash: 4E91C430A04244AFDF11EBA5C852BAF7BB4EB49314F5144B7F900AB692C77CAC15CB69

Function 0045A0E8 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 172libraryloadermemoryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32 ref: 0045A102
GetModuleHandleA.KERNEL32(advapi32.dll), ref: 0045A122
GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoA), ref: 0045A12F
GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoA), ref: 0045A13C
GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 0045A14A
AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045A31E), ref: 0045A1E9
GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045A31E), ref: 0045A1F2
LocalFree.KERNEL32(?,0045A2CC), ref: 0045A2BF

Strings

SetNamedSecurityInfoA, xrefs: 0045A136
advapi32.dll, xrefs: 0045A11D
W, xrefs: 0045A200
GetNamedSecurityInfoA, xrefs: 0045A129
SetEntriesInAclW, xrefs: 0045A144

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressProc$AllocateErrorFreeHandleInitializeLastLocalModuleVersion
String ID: GetNamedSecurityInfoA$SetEntriesInAclW$SetNamedSecurityInfoA$W$advapi32.dll
API String ID: 4088882585-3389539026
Opcode ID: 23972e836f43ceaa603229ab9895b7a465ff4bffcad2d0873925f749a3d20612
Instruction ID: 53dbb0a0fcd2a75aff2a5c1782a6a4235bf2da2959e2968fa151a2620b62acf5
Opcode Fuzzy Hash: 23972e836f43ceaa603229ab9895b7a465ff4bffcad2d0873925f749a3d20612
Instruction Fuzzy Hash: 045182B1900608AFDB10DF99C845BAEB7F8EB08315F10816AF904F7382D2799E55CF69

Function 00456B34 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 00456B6B
TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00456B87
WaitForSingleObject.KERNEL32(?,00002710,?), ref: 00456B95
GetExitCodeProcess.KERNEL32(?), ref: 00456BA6
CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00456BED
Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00456C09

Strings

Stopping 64-bit helper process. (PID: %u), xrefs: 00456B5D
Helper process exited with failure code: 0x%x, xrefs: 00456BD3
Helper process exited., xrefs: 00456BB5
Helper process exited, but failed to get exit code., xrefs: 00456BDF
Helper isn't responding; killing it., xrefs: 00456B77

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
API String ID: 3355656108-1243109208
Opcode ID: 5b56649a2d40bba37211ef4175ca1734cbb3bde7ff93420d1052a04aac8d11c1
Instruction ID: 9d7a733ba7e4b400d55abe2d76827c4ec82c7121443a5166b5708a03c4d9d847
Opcode Fuzzy Hash: 5b56649a2d40bba37211ef4175ca1734cbb3bde7ff93420d1052a04aac8d11c1
Instruction Fuzzy Hash: 37217C70604B009ADB20E779C446B5BB7D49F08315F81882FB8D9CB293D67CF8488B6A

Function 00452B60 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 228registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC0C: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DC38

RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,00452D37,?,00000000,00452DFB), ref: 00452C87
RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,00000001,?,00000000,?,00000000,00452D37,?,00000000,00452DFB), ref: 00452DC3

Part of subcall function 0042E660: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004519EF,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E67F

Strings

RegCreateKeyEx, xrefs: 00452BFB
Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00452BCF
Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00452B9F
, xrefs: 00452BE9

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseCreateFormatMessageQueryValue
String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
API String ID: 2481121983-1280779767
Opcode ID: 66baab5907fa7f6c1d6acc57c96a6219ca8c8a3b312e1e0647538ab3802e66a7
Instruction ID: 541388b9b65ddcc629600b839954f269b6f8816a0d78520760673cf251dcd2db
Opcode Fuzzy Hash: 66baab5907fa7f6c1d6acc57c96a6219ca8c8a3b312e1e0647538ab3802e66a7
Instruction Fuzzy Hash: A381ED75A00209ABDB01DFD5D941BEEB7B9EF49305F50442BF900F7282D778AA09CB69

Function 0045E0C0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON

Download Yara Rule

APIs

GetActiveWindow.USER32 ref: 0045E0CC
GetModuleHandleA.KERNEL32(user32.dll), ref: 0045E0E0
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0045E0ED
GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0045E0FA
GetWindowRect.USER32(?,00000000), ref: 0045E146
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 0045E184

Strings

user32.dll, xrefs: 0045E0DB
(, xrefs: 0045E125
MonitorFromWindow, xrefs: 0045E0E7
GetMonitorInfoA, xrefs: 0045E0F4

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Window$AddressProc$ActiveHandleModuleRect
String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
API String ID: 2610873146-3407710046
Opcode ID: 170c59ca9b76ed583b93d1e9080623799a3cea187bf70a9d391bc38250018019
Instruction ID: ef411939a0946b870fd052df56d83547aac6ed7b4a766e15f820ec3551d64de0
Opcode Fuzzy Hash: 170c59ca9b76ed583b93d1e9080623799a3cea187bf70a9d391bc38250018019
Instruction Fuzzy Hash: CE21D475705B04AFD3149669CD81F3F3299DB88B11F08453AFD44DB382DA78DD068AA9

Function 0042EA60 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON

Download Yara Rule

APIs

GetActiveWindow.USER32 ref: 0042EA6C
GetModuleHandleA.KERNEL32(user32.dll), ref: 0042EA80
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0042EA8D
GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0042EA9A
GetWindowRect.USER32(?,00000000), ref: 0042EAE6
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 0042EB24

Strings

GetMonitorInfoA, xrefs: 0042EA94
(, xrefs: 0042EAC5
user32.dll, xrefs: 0042EA7B
MonitorFromWindow, xrefs: 0042EA87

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Window$AddressProc$ActiveHandleModuleRect
String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
API String ID: 2610873146-3407710046
Opcode ID: c76122e987ccbbf4ad122bf975a6ea2cd69e31ff1eab506a42aecdfe1b08b63b
Instruction ID: de6f8a07dda85d31b5a5cc2262033447bbfd7554ac1e79db9a4c9fe52e5b2086
Opcode Fuzzy Hash: c76122e987ccbbf4ad122bf975a6ea2cd69e31ff1eab506a42aecdfe1b08b63b
Instruction Fuzzy Hash: 2A21C271701614AFD700EA79DCD1F3B3B98DB88710F48452AF945DB382DA78FC008AA9

Function 00456D0C Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127pipeCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00456EEB,?,00000000,00456F4E,?,?,00000000,00000000), ref: 00456D69
TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00002034,00000014,00000000,?,00000000,00456E80,?,00000000,00000001,00000000,00000000,00000000,00456EEB), ref: 00456DC6
GetLastError.KERNEL32(?,-00000020,0000000C,-00002034,00000014,00000000,?,00000000,00456E80,?,00000000,00000001,00000000,00000000,00000000,00456EEB), ref: 00456DD3
MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00456E1F
GetOverlappedResult.KERNEL32(?,?,00000000,00000001,00456E59,?,-00000020,0000000C,-00002034,00000014,00000000,?,00000000,00456E80,?,00000000), ref: 00456E45
GetLastError.KERNEL32(?,?,00000000,00000001,00456E59,?,-00000020,0000000C,-00002034,00000014,00000000,?,00000000,00456E80,?,00000000), ref: 00456E4C

Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B

Strings

TransactNamedPipe, xrefs: 00456DDF
CreateEvent, xrefs: 00456D77

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
String ID: CreateEvent$TransactNamedPipe
API String ID: 2182916169-3012584893
Opcode ID: 48229fdc3ef61929d6ac761d7619ebca0006deda708ad69f0594bdf8de0f3da7
Instruction ID: 3505877414f257bb21a012f26b9d0d7704acec035ae139655f100219df004d2f
Opcode Fuzzy Hash: 48229fdc3ef61929d6ac761d7619ebca0006deda708ad69f0594bdf8de0f3da7
Instruction Fuzzy Hash: 6C41C275A00208AFDB05DF95CD82F9EB7F9FB08714F5140AAF904E7292C6789E44CB68

Function 00454B2C Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 99libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,00454C91,?,?,00000031,?), ref: 00454B54
GetProcAddress.KERNEL32(00000000,OLEAUT32.DLL), ref: 00454B5A
LoadTypeLib.OLEAUT32(00000000,?), ref: 00454BA7

Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B

Strings

UnRegisterTypeLib, xrefs: 00454B4A
LoadTypeLib, xrefs: 00454BB2
GetProcAddress, xrefs: 00454B67
ITypeLib::GetLibAttr, xrefs: 00454BDD
UnRegisterTypeLib, xrefs: 00454C13
OLEAUT32.DLL, xrefs: 00454B4F

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressErrorHandleLastLoadModuleProcType
String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
API String ID: 1914119943-2711329623
Opcode ID: 12a9c4858e22de83489c89b1158ee9c10e057dde659f6e5fdc5b29827f952d42
Instruction ID: e4400bf96c166b5c8e97fc258379556c86f091726ab19f10260670aaeab998db
Opcode Fuzzy Hash: 12a9c4858e22de83489c89b1158ee9c10e057dde659f6e5fdc5b29827f952d42
Instruction Fuzzy Hash: 3831B475600604AFDB12EFAACC01E5BB7B9EBC870971144AAF814DB752DA38D984C628

Function 0042E264 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042E369,?,?,00000001,00000000,?,?,00000001,00000000,00000002,00000000,0047A008), ref: 0042E28D
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042E293
RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042E369,?,?,00000001,00000000,?,?,00000001), ref: 0042E2E1

Strings

Locale, xrefs: 0042E2D0
.DEFAULT\Control Panel\International, xrefs: 0042E2B8
kernel32.dll, xrefs: 0042E288
GetUserDefaultUILanguage, xrefs: 0042E283
Control Panel\Desktop\ResourceLocale, xrefs: 0042E2F0

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: d88a83e1e179ac9b95db9d86747543ce99db7371ea0d88e808458d3db9cfa7b7
Instruction ID: b5527917e10b0fb8c326f7aa8ff769b2caa43ea40ee794feba058f86ebb39bc0
Opcode Fuzzy Hash: d88a83e1e179ac9b95db9d86747543ce99db7371ea0d88e808458d3db9cfa7b7
Instruction Fuzzy Hash: 0C215334B00219EBDB00EBA7DC55A9F77A9EB44705FA0447BA900E7291DBBC9A05CB5C

Function 00404ABF Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B46
GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B6A
SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B86
ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00404BA7
SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00404BD0
SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00404BDA
GetStdHandle.KERNEL32(000000F5), ref: 00404BFA
GetFileType.KERNEL32(?,000000F5), ref: 00404C11
CloseHandle.KERNEL32(?,?,000000F5), ref: 00404C2C
GetLastError.KERNEL32(000000F5), ref: 00404C46

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
String ID:
API String ID: 1694776339-0
Opcode ID: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
Instruction ID: 0555156f4d2a620bb114dc01d937536d57074fdea11cd86abdfeb4dd56d828b4
Opcode Fuzzy Hash: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
Instruction Fuzzy Hash: 3741B3F02093009AF7305E248905B2375E5EBC0755F208E3FE296BA6E0D7BDE8458B1D

Function 00422190 Relevance: 15.1, APIs: 10, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetSystemMenu.USER32(00000000,00000000), ref: 004221DB
DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 004221F9
DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422206
DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422213
DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422220
DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 0042222D
DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 0042223A
DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 00422247
EnableMenuItem.USER32(00000000,0000F020,00000001), ref: 00422265
EnableMenuItem.USER32(00000000,0000F030,00000001), ref: 00422281

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Menu$Delete$EnableItem$System
String ID:
API String ID: 3985193851-0
Opcode ID: 2ac919316b1e548bcce60f4eb3ccb73fb66cb5d1796470b9090fa35795744f24
Instruction ID: 142bb334ff85b79c2121110e2d141a600bd35af2d4b4289324417f29a70e323f
Opcode Fuzzy Hash: 2ac919316b1e548bcce60f4eb3ccb73fb66cb5d1796470b9090fa35795744f24
Instruction Fuzzy Hash: 802136703457457BE720D725DD8BFAB7AD89B08708F0440A5B6447F2D3C6FDEA4086A8

Function 00418BFC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(0000000E), ref: 00418C18
GetSystemMetrics.USER32(0000000D), ref: 00418C20
6F552980.COMCTL32(00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C26

Part of subcall function 00409958: 6F54C400.COMCTL32((&I,000000FF,00000000,00418C54,00000000,00418CB0,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 0040995C

6F5BCB00.COMCTL32((&I,00000000,00000000,00000000,00000000,00418CB0,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C76
6F5BC740.COMCTL32(00000000,?,(&I,00000000,00000000,00000000,00000000,00418CB0,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001), ref: 00418C81
6F5BCB00.COMCTL32((&I,00000001,?,?,00000000,?,(&I,00000000,00000000,00000000,00000000,00418CB0,?,00000000,0000000D,00000000), ref: 00418C94
6F550860.COMCTL32((&I,00418CB7,?,00000000,?,(&I,00000000,00000000,00000000,00000000,00418CB0,?,00000000,0000000D,00000000,0000000E), ref: 00418CAA

Strings

(&I, xrefs: 00418C4C, 00418C64, 00418C72, 00418C90, 00418CA6, 00418C75, 00418C93, 00418CA9

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: MetricsSystem$C400C740F550860F552980
String ID: (&I
API String ID: 1828538299-96580698
Opcode ID: cb724f8f61eeec6223193507a99a441db1e856c55be7018474d1ece8e95461e9
Instruction ID: 46645d9a52805bd5c852c20026195d53dd59d6b8e5b8ddd5dae0d8f2325046d5
Opcode Fuzzy Hash: cb724f8f61eeec6223193507a99a441db1e856c55be7018474d1ece8e95461e9
Instruction Fuzzy Hash: 8B113671B44604BBDB10EBA5DC82F5EB3B8DB48714F50446EBA04F73D2EAB99D408768

Function 0045A7A8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,inflateInit_), ref: 0045A7B1
GetProcAddress.KERNEL32(00000000,inflate), ref: 0045A7C1
GetProcAddress.KERNEL32(00000000,inflateEnd), ref: 0045A7D1
GetProcAddress.KERNEL32(00000000,inflateReset), ref: 0045A7E1

Strings

inflateInit_, xrefs: 0045A7AB
inflateEnd, xrefs: 0045A7CB
inflateReset, xrefs: 0045A7DB
inflate, xrefs: 0045A7BB

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressProc
String ID: inflate$inflateEnd$inflateInit_$inflateReset
API String ID: 190572456-3516654456
Opcode ID: 3dffc787503262894019984b3336cae492994a29c5f4e8bedd10a62cfa1da0e0
Instruction ID: 8bdbbd7099bf23791bc9fd54354aee5868bc2dbadb77176a7910e3edbd90d505
Opcode Fuzzy Hash: 3dffc787503262894019984b3336cae492994a29c5f4e8bedd10a62cfa1da0e0
Instruction Fuzzy Hash: 8E0125B0500B00EED728EF32AE8872336B5A764345F14C17B9805652BBDBF8045EDA1D

Function 0041A884 Relevance: 13.7, APIs: 9, Instructions: 176windowCOMMON

Download Yara Rule

APIs

SetBkColor.GDI32(?,00000000), ref: 0041A961
73A24D40.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020,?,00000000), ref: 0041A99B
SetBkColor.GDI32(?,?), ref: 0041A9B0
StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00CC0020), ref: 0041A9FA
SetTextColor.GDI32(00000000,00000000), ref: 0041AA05
SetBkColor.GDI32(00000000,00FFFFFF), ref: 0041AA15
StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00E20746), ref: 0041AA54
SetTextColor.GDI32(00000000,00000000), ref: 0041AA5E
SetBkColor.GDI32(00000000,?), ref: 0041AA6B

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Color$StretchText
String ID:
API String ID: 2984075790-0
Opcode ID: c5f223bee4bb783086f44ddf098ec2f005a4e4987d44d46892a6de9d9b7dd681
Instruction ID: e254907fa32ae31809fa254cf51b9897988a5b4c94e3051facbc65a4db038bdb
Opcode Fuzzy Hash: c5f223bee4bb783086f44ddf098ec2f005a4e4987d44d46892a6de9d9b7dd681
Instruction Fuzzy Hash: 6161E5B5A00105EFCB40EFA9D985E9AB7F8EF08314B11856AF518DB262C734ED41CF69

Function 0044C864 Relevance: 13.6, APIs: 9, Instructions: 90COMMON

Download Yara Rule

APIs

OffsetRect.USER32(?,00000001,00000001), ref: 0044C895
GetSysColor.USER32(00000014), ref: 0044C89C
SetTextColor.GDI32(00000000,00000000), ref: 0044C8B4
DrawTextA.USER32(00000000,00000000,00000000), ref: 0044C8DD
OffsetRect.USER32(?,000000FF,000000FF), ref: 0044C8E7
GetSysColor.USER32(00000010), ref: 0044C8EE
SetTextColor.GDI32(00000000,00000000), ref: 0044C906
DrawTextA.USER32(00000000,00000000,00000000), ref: 0044C92F
DrawTextA.USER32(00000000,00000000,00000000), ref: 0044C95A

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Text$Color$Draw$OffsetRect
String ID:
API String ID: 1005981011-0
Opcode ID: 57028361129e52f9431e5318b710a4d40606affc4f959fc4e5e926226b5bbf1d
Instruction ID: b575c18274847aba3012457626d0aaea5839951ed62bd291699816a0262c3fb5
Opcode Fuzzy Hash: 57028361129e52f9431e5318b710a4d40606affc4f959fc4e5e926226b5bbf1d
Instruction Fuzzy Hash: 0321A0B42016047FC710FB6ACD8AE9B7BDCDF19319B04457AB918EB3A3C678DD408669

Function 0048E658 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

Part of subcall function 0044FC44: SetEndOfFile.KERNEL32(?,?,004599C5,00000000,00459B68,?,00000000,00000002,00000002), ref: 0044FC4B

Part of subcall function 00406EF0: DeleteFileA.KERNEL32(00000000,00492628,004906E1,00000000,00490736,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406EFB

GetWindowThreadProcessId.USER32(00000000,?), ref: 0048E6E9
OpenProcess.KERNEL32(00100000,00000000,?,00000000,?), ref: 0048E6FD
SendNotifyMessageA.USER32(00000000,0000054D,00000000,00000000), ref: 0048E717
WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 0048E723
CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 0048E729
Sleep.KERNEL32(000001F4,00000000,0000054D,00000000,00000000,00000000,?), ref: 0048E73C

Strings

Deleting Uninstall data files., xrefs: 0048E65F

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: FileProcess$CloseDeleteHandleMessageNotifyObjectOpenSendSingleSleepThreadWaitWindow
String ID: Deleting Uninstall data files.
API String ID: 1570157960-2568741658
Opcode ID: 9d067bf5239d494c11ca6ea2ee92c558df55eaca7c9a40dc827b20b8e50aa70c
Instruction ID: 7eb9b81ebef4b9935662b2bd99c088e093be0b50f7952a605171971ca98b3156
Opcode Fuzzy Hash: 9d067bf5239d494c11ca6ea2ee92c558df55eaca7c9a40dc827b20b8e50aa70c
Instruction Fuzzy Hash: 5B216F74744204BEE721FBBADC86B2B3698E759319F50053BF9119A1A2DA789D009B1C

Function 0046A7E4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registrywindowCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,0046A8E1,?,?,?,?,00000000), ref: 0046A84B
RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,0046A8E1), ref: 0046A862
AddFontResourceA.GDI32(00000000), ref: 0046A87F
SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 0046A893

Strings

AddFontResource, xrefs: 0046A89D
Failed to open Fonts registry key., xrefs: 0046A869
Failed to set value in Fonts registry key., xrefs: 0046A854

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseFontMessageNotifyOpenResourceSendValue
String ID: AddFontResource$Failed to open Fonts registry key.$Failed to set value in Fonts registry key.
API String ID: 955540645-649663873
Opcode ID: ae9982a05bde811bfe0868716fd7999744774e57fb2a969e279159a66ed717ca
Instruction ID: 1afd192ee4ee27fe0430144d256ae41832f88f75df52154e79e2d4afe470c12e
Opcode Fuzzy Hash: ae9982a05bde811bfe0868716fd7999744774e57fb2a969e279159a66ed717ca
Instruction Fuzzy Hash: 2D2191707406047AE710BB668C42B6E679CDB45704F604437B900FB2C2E67CDE169A6F

Function 0045E500 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004163B8: GetClassInfoA.USER32(00400000,?,?), ref: 00416427
Part of subcall function 004163B8: UnregisterClassA.USER32(?,00400000), ref: 00416453
Part of subcall function 004163B8: RegisterClassA.USER32(?), ref: 00416476

GetVersion.KERNEL32 ref: 0045E530
SendMessageA.USER32(00000000,0000112C,00000004,00000004), ref: 0045E56E
SHGetFileInfo.SHELL32(0045E60C,00000000,?,00000160,00004011), ref: 0045E58B
LoadCursorA.USER32(00000000,00007F02), ref: 0045E5A9
SetCursor.USER32(00000000,00000000,00007F02,0045E60C,00000000,?,00000160,00004011), ref: 0045E5AF
SetCursor.USER32(?,0045E5EF,00007F02,0045E60C,00000000,?,00000160,00004011), ref: 0045E5E2

Strings

Explorer, xrefs: 0045E54A

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ClassCursor$Info$FileLoadMessageRegisterSendUnregisterVersion
String ID: Explorer
API String ID: 2594429197-512347832
Opcode ID: 44ed0ca624a1cd5d95eb69d271add9d9406dbf97ef5e7c849db83608b26f9dff
Instruction ID: e5db7c9749215eeb2d02e5ed912e0b3fe28138e3e2d2d7ddb3fe69776e4d8daf
Opcode Fuzzy Hash: 44ed0ca624a1cd5d95eb69d271add9d9406dbf97ef5e7c849db83608b26f9dff
Instruction Fuzzy Hash: 80213D717803087AEB14BBB69C47B9A36889B05709F4100BFBE05EA1C3EDBC8D05866C

Function 0045E910 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 273COMMON

Download Yara Rule

APIs

LoadCursorA.USER32(00000000,00007F02), ref: 0045EA14
SetCursor.USER32(00000000,00000000,00007F02,00000000,0045EAA9), ref: 0045EA1A
SetCursor.USER32(?,0045EA91,00007F02,00000000,0045EAA9), ref: 0045EA84

Strings

, xrefs: 0045ECAA
Internal error: Item already expanding, xrefs: 0045E9B1
, xrefs: 0045EC8F

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Cursor$Load
String ID: $ $Internal error: Item already expanding
API String ID: 1675784387-1948079669
Opcode ID: 062bc24e025f87a5132b01d4a23ebbd0a7af6c8b69919735a7d8bfb9171ae665
Instruction ID: dca47056957fcd899ad7342011e10480afea1a1a27e56c2873f80f5661136381
Opcode Fuzzy Hash: 062bc24e025f87a5132b01d4a23ebbd0a7af6c8b69919735a7d8bfb9171ae665
Instruction Fuzzy Hash: 35B1BF30A042449FDB25DF2AC585B9ABBF0BF04305F5484AAEC459B793D738EE49CB45

Function 00452388 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 225COMMON

Download Yara Rule

APIs

WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0045246F

Strings

MoveFileEx, xrefs: 0045267F
[rename], xrefs: 004524D2, 0045250E
WININIT.INI, xrefs: 0045241D
.tmp, xrefs: 0045242B
NUL, xrefs: 00452531

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
API String ID: 390214022-3304407042
Opcode ID: 1c1ce0ddb9ef394067630f10c4084cb2c2b088ee831540a62cb7d367d0a82b32
Instruction ID: b02a2244c8ac043b1712f4d5d459e41a201eed142cab655ca7120e0de3a2e1df
Opcode Fuzzy Hash: 1c1ce0ddb9ef394067630f10c4084cb2c2b088ee831540a62cb7d367d0a82b32
Instruction Fuzzy Hash: BA91F330A001099BDB11EFA5D982BDEB7F5AF49305F50847BE90077392D7B8AE09CB59

Function 004086C0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,00408908,?,?,?,?,00000000,00000000,00000000,?,0040990F,00000000,00409922), ref: 004086DA

Part of subcall function 00408508: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,004924C0,00000001,?,004085D3,?,00000000,004086B2), ref: 00408526

Part of subcall function 00408554: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,00408756,?,?,?,00000000,00408908), ref: 00408567

Strings

mmmm d, yyyy, xrefs: 004087CB
:mm:ss, xrefs: 004088D6
m/d/yy, xrefs: 004087A9
AMPM, xrefs: 004088A5
:mm, xrefs: 004088BC

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: InfoLocale$DefaultSystem
String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
API String ID: 1044490935-665933166
Opcode ID: ff036df80b210b54e2fa160841ffd8a7ad68a192e85da69035cbbac9a23d53b8
Instruction ID: 056ecf6f2f1527b7684b606c263ef1e3982ac19046fe7e290d3a86a54856ae2c
Opcode Fuzzy Hash: ff036df80b210b54e2fa160841ffd8a7ad68a192e85da69035cbbac9a23d53b8
Instruction Fuzzy Hash: 21512C74B001086BDB01FBA6DE91A9E7BA9DB84304F50D47FA181BB3C6CA3CDA05875D

Function 00466210 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99sleepCOMMON

Download Yara Rule

APIs

GetCursor.USER32(00000000,0046634F), ref: 004662CC
LoadCursorA.USER32(00000000,00007F02), ref: 004662DA
SetCursor.USER32(00000000,00000000,00007F02,00000000,0046634F), ref: 004662E0
Sleep.KERNEL32(000002EE,00000000,00000000,00007F02,00000000,0046634F), ref: 004662EA
SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02,00000000,0046634F), ref: 004662F0

Strings

CheckPassword, xrefs: 00466274

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Cursor$LoadSleep
String ID: CheckPassword
API String ID: 4023313301-1302249611
Opcode ID: a2f9e29d2fd47cbe49e50b2b8c9181dc4ebe3878211084bf54e37939886680c3
Instruction ID: e12dea2b5957d6b50ca2ed371003984113864468440f1a681d17ee3b0f813ced
Opcode Fuzzy Hash: a2f9e29d2fd47cbe49e50b2b8c9181dc4ebe3878211084bf54e37939886680c3
Instruction Fuzzy Hash: 2931A774644204AFD701EF69C88AF9E7BE1AF45304F5680B6F904AB3E2D7789E40CB59

Function 0041C0F0 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0041BFF0: GetObjectA.GDI32(?,00000018), ref: 0041BFFD

GetFocus.USER32 ref: 0041C110
73A1A570.USER32(?), ref: 0041C11C
73A18830.GDI32(?,?,00000000,00000000,0041C19B,?,?), ref: 0041C13D
73A122A0.GDI32(?,?,?,00000000,00000000,0041C19B,?,?), ref: 0041C149
GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0041C160
73A18830.GDI32(?,00000000,00000000,0041C1A2,?,?), ref: 0041C188
73A1A480.USER32(?,?,0041C1A2,?,?), ref: 0041C195

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: A18830$A122A480A570BitsFocusObject
String ID:
API String ID: 2231653193-0
Opcode ID: 4b5817af3930a7da88de8c776c2c87f1b057dc8e6189491f9691f509f6f43723
Instruction ID: e1839615c60f4afd83c90c330261c8dd65eba5fe4d32295df669e4ba5c229ee2
Opcode Fuzzy Hash: 4b5817af3930a7da88de8c776c2c87f1b057dc8e6189491f9691f509f6f43723
Instruction Fuzzy Hash: 24116D71A44608BBDB10DBE9CC85FAFB7FCEF48700F54446AB518E7281D63898008B28

Function 0047C58C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0047C644), ref: 0047C629

Strings

ServerNT, xrefs: 0047C60D
WinNT, xrefs: 0047C5D9
ProductType, xrefs: 0047C5C8
LanmanNT, xrefs: 0047C5F3
System\CurrentControlSet\Control\ProductOptions, xrefs: 0047C5B0

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseOpen
String ID: LanmanNT$ProductType$ServerNT$System\CurrentControlSet\Control\ProductOptions$WinNT
API String ID: 47109696-2530820420
Opcode ID: 1f100dee03358c0d2874d8d4a97e5654ae5678a4c09e96fc9d12141f2d617b1f
Instruction ID: ba25b35c1adc0b75f4f324f6cb59f82a98d74cc289aeabc78b4d1a44d03816b4
Opcode Fuzzy Hash: 1f100dee03358c0d2874d8d4a97e5654ae5678a4c09e96fc9d12141f2d617b1f
Instruction Fuzzy Hash: 84118E30B04204AADB10DB659AC2B9A7BA89B56308F61D0BFA408A7285DB789A018758

Function 0045A67C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 34libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,ISCryptGetVersion), ref: 0045A685
GetProcAddress.KERNEL32(00000000,ArcFourInit), ref: 0045A695
GetProcAddress.KERNEL32(00000000,ArcFourCrypt), ref: 0045A6A5

Strings

ArcFourInit, xrefs: 0045A68F
ISCryptGetVersion, xrefs: 0045A67F
ArcFourCrypt, xrefs: 0045A69F

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressProc
String ID: ArcFourCrypt$ArcFourInit$ISCryptGetVersion
API String ID: 190572456-508647305
Opcode ID: b50286813e04f81c7a6efa6a560a2cc7dac75f01e1440ccd7e3cdc890a972b89
Instruction ID: 4e0395d972810c9416c3368882ebdde2c5e01ffaaeaf982be760f48a4fca4704
Opcode Fuzzy Hash: b50286813e04f81c7a6efa6a560a2cc7dac75f01e1440ccd7e3cdc890a972b89
Instruction Fuzzy Hash: 3DF062B1532700FBDB08DF729EC422736B5B364396F18C13BA804551AAD7BC0458EA0D

Function 0045AB7C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressInit), ref: 0045AB85
GetProcAddress.KERNEL32(00000000,BZ2_bzDecompress), ref: 0045AB95
GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressEnd), ref: 0045ABA5

Strings

BZ2_bzDecompressInit, xrefs: 0045AB7F
BZ2_bzDecompressEnd, xrefs: 0045AB9F
BZ2_bzDecompress, xrefs: 0045AB8F

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressProc
String ID: BZ2_bzDecompress$BZ2_bzDecompressEnd$BZ2_bzDecompressInit
API String ID: 190572456-212574377
Opcode ID: 06ad267ddbe9a67695a24deefdef499722044127c2f74fee0a459ad65b6435b0
Instruction ID: 78c3aec0c34357df070bc40c46de1e5cd03a4b776be7e77430bdb5cc110f23ad
Opcode Fuzzy Hash: 06ad267ddbe9a67695a24deefdef499722044127c2f74fee0a459ad65b6435b0
Instruction Fuzzy Hash: 66F06DB0500742EADB14DF32AE44B3237A6A368306F04913BA909552AAD7FC145EEE5E

Function 0042E744 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 20libraryloaderwindowCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0048DD4A,QueryCancelAutoPlay,00490B7B), ref: 0042E75A
GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E760
InterlockedExchange.KERNEL32(00492660,00000001), ref: 0042E771
ChangeWindowMessageFilter.USER32(0000C1C1,00000001), ref: 0042E782

Strings

user32.dll, xrefs: 0042E755
ChangeWindowMessageFilter, xrefs: 0042E750

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressChangeExchangeFilterHandleInterlockedMessageModuleProcWindow
String ID: ChangeWindowMessageFilter$user32.dll
API String ID: 1365377179-2498399450
Opcode ID: eab0b65c3067cf7eebd20b0fa5e3b11d0b4fe551875263116f1b4c2d8dfe968a
Instruction ID: 232ca1bda8f30e1dbeb1e37a17564225c323fdce3e6d3ccf23913f9b659c3ecd
Opcode Fuzzy Hash: eab0b65c3067cf7eebd20b0fa5e3b11d0b4fe551875263116f1b4c2d8dfe968a
Instruction Fuzzy Hash: 50E0ECB1742310BAEA247BB26E8AF5A2594A774715F900037F000655E6C6FD0D44D91D

Function 00472434 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 14libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,?,00490B71), ref: 0047243A
GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00472447
GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00472457

Strings

VerifyVersionInfoW, xrefs: 00472451
kernel32.dll, xrefs: 00472435
VerSetConditionMask, xrefs: 00472441

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: VerSetConditionMask$VerifyVersionInfoW$kernel32.dll
API String ID: 667068680-222143506
Opcode ID: 0f9ecaba7a057c0ff261be8817688d558130c40e5a9a1257119e418d6d35d74a
Instruction ID: 2634119a36086f07b4582bff0c6698110bc0db6046ba951e872dfe9231fcc97c
Opcode Fuzzy Hash: 0f9ecaba7a057c0ff261be8817688d558130c40e5a9a1257119e418d6d35d74a
Instruction Fuzzy Hash: 7AC0C9E0641700AEAA08B7B11E8397A2168D520B29B10813B704869187D6FC08045A2C

Function 0045A540 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 73COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000057,00000000,0045A60C,?,?,?,?,00000000), ref: 0045A5AB
SetLastError.KERNEL32(00000000,00000002,?,?,?,0045A678,?,00000000,0045A60C,?,?,?,?,00000000), ref: 0045A5EA

Strings

CLASSES_ROOT, xrefs: 0045A570
USERS, xrefs: 0045A59D
CURRENT_USER, xrefs: 0045A57F
MACHINE, xrefs: 0045A58E

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorLast
String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
API String ID: 1452528299-1580325520
Opcode ID: 068a73805bbc91043a3266f77ff4c4ee40905737be1478f272e1aee34357c8d5
Instruction ID: 2c7cc5846e01bfe9336b3e21a4f35d5db95fca715acc3ac4ded287c5e5725028
Opcode Fuzzy Hash: 068a73805bbc91043a3266f77ff4c4ee40905737be1478f272e1aee34357c8d5
Instruction Fuzzy Hash: 3611A53560420CFBDB11DAA5C941F9E7AACDB84306F644137BD0166283E67C5F1E992F

Function 0047087C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146windowCOMMON

Download Yara Rule

APIs

GetClassInfoW.USER32(00000000,COMBOBOX,?), ref: 004708D2
73A259E0.USER32(00000000,000000FC,00470830,00000000,00470A62,?,00000000,00470A87), ref: 004708F9
GetACP.KERNEL32(00000000,00470A62,?,00000000,00470A87), ref: 00470936
SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0047097C

Strings

COMBOBOX, xrefs: 004708CB

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: A259ClassInfoMessageSend
String ID: COMBOBOX
API String ID: 3217714596-1136563877
Opcode ID: 4db748e39614629576759290719755d4f62f5ff744c25c03a842ef39f5d171c9
Instruction ID: ada8455a1527fb003519a52fc9fb8cd1e3de5cb64bb436e33c8ec601d2d438b3
Opcode Fuzzy Hash: 4db748e39614629576759290719755d4f62f5ff744c25c03a842ef39f5d171c9
Instruction Fuzzy Hash: 63514D74A01205EFDB10DF69D885A9EB7B5EB49304F1481BAE808DB762C778AD41CB98

Function 00454320 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA,00000000,00454454), ref: 00454350
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00454356

Strings

kernel32.dll, xrefs: 0045434B
GetDiskFreeSpaceExA, xrefs: 00454346

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetDiskFreeSpaceExA$kernel32.dll
API String ID: 1646373207-3712701948
Opcode ID: b0b659b2d070814a0368f486c3293326616746fdd3269bbd203ed0c9b07b7e5a
Instruction ID: 308890e583471f7d729b9dc2fcd7aa40e9e9c611359b8057d7b1245ba4b987a9
Opcode Fuzzy Hash: b0b659b2d070814a0368f486c3293326616746fdd3269bbd203ed0c9b07b7e5a
Instruction Fuzzy Hash: E6318871A44259AFCF01DFA5C882AEEB7B8EF49704F508566F800F7252D63C5D49CB64

Function 00416BD4 Relevance: 7.6, APIs: 5, Instructions: 104COMMON

Download Yara Rule

APIs

BeginPaint.USER32(00000000,?), ref: 00416BFA
SaveDC.GDI32(?), ref: 00416C2B
ExcludeClipRect.GDI32(?,?,?,?,?,?,00000000,00416CED), ref: 00416C8C
RestoreDC.GDI32(?,?), ref: 00416CB3
EndPaint.USER32(00000000,?,00416CF4,00000000,00416CED), ref: 00416CE7

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Paint$BeginClipExcludeRectRestoreSave
String ID:
API String ID: 3808407030-0
Opcode ID: 05b91c705dead32c22d601d06aaaaefc09bf00903a581cfd1e69d9044e53cd27
Instruction ID: 511e07c03593910ab38166e7e8fb99fbe2c7a584a9aae09983b44cf3f48c28fc
Opcode Fuzzy Hash: 05b91c705dead32c22d601d06aaaaefc09bf00903a581cfd1e69d9044e53cd27
Instruction Fuzzy Hash: E3414F70A04204AFCB14DFA9C985FAEB7F8EF48304F1640AAE84497362D778ED41CB58

Function 004147A8 Relevance: 7.6, APIs: 5, Instructions: 102COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(?,?,?), ref: 004147DE
MulDiv.KERNEL32(?,?,?), ref: 004147F8
MulDiv.KERNEL32(?,?,?), ref: 00414821
MulDiv.KERNEL32(?,?,?), ref: 0041484C
MulDiv.KERNEL32(00000000,?,00000000), ref: 00414894

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1db4e5bd5f3073e3ba55cd164d497178988a2e4975f87a427fd18fb625363a14
Instruction ID: 16203bcbef39f9c243701adad7e95064df465d958f07c31b5226583d855f1c1b
Opcode Fuzzy Hash: 1db4e5bd5f3073e3ba55cd164d497178988a2e4975f87a427fd18fb625363a14
Instruction Fuzzy Hash: 26311F746047409FC320EB69C985BABB7E8AF89714F04891EF9D5C7791C678EC818B19

Function 00414388 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

73A18830.GDI32(00000000,00000000,00000000), ref: 004143C1
73A122A0.GDI32(00000000,00000000,00000000,00000000), ref: 004143C9
73A18830.GDI32(00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 004143DD
73A122A0.GDI32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 004143E3
73A1A480.USER32(00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 004143EE

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: A122A18830$A480
String ID:
API String ID: 3325508737-0
Opcode ID: a82122af31a8aec246995b2a86ca6dd819a62577bbe41f01694e2b233259fffd
Instruction ID: 075c4eaa6eababf39ef1bcc04ba03af1ed36323413641ea814e4f99408aec64f
Opcode Fuzzy Hash: a82122af31a8aec246995b2a86ca6dd819a62577bbe41f01694e2b233259fffd
Instruction Fuzzy Hash: E501DF3131C3806AD200B63E8C85A9F6BED8FCA314F05546EF498DB382CA7ACC018766

Function 0042E6CC Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004516BB,00000000,004516DC), ref: 0042E6EE
DeviceIoControl.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000), ref: 0042E719
GetLastError.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004516BB,00000000,004516DC), ref: 0042E726
CloseHandle.KERNEL32(00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004516BB,00000000,004516DC), ref: 0042E72E
SetLastError.KERNEL32(00000000,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004516BB,00000000,004516DC), ref: 0042E734

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorLast$CloseControlCreateDeviceFileHandle
String ID:
API String ID: 1177325624-0
Opcode ID: 359dbea4c5ad76fc8a2e5f7aefc1d9e87d484020982a0d52558c32e2f28802f9
Instruction ID: 1e70605f52ae136b2496113c77cf63f65d5ab7d673e450a7d96165da6ee8aff6
Opcode Fuzzy Hash: 359dbea4c5ad76fc8a2e5f7aefc1d9e87d484020982a0d52558c32e2f28802f9
Instruction Fuzzy Hash: 85F0CD713917203AF620B17A6C82F7B428C8785B68F10823ABB04FF1C1D9A84C05056D

Function 0044C69C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

SetRectEmpty.USER32(?), ref: 0044C72A
DrawTextA.USER32(00000000,00000000,00000000,?,00000D20), ref: 0044C755
DrawTextA.USER32(00000000,00000000), ref: 0044C7EE

Strings

, xrefs: 0044C70F

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: DrawText$EmptyRect
String ID:
API String ID: 182455014-2867612384
Opcode ID: f37fe9e577420607298c9583aacd29a253469b4ecb6affd38da19aac1ff88878
Instruction ID: 4bcae54fe600c87244e68b3e4b857699d32a5b02b35774ead0fedabfa34a998c
Opcode Fuzzy Hash: f37fe9e577420607298c9583aacd29a253469b4ecb6affd38da19aac1ff88878
Instruction Fuzzy Hash: 14514C70A00249AFDB51DFA5C885BDEBBF4EF49304F18807AE845EB252D738A945CF64

Function 0042E8AC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

73A1A570.USER32(00000000,00000000,0042E9FF,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0042E8D6

Part of subcall function 0041A190: CreateFontIndirectA.GDI32(?), ref: 0041A24F

SelectObject.GDI32(?,00000000), ref: 0042E8F9
73A1A480.USER32(00000000,?,0042E9E4,00000000,0042E9DD,?,00000000,00000000,0042E9FF,?,?,?,?,00000000,00000000,00000000), ref: 0042E9D7

Strings

...\, xrefs: 0042E989

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: A480A570CreateFontIndirectObjectSelect
String ID: ...\
API String ID: 2998766281-983595016
Opcode ID: 0abe42e3825d138716532803585986b19ef8b1cd23e6fed3d9a5b7748e7d04e5
Instruction ID: 807027aef349940e21883cde7310681b589974d129d52fe5cab9b03fce9682ec
Opcode Fuzzy Hash: 0abe42e3825d138716532803585986b19ef8b1cd23e6fed3d9a5b7748e7d04e5
Instruction Fuzzy Hash: E43163B0B00228AFDF11EB9AD841BAEB7F8EF49304F90447BF400A7291D7785D41CA59

Function 00452038 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,0048EF85,_iu,?,00000000,00452172), ref: 00452127
CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,0048EF85,_iu,?,00000000,00452172), ref: 00452137

Strings

_iu, xrefs: 004520C9
.tmp, xrefs: 004520DB

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseCreateFileHandle
String ID: .tmp$_iu
API String ID: 3498533004-10593223
Opcode ID: 0894f70411399b6df61818a4294c0682d641e21b840aa065192c93b8d6131aa8
Instruction ID: 8b1672352a1cca793e1e6cdfbdd22016e493eddba5fdcbb921eb9ed9b7b44ad0
Opcode Fuzzy Hash: 0894f70411399b6df61818a4294c0682d641e21b840aa065192c93b8d6131aa8
Instruction Fuzzy Hash: 0A31B470A00219ABCB11EBA5C982B9FBBB5AF55305F60452BF900B73C2D6785F05C769

Function 004163B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

GetClassInfoA.USER32(00400000,?,?), ref: 00416427
UnregisterClassA.USER32(?,00400000), ref: 00416453
RegisterClassA.USER32(?), ref: 00416476

Strings

@, xrefs: 004163D1

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Class$InfoRegisterUnregister
String ID: @
API String ID: 3749476976-2766056989
Opcode ID: ba89541a68a9dfdf770facca807dae9c782ce86162aa969ff59cee606922267e
Instruction ID: 74af36b6803d41f6853cd3ce3d24e6ffc0c269dd3492e9de927f187c4c73ed65
Opcode Fuzzy Hash: ba89541a68a9dfdf770facca807dae9c782ce86162aa969ff59cee606922267e
Instruction Fuzzy Hash: AA315C702042409BDB10EF69C981B9A77E5AB88308F04457FFA45DB392DB39D985CB6A

Function 00490200 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,00490ACD,00000000,004902F6,?,?,00000000,00492628), ref: 00490270
SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00490ACD,00000000,004902F6,?,?,00000000,00492628), ref: 00490299
MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 004902B2

Strings

isRS-%.3u.tmp, xrefs: 0049024F

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: File$Attributes$Move
String ID: isRS-%.3u.tmp
API String ID: 3839737484-3657609586
Opcode ID: 8d501dbe8754779fbbc4551a6ef16c6ba155ba939730555f28b22adbbd9d1952
Instruction ID: 84ec0ba2a7a86931400e9934c1aa84bf5b308f9588d1f16149e0ac51d8a7354a
Opcode Fuzzy Hash: 8d501dbe8754779fbbc4551a6ef16c6ba155ba939730555f28b22adbbd9d1952
Instruction Fuzzy Hash: CE216271E01219AFCF11EFA9C885AAFBBB8EF44314F10457BB814B72D1D6389E018A59

Function 00454A08 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720

Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9

LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00454A5C
RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00454A89

Strings

LoadTypeLib, xrefs: 00454A67
RegisterTypeLib, xrefs: 00454A94

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Type$AllocByteCharFullLoadMultiNamePathRegisterStringWide
String ID: LoadTypeLib$RegisterTypeLib
API String ID: 1312246647-2435364021
Opcode ID: 61cb2b2391c203defd257abac4021e1b6939228e1dc124a340144f06dba41211
Instruction ID: 783231ea94435fc0087f34711460946af1774244c06649ca950b936fb7940314
Opcode Fuzzy Hash: 61cb2b2391c203defd257abac4021e1b6939228e1dc124a340144f06dba41211
Instruction Fuzzy Hash: 8911A230B40604AFDB51DBA6DD51A5EB7B9DB89309B104476B800D7652DA389D44C618

Function 0042EB68 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50windowCOMMON

Download Yara Rule

APIs

GetActiveWindow.USER32 ref: 0042EB9F
MessageBoxA.USER32(?,00000000,00000000,00000001), ref: 0042EBCB
SetActiveWindow.USER32(?,0042EBF9,00000000,0042EC47,?,?,00000000,?), ref: 0042EBEC

Strings

t}G, xrefs: 0042EB86

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ActiveWindow$Message
String ID: t}G
API String ID: 2113736151-3734030870
Opcode ID: 29a5b97e5e16aea11bd18ac248af5cdc38bd738e31227901ecfe22b68a917f0a
Instruction ID: 93637352c78226270701b452ebd95810c2fea060df2177fc870e4549b641cd3b
Opcode Fuzzy Hash: 29a5b97e5e16aea11bd18ac248af5cdc38bd738e31227901ecfe22b68a917f0a
Instruction Fuzzy Hash: 1B010030A00218AFD701EBB6DC02D5BBBACEB09714B42487AB400D3261D6789C10CA68

Function 004525CE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43fileCOMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNEL32(00000000,00000020), ref: 004525DB

Part of subcall function 00406EF0: DeleteFileA.KERNEL32(00000000,00492628,004906E1,00000000,00490736,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406EFB

MoveFileA.KERNEL32(00000000,00000000), ref: 00452600

Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B

Strings

MoveFile, xrefs: 00452609
DeleteFile, xrefs: 004525EC

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: File$AttributesDeleteErrorLastMove
String ID: DeleteFile$MoveFile
API String ID: 3024442154-139070271
Opcode ID: 83ba370e3e64a4e704fc70349a51a9e3dceb6ba2ad42e3b2449a01ecd04fdfa4
Instruction ID: 4e1aed58776595ab6c7b67b54cba174f3ed66ee01ab59955a5ec3a7bb6030dfd
Opcode Fuzzy Hash: 83ba370e3e64a4e704fc70349a51a9e3dceb6ba2ad42e3b2449a01ecd04fdfa4
Instruction Fuzzy Hash: 5AF086706441045BEB01FBA5DA5266F63ECEB4930AFA0443BB800B76C3DA7C9D094939

Function 0047C4E4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegQueryValueExA.ADVAPI32(?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 0047C525
RegCloseKey.ADVAPI32(?,?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 0047C548

Strings

CSDVersion, xrefs: 0047C51C
System\CurrentControlSet\Control\Windows, xrefs: 0047C4F2

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: CSDVersion$System\CurrentControlSet\Control\Windows
API String ID: 3677997916-1910633163
Opcode ID: 8c9476a1148ee32edb6514990d6e57d73db719e9fc1d10813d17fb4e36501a08
Instruction ID: 2b22ae4652a4094afc35098fa0d5140fa3c6298d341fdca8ef5f3daa64d39871
Opcode Fuzzy Hash: 8c9476a1148ee32edb6514990d6e57d73db719e9fc1d10813d17fb4e36501a08
Instruction Fuzzy Hash: 9EF03175A40218B6DF10DBD58C85BDFB3BCAB04704F20856BE518E7280E779EB04CB99

Function 00490914 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00490B95,00000001,00000000,00490BB9), ref: 0049091E
GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00490924

Strings

DisableProcessWindowsGhosting, xrefs: 00490914
user32.dll, xrefs: 00490919

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: DisableProcessWindowsGhosting$user32.dll
API String ID: 1646373207-834958232
Opcode ID: 4b48ddbf2ae65069f6fda05345d4f43ab7ae7b2b768fb27b4b75cf04a15282ea
Instruction ID: 838b278ec98e31f4c73fd57d7bfbee2b42f08c5e91e18395c18da76804b5d864
Opcode Fuzzy Hash: 4b48ddbf2ae65069f6fda05345d4f43ab7ae7b2b768fb27b4b75cf04a15282ea
Instruction Fuzzy Hash: EEB092C064170168EC1033F60D12B1F0C084881724B1400373810B10C3CD6CD800582D

Function 004089F4 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00400000,?,00000100), ref: 00408A15
LoadStringA.USER32(00400000,0000FF9E,?,00000040), ref: 00408A84
LoadStringA.USER32(00400000,0000FF9F,?,00000040), ref: 00408B1F
MessageBoxA.USER32(00000000,?,?,00002010), ref: 00408B5E

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: LoadString$FileMessageModuleName
String ID:
API String ID: 704749118-0
Opcode ID: e08be93b19a1cddc4bd5487b5509b10aac953965d6ff4287a83413ce4527f0a1
Instruction ID: 4e3ae3d55980ca36df37c0f6f31f55762440d7de19fd646938f5a693a080efc6
Opcode Fuzzy Hash: e08be93b19a1cddc4bd5487b5509b10aac953965d6ff4287a83413ce4527f0a1
Instruction Fuzzy Hash: 0F3143706083849AD330EB65C945F9B77E89B86704F40483FB6C8E72D1DB795908876B

Function 0046A298 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,00000000), ref: 0046A2E9

Strings

Setting NTFS compression on directory: %s, xrefs: 0046A2B7
Failed to set NTFS compression state (%d)., xrefs: 0046A2FA
Unsetting NTFS compression on directory: %s, xrefs: 0046A2CF

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorLast
String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on directory: %s$Unsetting NTFS compression on directory: %s
API String ID: 1452528299-1392080489
Opcode ID: 4d3942e9cc61f02bf791f275095a639e0222dadc5439085e038e50f3473c57ee
Instruction ID: fae52b56698cbef2ef65a100aaaf1ff6f22f0878e20b839bb13b77e1b18f05a4
Opcode Fuzzy Hash: 4d3942e9cc61f02bf791f275095a639e0222dadc5439085e038e50f3473c57ee
Instruction Fuzzy Hash: 62018430D18648A6CB0097ED50512DDBBE49F09304F4481EBA855EB382EB791A184F9B

Function 004542B0 Relevance: 6.0, APIs: 4, Instructions: 41registrywindowCOMMON

Download Yara Rule

APIs

Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60

RegDeleteValueA.ADVAPI32(?,00000000,?,00000002,00000000,?,?,00000000,00458EC3,?,?,?,?,?,00000000,00458ED6), ref: 004542EC
RegCloseKey.ADVAPI32(00000000,?,00000000,?,00000002,00000000,?,?,00000000,00458EC3,?,?,?,?,?,00000000), ref: 004542F5
RemoveFontResourceA.GDI32(00000000), ref: 00454302
SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 00454316

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
String ID:
API String ID: 4283692357-0
Opcode ID: f2094145b32d3c6b7b8b4ee4a991df56b6f13a7e730408439a91d8629e743fd8
Instruction ID: 6bcd884f58daa4cf242193067a8401f82c1379502e7cf10432dee752efbb2f93
Opcode Fuzzy Hash: f2094145b32d3c6b7b8b4ee4a991df56b6f13a7e730408439a91d8629e743fd8
Instruction Fuzzy Hash: 9CF05EB574535136EA10B6B65C87F5B228C8F94749F10883BBA00EF2D3D97CDC05962D

Function 0046AB88 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000), ref: 0046ABD9

Strings

Unsetting NTFS compression on file: %s, xrefs: 0046ABBF
Failed to set NTFS compression state (%d)., xrefs: 0046ABEA
Setting NTFS compression on file: %s, xrefs: 0046ABA7

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: ErrorLast
String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on file: %s$Unsetting NTFS compression on file: %s
API String ID: 1452528299-3038984924
Opcode ID: 1e8bcf552af8bc3392dbf0996a1f185d8ced690d2f94648fef7693de0000dbcf
Instruction ID: e77f6018277675d8139a31bc4823810fa5650a54dc532de9f13faf9e2e869009
Opcode Fuzzy Hash: 1e8bcf552af8bc3392dbf0996a1f185d8ced690d2f94648fef7693de0000dbcf
Instruction Fuzzy Hash: 4F016230E186486ACB04D7AD90512EEBBE49F09304F4481EFA455E7382EA791A188F9B

Function 004241E8 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON

Download Yara Rule

APIs

GetLastActivePopup.USER32(?), ref: 004241F4
IsWindowVisible.USER32(?), ref: 00424205
IsWindowEnabled.USER32(?), ref: 0042420F
SetForegroundWindow.USER32(?), ref: 00424219

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Window$ActiveEnabledForegroundLastPopupVisible
String ID:
API String ID: 2280970139-0
Opcode ID: d9228b7f269806e4fe8e97f345a82837c2af6ea24a9e24666224f8ff684892d2
Instruction ID: e71b939943bb08068cd538cfbf2adeec964b373e7692791c6f26669312c8020f
Opcode Fuzzy Hash: d9228b7f269806e4fe8e97f345a82837c2af6ea24a9e24666224f8ff684892d2
Instruction Fuzzy Hash: 23E08CA178253593AE22B6A72D81A9B018CCD453C434A01A7BC08FB283DBACCC0082BC

Function 00406284 Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON

Download Yara Rule

APIs

GlobalHandle.KERNEL32 ref: 00406287
GlobalUnWire.KERNEL32(00000000), ref: 0040628E
GlobalReAlloc.KERNEL32(00000000,00000000), ref: 00406293
GlobalFix.KERNEL32(00000000), ref: 00406299

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Global$AllocHandleWire
String ID:
API String ID: 2210401237-0
Opcode ID: ccca6f24380267978f803e90f3f817f3fcf2956047d1379c6398f3f6a54b6072
Instruction ID: ad050c8fb554795a0ca7e59246f03ac17dd57b6c6051e6027a9978793207e39e
Opcode Fuzzy Hash: ccca6f24380267978f803e90f3f817f3fcf2956047d1379c6398f3f6a54b6072
Instruction Fuzzy Hash: A0B009C5814A05B9EC0833B24C0BD3F141CD88072C3808A6FB458BA1839C7C9C402A3D

Function 00402584 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.KERNEL32(00492420,00000000,)), ref: 004025C7
RtlLeaveCriticalSection.KERNEL32(00492420,0040263D), ref: 00402630

Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(00492420,00000000,00401A82,?,?,0040222E,02170000,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(00492420,00492420,00000000,00401A82,?,?,0040222E,02170000,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,00492420,00000000,00401A82,?,?,0040222E,02170000,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(00492420,00401A89,00000000,00401A82,?,?,0040222E,02170000,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C

Strings

), xrefs: 004025AE

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocInitializeLocal
String ID: )
API String ID: 2227675388-1084416617
Opcode ID: 4485ac256982a062d4fa7b498a16ced20a2b64ccb8ee85a4042039cc97c61c73
Instruction ID: 5ca06efdeebc3fba4ee02943ae555fbbec684c5e6e5b72b014691e2301117c59
Opcode Fuzzy Hash: 4485ac256982a062d4fa7b498a16ced20a2b64ccb8ee85a4042039cc97c61c73
Instruction Fuzzy Hash: 9B1101317052047FEB25AB7A9F1A62B6AD4D795758B24087FF404F32D2D9FD8C02826C

Function 0048EC92 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 0048ECCB

Strings

@, xrefs: 0048EC98
/INITPROCWND=$%x , xrefs: 0048ECF6

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: Window
String ID: /INITPROCWND=$%x $@
API String ID: 2353593579-4169826103
Opcode ID: 9fceb97f9dee9116b4f9cd4460141dcdd6850024def755ee183cc3526b898cc5
Instruction ID: f0e425cee1880468264a3bcbee4eb035e6200ab2a1fbac31d2564d6a1bb1e37f
Opcode Fuzzy Hash: 9fceb97f9dee9116b4f9cd4460141dcdd6850024def755ee183cc3526b898cc5
Instruction Fuzzy Hash: 9B11D371A042499FDB01EBA5D841BEE7BF8EB49314F50487BE404E7292D77CA909CB9C

Function 00446AF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9

SysFreeString.OLEAUT32(?), ref: 00446BA2

Strings

Unknown Method, xrefs: 00446B7B
NIL Interface Exception, xrefs: 00446B44

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: String$AllocByteCharFreeMultiWide
String ID: NIL Interface Exception$Unknown Method
API String ID: 3952431833-1023667238
Opcode ID: 6cfdb488caeb7d7681ac0af27f1ef08cc2626e2ae4e3480024423c9f119b8ea1
Instruction ID: 34182cf724be706de40d5a6da2d3ea217801cbd4a50a487fa4911f02854a4a1d
Opcode Fuzzy Hash: 6cfdb488caeb7d7681ac0af27f1ef08cc2626e2ae4e3480024423c9f119b8ea1
Instruction Fuzzy Hash: F211B9706003489FDB10DFA5CC52AAEBBBCEB49704F52407AF500E7681D679AD04C76A

Function 0048E504 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,0048E5CC,?,0048E5C0,00000000,0048E5A7), ref: 0048E572
CloseHandle.KERNEL32(0048E60C,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,0048E5CC,?,0048E5C0,00000000), ref: 0048E589

Part of subcall function 0048E45C: GetLastError.KERNEL32(00000000,0048E4F4,?,?,?,?), ref: 0048E480

Strings

D, xrefs: 0048E54C

Memory Dump Source

Source File: 0000000A.00000002.2172754906.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2172735761.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172811656.0000000000491000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2172830423.00000000004A2000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_Registration.jbxd

Similarity

API ID: CloseCreateErrorHandleLastProcess
String ID: D
API String ID: 3798668922-2746444292
Opcode ID: ae870745a4cac2ffd9d929a47141e3125d0b46157059bed4d3fb6d2d61e0bba6
Instruction ID: 6a615ac2cff9bf009bed2b39286a60f6aa18dfcc8d35b7c44523146efba21c0d
Opcode Fuzzy Hash: ae870745a4cac2ffd9d929a47141e3125d0b46157059bed4d3fb6d2d61e0bba6
Instruction Fuzzy Hash: 060165B1604248BFDB04EBD2CC52E9F7BECDF08718F51043AB504E7291E6785E05C658

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. The Regsvr32.exe binary may also be signed by Microsoft.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Module: Module Load, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\4d11be.rbs

C:\Program Files (x86)\AVS4YOU\AVS4YOUHelp.chm (copy)

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe (copy)

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.sil (copy)

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-CATR2.tmp

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-H0AS6.tmp

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\is-VRG54.tmp

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.dat

C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe (copy)

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe (copy)

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateManager.sil (copy)

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateOptions.exe (copy)

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\AVSUpdateOptions.sil (copy)

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\Updater.exe (copy)

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-1O3D5.tmp

C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\is-67H5M.tmp

Windows Analysis Report
SecuriteInfo.com.Adware.InstallCore.768.3584.23489.exe

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre