Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe

Overview

General Information

Sample name:SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe
Analysis ID:1447255
MD5:8c9d7c62d1c19373bb581d879f012b33
SHA1:e0f20fb98b4cd4dee40cccebf82720f1f8f6ac98
SHA256:a27938941515ef4fe27eb078868b252817cff0c33c665db61eb6a499033c3627
Tags:exe
Infos:

Detection

Score:8
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Checks for available system drives (often done to infect USB drives)
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTML body with high number of embedded images detected
HTML body with high number of large embedded background images detected
PE / OLE file has an invalid certificate
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe (PID: 3204 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe" MD5: 8C9D7C62D1C19373BB581D879F012B33)
    • SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp (PID: 2912 cmdline: "C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp" /SL5="$203EE,69853475,53248,C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe" MD5: 52950AC9E2B481453082F096120E355A)
      • msiexec.exe (PID: 6828 cmdline: "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\vcredist.msi" MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • WMFDist11.exe (PID: 6040 cmdline: "C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exe" /Q:A /R:N MD5: 0ACA9C0DD652AD1340266AC775C1E7AD)
      • regsvr32.exe (PID: 6792 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\msxml3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 5832 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSUniversalVideoConverter.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 5056 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAVIFile3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 5956 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDFile3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 640 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaFormatSettings3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 2872 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOverlay.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 5020 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioOverlay.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 4852 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVOBFile3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 4440 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSWMVFile3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 884 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFiles.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 1444 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFile3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 2420 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFinalizer.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 1948 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayMenu.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 3908 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSM2TSFile3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 6740 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoPlayer.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 3080 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioDxPlayer4.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 5976 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaCore3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 2940 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoDVDMenu3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 5608 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoXmlDVDMenu.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 368 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEGFile3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 6448 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioCompress4.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 5916 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransform4.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 1476 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransformEx4.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 3004 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSPSCore3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 5724 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFLVFile3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 5944 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoFile3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 5244 cmdline: "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSQuickTimeFile3.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
  • msiexec.exe (PID: 3608 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 5692 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 99D16A0121B8E031EBFC9AE17FAE4D01 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-C1C5R.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    There are no malicious signatures, click here to show all signatures.

    Source: https://www.avs4you.com/register.aspx?ProgID=4&Type=Install&URL=RegisterHTTP Parser: Total embedded image size: 34780
    Source: https://www.avs4you.com/register.aspx?ProgID=4&Type=Install&URL=RegisterHTTP Parser: Total embedded background img size: 913650
    Source: https://www.avs4you.com/register.aspx?ProgID=4&Type=Install&URL=RegisterHTTP Parser: No favicon
    Source: https://www.avs4you.com/register.aspx?ProgID=4&Type=Install&URL=RegisterHTTP Parser: No favicon
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
    Source: C:\Windows\System32\msiexec.exeFile opened: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcr80.dllJump to behavior
    Source: Binary string: e:\src\producersdk\plugins\transform\audiolimiter\audiolimiter.pdb source: is-5M71C.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSVRMFile3\ReleaseAVSVRMFile3.pdb source: is-9DSR5.tmp.2.dr
    Source: Binary string: e:\src\producersdk\plugins\sessionformats\rmsessionformat\rmsessionformat.pdb source: is-NA344.tmp.2.dr
    Source: Binary string: e:\src\datatype_rn\rm\audio\codec\tokyo\atrc.pdb source: is-2EVDU.tmp.2.dr
    Source: Binary string: wextract.pdb source: WMFDist11.exe, WMFDist11.exe, 0000000A.00000000.2588513324.0000000001001000.00000020.00000001.01000000.00000008.sdmp, WMFDist11.exe, 0000000A.00000002.2590913445.0000000001001000.00000020.00000001.01000000.00000008.sdmp
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSVideoOut3\AVSVideoOutput3\Release\AVSVideoOutput3.pdb source: is-SN4VG.tmp.2.dr
    Source: Binary string: e:\src\datatype_rn\rm\audio\codec\sipro\sipr.pdb source: is-9S32E.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSBluRayFiles\Release\AVSBluRayFiles.pdb source: is-5J4Q5.tmp.2.dr
    Source: Binary string: atl80.i386.pdbP source: ATL80.dll0.8.dr
    Source: Binary string: e:\src\datatype_rn\rm\video\codec\rv89combo\drvc.pdb source: is-V74MG.tmp.2.dr
    Source: Binary string: h:\nt.obj.x86fre\base\wcp\tools\msmcustomaction\objfre\i386\msmcustomaction.pdb source: is-N0OCN.tmp.2.dr, MSI1752.tmp.8.dr
    Source: Binary string: d:\Subversion\AVS\Sources\AVSVideoStudio3\AVSVideoCompress3\AVSMPEG4Codec\Release\AVSMPEG4Codec.pdb source: is-AOVV2.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSBluRayFiles\Release\AVSBluRayFiles.pdb& source: is-5J4Q5.tmp.2.dr
    Source: Binary string: d:\avs\avs\sources\avsvideostudio3\avsflvfile3\release\AVSFLVFile3.pdb source: is-SHKDG.tmp.2.dr
    Source: Binary string: wextract.pdbU source: WMFDist11.exe, 0000000A.00000000.2588513324.0000000001001000.00000020.00000001.01000000.00000008.sdmp, WMFDist11.exe, 0000000A.00000002.2590913445.0000000001001000.00000020.00000001.01000000.00000008.sdmp
    Source: Binary string: x:\avs\sources\avsvideostudio3\avsbluraymenu\release\AVSBluRayMenu.pdb source: is-Q4MGD.tmp.2.dr
    Source: Binary string: PatchHooks.pdb source: is-N0OCN.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSVideoOverlay\Release\AVSVideoOverlay.pdb source: is-U4579.tmp.2.dr
    Source: Binary string: d:\Work\AVS\Sources\AVSAudioStudio3\version 4\AVSAudioDxPlayer4\Release\AVSAudioDxPlayer4.pdb source: is-QGLJL.tmp.2.dr
    Source: Binary string: d:\Subversion\AVS\Sources\AVSVideoStudio3\AVSStreamsCore\AVSStreamParsers\Release\AVSStreamParsers.pdb 0 source: is-PSSIF.tmp.2.dr
    Source: Binary string: d:\Subversion\AVS\Sources\AVSVideoStudio3\AVSVideoCompress3\AVSMPEGCodecs\Release\AVSMPEGCodecs.pdb source: is-KNH71.tmp.2.dr
    Source: Binary string: d:\Subversion\AVS\Sources\AVSVideoStudio3\AVSStreamsCore\AVSStreamParsers\Release\AVSStreamParsers.pdb source: is-PSSIF.tmp.2.dr
    Source: Binary string: x:\avs\sources\avsvideostudio3\avsvideofile3\release\AVSVideoFile3.pdb source: is-L6CEK.tmp.2.dr
    Source: Binary string: c:\Work_1\activex\AVS\Sources\AVSVideoStudio3\AVSCommercialDetection\Release\AVSCommercialDetection.pdb source: is-QSDE9.tmp.2.dr
    Source: Binary string: d:\work\avs\sources\avsvideostudio3\avsflashbuilder3\release\AVSFlashBuilder3.pdb source: is-71N74.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSAVIFile3\Release\AVSAVIFile3.pdb@ source: is-I4FTA.tmp.2.dr
    Source: Binary string: d:\Subversion\AVS\Sources\AVSVideoStudio3\AVSVideoCompress3\AVSMPEG4Codec\Release\AVSMPEG4Codec.pdb source: is-AOVV2.tmp.2.dr
    Source: Binary string: e:\src\producersdk_rn\plugins\transform\rnaudiocodec\rnaudiocodec.pdb source: is-Q01KR.tmp.2.dr
    Source: Binary string: d:\Work\AVSDiscWriter3\AVSDataWriter3\Release\AVSDataWriter3.pdb source: is-1PS44.tmp.2.dr
    Source: Binary string: MFC80.i386.pdb source: mfc80.dll.8.dr
    Source: Binary string: d:\work\avs\sources\avsvideostudio3\avsflashbuilder3\release\AVSFlashBuilder3.pdb source: is-71N74.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSVideoOut3\AVSVideoOutput3\Release\AVSVideoOutput3.pdb source: is-SN4VG.tmp.2.dr
    Source: Binary string: atl80.i386.pdb source: ATL80.dll0.8.dr
    Source: Binary string: e:\X\AVS\Sources\AVSImageStudio3\AVSImageStudio3\Release\AVSImageStudio3.pdb source: is-7AHQK.tmp.2.dr
    Source: Binary string: d:\avs\avs\sources\avsvideostudio3\avsflvfile3\release\AVSFLVFile3.pdb source: is-SHKDG.tmp.2.dr
    Source: Binary string: MFCM80.i386.pdb source: mfcm80.dll.8.dr
    Source: Binary string: d:\Subversion\AVS\Sources\AVSVideoStudio3\AVSVideoCompress3\AVSMPEGCodecs\Release\AVSMPEGCodecs.pdb P; source: is-KNH71.tmp.2.dr
    Source: Binary string: e:\X\AVS\Sources\AVSImageStudio3\AVSImageStudio3\Release\AVSImageStudio3.pdbx source: is-7AHQK.tmp.2.dr
    Source: Binary string: x:\avs\sources\avsvideostudio3\avsvideofile3\release\AVSVideoFile3.pdb8 source: is-L6CEK.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSVRMFile3\ReleaseAVSVRMFile3.pdb source: is-9DSR5.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSAVIFile3\Release\AVSAVIFile3.pdb source: is-I4FTA.tmp.2.dr
    Source: Binary string: e:\src\producersdk\plugins\transform\audiometer\audiometer.pdb source: is-HMA93.tmp.2.dr
    Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,2_2_00478B6C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,2_2_0046F16C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004511DC FindFirstFileA,GetLastError,2_2_004511DC
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_2_00490094
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,2_2_00476A70
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_0045F3A4
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_0045F820
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,2_2_0045DE20
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile opened: C:\Users\userJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile opened: C:\Users\user\AppData\RoamingJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: www.avs4you.com
    Source: global trafficDNS traffic detected: DNS query: secure.avangate.com
    Source: global trafficDNS traffic detected: DNS query: secure.2checkout.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: dev.visualwebsiteoptimizer.com
    Source: global trafficDNS traffic detected: DNS query: www.clarity.ms
    Source: global trafficDNS traffic detected: DNS query: analytics.google.com
    Source: global trafficDNS traffic detected: DNS query: stats.g.doubleclick.net
    Source: global trafficDNS traffic detected: DNS query: td.doubleclick.net
    Source: global trafficDNS traffic detected: DNS query: s.clarity.ms
    Source: global trafficDNS traffic detected: DNS query: c.clarity.ms
    Source: mfc80.dll.8.drString found in binary or memory: ftp://http://HTTP/1.0
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://avsdop.com/AVSWebService/utf-8http://avsdop.com/AVSWebService/AVSRequestSOFTWARE
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011089005.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011523167.00000000020C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3009178992.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005082676.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011683939.00000000020C4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005978282.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011817092.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011361149.00000000020BC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997726645.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2996759610.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997799783.0000000002288000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999577912.0000000002244000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000005060.000000000228C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999903853.0000000002224000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999549879.000000000224C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999605844.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011089005.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3009178992.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005082676.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005978282.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999637917.0000000002238000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/A
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011817092.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997726645.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2996759610.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997799783.0000000002288000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000005060.000000000228C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999903853.0000000002224000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/About
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011089005.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3009178992.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005082676.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005978282.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011361149.00000000020BC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999605844.0000000002240000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/Acerca
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011089005.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011523167.00000000020C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3009178992.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005082676.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005978282.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011361149.00000000020BC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999577912.0000000002244000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/Informazioni
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011879919.00000000020C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/L
    Source: is-TU2AC.tmp.2.dr, is-O8LRE.tmp.2.dr, is-RD7QB.tmp.2.dr, is-VDOIS.tmp.2.dr, is-DSAK1.tmp.2.dr, is-8OJPS.tmp.2.dr, is-2GPG2.tmp.2.dr, is-E4R62.tmp.2.drString found in binary or memory: http://ns.real.com/tools/audience.2.0
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2842000326.000000000229C000.00000004.00001000.00020000.00000000.sdmp, is-C1C5R.tmp.2.drString found in binary or memory: http://reg.avs4you.com/prolongation/prolongation.aspx
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://reg.avs4you.com/prolongation/prolongation.aspx?ProgID=4&Type=App&URL=Prolong
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011817092.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997726645.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2996759610.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997799783.0000000002288000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000005060.000000000228C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999903853.0000000002224000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com#http://www.avs4you.com/support.aspx
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011089005.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3009178992.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005082676.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005978282.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011361149.00000000020BC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999605844.0000000002240000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Archiver.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Audio-Converter.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Audio-Editor.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Audio-Grabber.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Audio-Mix.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Audio-Recorder.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Cover-Editor.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-DVD-Authoring.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-DVD-Copy.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-DVD-Player.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Disc-Creator.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Firewall.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Image-Converter.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Media-Player.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Mobile-Uploader.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Photo-Editor.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Registry-Cleaner.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Ringtone-Maker.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Slideshow-Maker.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-System-Cleaner.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-System-Info.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-TV-Box.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Video-Converter6.aspx
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/AVS-Video-Editor.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Video-Editor4.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Video-Recorder.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Video-Remaker.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Video-to-Flash.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-Video-to-GO.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-YouTube-Uploader.aspx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/AVS-iDevice-Explorer.aspx
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoEditor.exe
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998380848.0000000002260000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999930759.0000000002264000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Downloads/AVSVideoEditor.exeHc&
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997927353.0000000002284000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Encrypted-DVD.asp8
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2842000326.000000000229C000.00000004.00001000.00020000.00000000.sdmp, is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/Encrypted-DVD.aspx
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000086971.00000000022B4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Encrypted-DVD.aspx?ProgID=4&Type=App&URL=EncryptedDVD
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000086971.00000000022B4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Encrypted-DVD.aspx?ProgID=4&Type=App&URL=EncryptedDVDhtt
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2842000326.000000000229C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997726645.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2996759610.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997799783.0000000002288000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000005060.000000000228C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx.dl
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000702632.000000000066E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997726645.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2996759610.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997799783.0000000002288000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000005060.000000000228C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register$H
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000140005.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997958925.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000702632.000000000066E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register&
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000140005.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997958925.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000702632.000000000066E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register3
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3001735666.00000000049C0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3003014204.0000000005BE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterC:
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterR
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Registerch
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Registere
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Registerg
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000605898.00000000005EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Registerhttp://www.avs4you.com
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterlnL
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Registerpg
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000140005.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997958925.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000702632.000000000066E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Registerr
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterrbM
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000140005.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997958925.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000702632.000000000066E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register~
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/Register.aspx?utm_source=4&utm_medium=Register&utm_content=Register
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSArchiver.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSAudioConverter.exe
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmp, is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSAudioEditor.exe
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/downloads/AVSAudioEditor.exeJ
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSAudioGrabber.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSAudioMix.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSAudioRecorder.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSCoverEditor.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSDVDAuthoring.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSDVDCopy.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSDVDPlayer.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSDiscCreator.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSFirewall.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSImageConverter.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSMediaPlayer.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSMobileUploader.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSPhotoEditor.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSRegistryCleaner.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSRingtoneMaker.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSSlideshowMaker.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSSystemCleaner.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSSystemInfo.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSTVBox.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSVideoConverter6.exe
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/downloads/AVSVideoEditor.exe
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/downloads/AVSVideoEditor.exeJ
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSVideoEditor4.exe
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmp, is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRecorder.exe
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRecorder.exeJ
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSVideoRemaker.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoFlash.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSVideotoGo.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSYouTubeUploader.exe
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/downloads/AVSiDeviceExplorer.exe
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2842000326.000000000229C000.00000004.00001000.00020000.00000000.sdmp, is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/index.aspx
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000086971.00000000022B4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/index.aspx?ProgID=4&Type=App&URL=Main
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000086971.00000000022B4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/index.aspx?ProgID=4&Type=App&URL=Mainn
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/index.aspxhttp://www.avs4you.com/support.aspxhttp://www.avs4you.com/Encrypted
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/register.aspx
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/register.aspx?progid=4&type=install&url=register
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2842000326.000000000229C000.00000004.00001000.00020000.00000000.sdmp, is-C1C5R.tmp.2.drString found in binary or memory: http://www.avs4you.com/support.aspx
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000086971.00000000022B4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/support.aspx$H
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com/support.aspx?ProgID=4&Type=App&URL=Support
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011817092.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999903853.0000000002224000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.com2
    Source: is-9DSR5.tmp.2.drString found in binary or memory: http://www.avs4you.com4
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997726645.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2996759610.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997799783.0000000002288000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000005060.000000000228C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avs4you.comn
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avsdop.com/avswebservice/service.asmx
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avsdop.com/avswebservice/service.asmx$basepath$NodeNamePenPropertiesBrushPropertiesTextPr
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxNULLLINETEXTprofilesetverprofilenamedescriptioncomme
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxOnline
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxProductIDSOFTWARE
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011089005.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3009178992.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005082676.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005978282.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011361149.00000000020BC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999605844.0000000002240000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avsmedia.com/
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999678608.0000000002230000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
    Source: is-2EVDU.tmp.2.drString found in binary or memory: http://www.helixcommunity.org/.(
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000000.2218500711.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp.1.drString found in binary or memory: http://www.innosetup.com/
    Source: is-5M71C.tmp.2.dr, is-Q01KR.tmp.2.dr, is-NA344.tmp.2.dr, is-HMA93.tmp.2.drString found in binary or memory: http://www.realnetworks.com
    Source: is-NA344.tmp.2.drString found in binary or memory: http://www.realnetworks.comKA
    Source: is-Q01KR.tmp.2.drString found in binary or memory: http://www.realnetworks.comP
    Source: is-HMA93.tmp.2.drString found in binary or memory: http://www.realnetworks.comPD0
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2842000326.000000000229C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.regnow.com/softsell/nph-softsell.cgi?item=
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217792404.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217971418.00000000020CC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000000.2218500711.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp.1.drString found in binary or memory: http://www.remobjects.com/?ps
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217792404.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217971418.00000000020CC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000000.2218500711.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp.1.drString found in binary or memory: http://www.remobjects.com/?psU
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.winimage.com/zLibDll
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.winimage.com/zLibDll-1.2.3
    Source: is-C1C5R.tmp.2.drString found in binary or memory: http://www.winimage.com/zLibDll1.2.3rbr
    Source: regsvr32.exeProcess created: 55
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0042ED38 NtdllDefWindowProc_A,2_2_0042ED38
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00423B2C NtdllDefWindowProc_A,2_2_00423B2C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004722D4 NtdllDefWindowProc_A,2_2_004722D4
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00412580 NtdllDefWindowProc_A,2_2_00412580
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,2_2_004551F4
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0042E6CC: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,2_2_0042E6CC
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004092A0
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_00453AF8
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\is-LIQG5.tmpJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\is-40G3H.tmpJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\is-NP6NH.tmpJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\is-6LKRT.tmpJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\Fonts\is-3BRGH.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\48157d.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{7299052b-02a4-4627-81f2-1818da5d550d}Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1752.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1D2F.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943717.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943717.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifestJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943717.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943717.0\ATL80.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943764.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifestJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcr80.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcp80.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcm80.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.manifestJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfcm80.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfc80u.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfc80.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfcm80u.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.manifestJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80CHS.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80CHT.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ESP.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ENU.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80DEU.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80FRA.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ITA.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80JPN.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80KOR.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946952.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946952.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.manifestJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946952.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946952.0\vcomp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946983.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946983.0\8.0.50727.762.policyJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946983.0\8.0.50727.762.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946999.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946999.0\8.0.50727.762.policyJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946999.0\8.0.50727.762.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946999.1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946999.1\8.0.50727.762.policyJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946999.1\8.0.50727.762.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113947014.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113947014.0\8.0.50727.762.policyJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113947014.0\8.0.50727.762.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113947014.1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113947014.1\8.0.50727.762.policyJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113947014.1\8.0.50727.762.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\481580.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\481580.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\481581.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{7299052b-02a4-4627-81f2-1818da5d550d}Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9EA5.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA2AD.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017764.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017764.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifestJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017764.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017764.0\ATL80.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017796.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifestJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcr80.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcp80.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcm80.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.manifestJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfcm80.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfc80u.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfc80.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfcm80u.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.manifestJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80CHS.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80CHT.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ESP.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ENU.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80DEU.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80FRA.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ITA.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80JPN.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80KOR.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018092.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018092.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.manifestJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018092.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018092.0\vcomp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018124.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018124.0\8.0.50727.762.policyJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018124.0\8.0.50727.762.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018124.1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018124.1\8.0.50727.762.policyJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018124.1\8.0.50727.762.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018139.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018139.0\8.0.50727.762.policyJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018139.0\8.0.50727.762.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018155.0Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018155.0\8.0.50727.762.policyJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018155.0\8.0.50727.762.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018155.1Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018155.1\8.0.50727.762.policyJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018155.1\8.0.50727.762.catJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\481584.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\481584.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI1752.tmpJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_004082E81_2_004082E8
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004629942_2_00462994
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0046AC902_2_0046AC90
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004797C12_2_004797C1
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00485FE02_2_00485FE0
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004800E82_2_004800E8
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0044416C2_2_0044416C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004305D02_2_004305D0
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004448642_2_00444864
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004588EC2_2_004588EC
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0046498C2_2_0046498C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00434A2C2_2_00434A2C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00444C702_2_00444C70
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0047F2382_2_0047F238
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0043D44C2_2_0043D44C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0045B6942_2_0045B694
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0042FB742_2_0042FB74
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00443BC42_2_00443BC4
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00433D282_2_00433D28
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 00405964 appears 100 times
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 00406A2C appears 38 times
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 00403400 appears 59 times
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 004454D0 appears 45 times
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 00407894 appears 40 times
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 00433C40 appears 32 times
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 00455970 appears 95 times
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 00451AC0 appears 72 times
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 00403494 appears 83 times
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 00455B70 appears 65 times
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 004457A0 appears 59 times
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 00403684 appears 204 times
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: String function: 00408BAC appears 44 times
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeStatic PE information: invalid certificate
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp.1.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
    Source: is-LSV7U.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
    Source: is-LSV7U.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
    Source: is-LSV7U.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
    Source: is-LSV7U.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    Source: is-LSV7U.tmp.2.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
    Source: is-2JVER.tmp.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: is-5MUBN.tmp.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: is-51JBA.tmp.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: is-SR6KI.tmp.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: is-542QV.tmp.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: is-ST2KB.tmp.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: is-KNH71.tmp.2.drStatic PE information: Number of sections : 15 > 10
    Source: is-LIQG5.tmp.2.drStatic PE information: No import functions for PE file found
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217792404.0000000002380000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217971418.00000000020CC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
    Source: _RegDLL.tmp.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: is-C1C5R.tmp.2.drBinary string: \Device\Video0
    Source: classification engineClassification label: clean8.winEXE@129/974@38/0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004092A0
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_00453AF8
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00454320 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,2_2_00454320
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_00409A04 FindResourceA,SizeofResource,LoadResource,LockResource,1_2_00409A04
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOUJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Users\user\Desktop\AVS Video Editor 4.lnkJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeFile created: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmpJump to behavior
    Source: Yara matchFile source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-C1C5R.tmp, type: DROPPED
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe"
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeProcess created: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp "C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp" /SL5="$203EE,69853475,53248,C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\vcredist.msi"
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 99D16A0121B8E031EBFC9AE17FAE4D01
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exe "C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exe" /Q:A /R:N
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\msxml3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSUniversalVideoConverter.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAVIFile3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDFile3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaFormatSettings3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOverlay.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioOverlay.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVOBFile3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSWMVFile3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFiles.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFile3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFinalizer.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayMenu.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSM2TSFile3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoPlayer.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioDxPlayer4.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaCore3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoDVDMenu3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoXmlDVDMenu.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEGFile3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioCompress4.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransform4.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransformEx4.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSPSCore3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFLVFile3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoFile3.dll"
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSQuickTimeFile3.dll"
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeProcess created: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp "C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp" /SL5="$203EE,69853475,53248,C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe" Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\vcredist.msi"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exe "C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exe" /Q:A /R:NJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\msxml3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSUniversalVideoConverter.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAVIFile3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDFile3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaFormatSettings3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOverlay.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioOverlay.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVOBFile3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSWMVFile3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFiles.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFile3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFinalizer.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayMenu.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSM2TSFile3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoPlayer.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioDxPlayer4.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaCore3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoDVDMenu3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoXmlDVDMenu.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEGFile3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioCompress4.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransform4.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransformEx4.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSPSCore3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFLVFile3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoFile3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSQuickTimeFile3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAVIFile3.dll"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 99D16A0121B8E031EBFC9AE17FAE4D01Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: version.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: shfolder.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: riched20.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: usp10.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: msls31.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: sfc.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: sfc_os.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: dwrite.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: linkinfo.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: ntshrui.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: cscapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: ieframe.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: netapi32.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: wkscli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: mlang.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: policymanager.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpSection loaded: msvcp110_win.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sxs.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: apphelp.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: aclayers.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: mpr.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: sfc.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: sfc_os.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: acgenral.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: uxtheme.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: winmm.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: msacm32.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: version.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: userenv.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: dwmapi.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: urlmon.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: winmmbase.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: winmmbase.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: srvcli.dll
    Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exeSection loaded: netutils.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msxml3.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msvfw32.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: avifil32.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winmm.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msacm32.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winmmbase.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winmmbase.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msvfw32.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winmm.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dsound.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: powrprof.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: powrprof.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winmmbase.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: umpdc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msacm32.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winmmbase.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winmmbase.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
    Source: AVS Video Editor 4.lnk.2.drLNK file: ..\..\..\..\..\..\..\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoEditor.exe
    Source: AVS Video Editor 4.lnk0.2.drLNK file: ..\..\..\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoEditor.exe
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpWindow found: window name: TSelectLanguageFormJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: OK
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: Next >
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: I accept the agreement
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: Next >
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: Next >
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: I accept the agreement
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: Next >
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: I accept the agreement
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: Install
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: I accept the agreement
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: Next >
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: I accept the agreement
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: Next >
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: I accept the agreement
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: Next >
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: I accept the agreement
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: Next >
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: I accept the agreement
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: Next >
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: I accept the agreement
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpAutomated click: Next >
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeStatic file information: File size 70183928 > 1048576
    Source: C:\Windows\System32\msiexec.exeFile opened: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcr80.dllJump to behavior
    Source: Binary string: e:\src\producersdk\plugins\transform\audiolimiter\audiolimiter.pdb source: is-5M71C.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSVRMFile3\ReleaseAVSVRMFile3.pdb source: is-9DSR5.tmp.2.dr
    Source: Binary string: e:\src\producersdk\plugins\sessionformats\rmsessionformat\rmsessionformat.pdb source: is-NA344.tmp.2.dr
    Source: Binary string: e:\src\datatype_rn\rm\audio\codec\tokyo\atrc.pdb source: is-2EVDU.tmp.2.dr
    Source: Binary string: wextract.pdb source: WMFDist11.exe, WMFDist11.exe, 0000000A.00000000.2588513324.0000000001001000.00000020.00000001.01000000.00000008.sdmp, WMFDist11.exe, 0000000A.00000002.2590913445.0000000001001000.00000020.00000001.01000000.00000008.sdmp
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSVideoOut3\AVSVideoOutput3\Release\AVSVideoOutput3.pdb source: is-SN4VG.tmp.2.dr
    Source: Binary string: e:\src\datatype_rn\rm\audio\codec\sipro\sipr.pdb source: is-9S32E.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSBluRayFiles\Release\AVSBluRayFiles.pdb source: is-5J4Q5.tmp.2.dr
    Source: Binary string: atl80.i386.pdbP source: ATL80.dll0.8.dr
    Source: Binary string: e:\src\datatype_rn\rm\video\codec\rv89combo\drvc.pdb source: is-V74MG.tmp.2.dr
    Source: Binary string: h:\nt.obj.x86fre\base\wcp\tools\msmcustomaction\objfre\i386\msmcustomaction.pdb source: is-N0OCN.tmp.2.dr, MSI1752.tmp.8.dr
    Source: Binary string: d:\Subversion\AVS\Sources\AVSVideoStudio3\AVSVideoCompress3\AVSMPEG4Codec\Release\AVSMPEG4Codec.pdb source: is-AOVV2.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSBluRayFiles\Release\AVSBluRayFiles.pdb& source: is-5J4Q5.tmp.2.dr
    Source: Binary string: d:\avs\avs\sources\avsvideostudio3\avsflvfile3\release\AVSFLVFile3.pdb source: is-SHKDG.tmp.2.dr
    Source: Binary string: wextract.pdbU source: WMFDist11.exe, 0000000A.00000000.2588513324.0000000001001000.00000020.00000001.01000000.00000008.sdmp, WMFDist11.exe, 0000000A.00000002.2590913445.0000000001001000.00000020.00000001.01000000.00000008.sdmp
    Source: Binary string: x:\avs\sources\avsvideostudio3\avsbluraymenu\release\AVSBluRayMenu.pdb source: is-Q4MGD.tmp.2.dr
    Source: Binary string: PatchHooks.pdb source: is-N0OCN.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSVideoOverlay\Release\AVSVideoOverlay.pdb source: is-U4579.tmp.2.dr
    Source: Binary string: d:\Work\AVS\Sources\AVSAudioStudio3\version 4\AVSAudioDxPlayer4\Release\AVSAudioDxPlayer4.pdb source: is-QGLJL.tmp.2.dr
    Source: Binary string: d:\Subversion\AVS\Sources\AVSVideoStudio3\AVSStreamsCore\AVSStreamParsers\Release\AVSStreamParsers.pdb 0 source: is-PSSIF.tmp.2.dr
    Source: Binary string: d:\Subversion\AVS\Sources\AVSVideoStudio3\AVSVideoCompress3\AVSMPEGCodecs\Release\AVSMPEGCodecs.pdb source: is-KNH71.tmp.2.dr
    Source: Binary string: d:\Subversion\AVS\Sources\AVSVideoStudio3\AVSStreamsCore\AVSStreamParsers\Release\AVSStreamParsers.pdb source: is-PSSIF.tmp.2.dr
    Source: Binary string: x:\avs\sources\avsvideostudio3\avsvideofile3\release\AVSVideoFile3.pdb source: is-L6CEK.tmp.2.dr
    Source: Binary string: c:\Work_1\activex\AVS\Sources\AVSVideoStudio3\AVSCommercialDetection\Release\AVSCommercialDetection.pdb source: is-QSDE9.tmp.2.dr
    Source: Binary string: d:\work\avs\sources\avsvideostudio3\avsflashbuilder3\release\AVSFlashBuilder3.pdb source: is-71N74.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSAVIFile3\Release\AVSAVIFile3.pdb@ source: is-I4FTA.tmp.2.dr
    Source: Binary string: d:\Subversion\AVS\Sources\AVSVideoStudio3\AVSVideoCompress3\AVSMPEG4Codec\Release\AVSMPEG4Codec.pdb source: is-AOVV2.tmp.2.dr
    Source: Binary string: e:\src\producersdk_rn\plugins\transform\rnaudiocodec\rnaudiocodec.pdb source: is-Q01KR.tmp.2.dr
    Source: Binary string: d:\Work\AVSDiscWriter3\AVSDataWriter3\Release\AVSDataWriter3.pdb source: is-1PS44.tmp.2.dr
    Source: Binary string: MFC80.i386.pdb source: mfc80.dll.8.dr
    Source: Binary string: d:\work\avs\sources\avsvideostudio3\avsflashbuilder3\release\AVSFlashBuilder3.pdb source: is-71N74.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSVideoOut3\AVSVideoOutput3\Release\AVSVideoOutput3.pdb source: is-SN4VG.tmp.2.dr
    Source: Binary string: atl80.i386.pdb source: ATL80.dll0.8.dr
    Source: Binary string: e:\X\AVS\Sources\AVSImageStudio3\AVSImageStudio3\Release\AVSImageStudio3.pdb source: is-7AHQK.tmp.2.dr
    Source: Binary string: d:\avs\avs\sources\avsvideostudio3\avsflvfile3\release\AVSFLVFile3.pdb source: is-SHKDG.tmp.2.dr
    Source: Binary string: MFCM80.i386.pdb source: mfcm80.dll.8.dr
    Source: Binary string: d:\Subversion\AVS\Sources\AVSVideoStudio3\AVSVideoCompress3\AVSMPEGCodecs\Release\AVSMPEGCodecs.pdb P; source: is-KNH71.tmp.2.dr
    Source: Binary string: e:\X\AVS\Sources\AVSImageStudio3\AVSImageStudio3\Release\AVSImageStudio3.pdbx source: is-7AHQK.tmp.2.dr
    Source: Binary string: x:\avs\sources\avsvideostudio3\avsvideofile3\release\AVSVideoFile3.pdb8 source: is-L6CEK.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSVRMFile3\ReleaseAVSVRMFile3.pdb source: is-9DSR5.tmp.2.dr
    Source: Binary string: x:\AVS\Sources\AVSVideoStudio3\AVSAVIFile3\Release\AVSAVIFile3.pdb source: is-I4FTA.tmp.2.dr
    Source: Binary string: e:\src\producersdk\plugins\transform\audiometer\audiometer.pdb source: is-HMA93.tmp.2.dr
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0044AD34 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_0044AD34
    Source: is-UJ6GA.tmp.2.drStatic PE information: section name: .rodata
    Source: is-AOVV2.tmp.2.drStatic PE information: section name: .rodata
    Source: is-KNH71.tmp.2.drStatic PE information: section name: .text.un
    Source: is-KNH71.tmp.2.drStatic PE information: section name: .eh_fram
    Source: is-KNH71.tmp.2.drStatic PE information: section name: .debug_l
    Source: is-KNH71.tmp.2.drStatic PE information: section name: .debug_i
    Source: is-KNH71.tmp.2.drStatic PE information: section name: .debug_a
    Source: is-KNH71.tmp.2.drStatic PE information: section name: .debug_a
    Source: is-KNH71.tmp.2.drStatic PE information: section name: .debug_f
    Source: is-KNH71.tmp.2.drStatic PE information: section name: .debug_l
    Source: is-KNH71.tmp.2.drStatic PE information: section name: .debug_p
    Source: is-KNH71.tmp.2.drStatic PE information: section name: .debug_r
    Source: is-QSDE9.tmp.2.drStatic PE information: section name: .data1
    Source: is-GOFIH.tmp.2.drStatic PE information: section name: .data1
    Source: is-LCN1U.tmp.2.drStatic PE information: section name: .data1
    Source: is-MTU6M.tmp.2.drStatic PE information: section name: .data1
    Source: is-7AHQK.tmp.2.drStatic PE information: section name: .data1
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\msxml3.dll"
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_00406518 push 00406555h; ret 1_2_0040654D
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_004040B5 push eax; ret 1_2_004040F1
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_00404185 push 00404391h; ret 1_2_00404389
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_00404206 push 00404391h; ret 1_2_00404389
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_0040C218 push eax; ret 1_2_0040C219
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_004042E8 push 00404391h; ret 1_2_00404389
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_00404283 push 00404391h; ret 1_2_00404389
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_00408D90 push 00408DC3h; ret 1_2_00408DBB
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_00407FE0 push ecx; mov dword ptr [esp], eax1_2_00407FE5
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004098EC push 00409929h; ret 2_2_00409921
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004062CC push ecx; mov dword ptr [esp], eax2_2_004062CD
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004305D0 push ecx; mov dword ptr [esp], eax2_2_004305D5
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00410678 push ecx; mov dword ptr [esp], edx2_2_0041067D
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004128D0 push 00412933h; ret 2_2_0041292B
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0047C88C push 0047C96Ah; ret 2_2_0047C962
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00450A78 push 00450AABh; ret 2_2_00450AA3
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00442B3C push ecx; mov dword ptr [esp], ecx2_2_00442B40
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0040CFD0 push ecx; mov dword ptr [esp], edx2_2_0040CFD2
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004573DC push 00457420h; ret 2_2_00457418
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0045B38C push ecx; mov dword ptr [esp], eax2_2_0045B391
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0040546D push eax; ret 2_2_004054A9
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0040F530 push ecx; mov dword ptr [esp], edx2_2_0040F532
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0040553D push 00405749h; ret 2_2_00405741
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004715E8 push ecx; mov dword ptr [esp], edx2_2_004715E9
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004055BE push 00405749h; ret 2_2_00405741
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0040563B push 00405749h; ret 2_2_00405741
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004056A0 push 00405749h; ret 2_2_00405741
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00419BD0 push ecx; mov dword ptr [esp], ecx2_2_00419BD5
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00455C0C push 00455C44h; ret 2_2_00455C3C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0047DEE0 push ecx; mov dword ptr [esp], ecx2_2_0047DEE5
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00409FE7 push ds; ret 2_2_00409FE8
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\cook.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-NA344.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\drv2.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2iDevice.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-JRHD4.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ENU.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-04MP6.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-C2T8I.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-SR6KI.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-9FO3B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfcm80u.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-5J4Q5.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rmsessionformat.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\eventpack.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOutput3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEGCodecs.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAVIFile3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80FRA.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946952.0\vcomp.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Users\user\AppData\Local\Temp\is-72V45.tmp\_isetup\_RegDLL.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-S0TK2.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-GQA9I.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageStudio3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcr80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCaptureDV.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfc80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOutFilter3.ax (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017764.0\ATL80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreDW.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaFormatSettings3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-UI9OL.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-C69FV.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-L6RUJ.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-2EVDU.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-GU80M.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-KNH71.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-TVTI6.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\erv4.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcr80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSH264Codec.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoPlayer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-A9RV4.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransformEx4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\mpeg4audiopacketizer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-U4579.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFiles.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCDFS.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BO3QG.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ESP.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-Q4MGD.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImagePaint3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80KOR.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\enlv3260.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-FA4HT.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audiometer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-O5HLB.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rmto3260.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\mfc70.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audiolosslesscodec.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioRecord4.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018092.0\vcomp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfc80u.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Users\user\AppData\Local\Temp\is-72V45.tmp\_isetup\_shfoldr.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeFile created: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-AOVV2.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSNSVFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-JDLCC.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-5M71C.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80CHS.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\drvc.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaCore3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioCompress4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-7AHQK.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\raac.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-0BECM.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDSubpicture.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\erv3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCaptureAVInput.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Registration.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\rmwrtr.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-KND0F.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-1PS44.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-QSDE9.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-IRUQL.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-V74MG.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rmme3260.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-ST2KB.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-SI8BA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSM2TSFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaGrabber4.ax (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcp80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoBurner.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2UMS.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-2B38M.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-SHKDG.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageTransform3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Users\user\AppData\Local\Temp\is-72V45.tmp\_isetup\_setup64.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-P04C1.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\sdpp3260.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSH263Codec.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-LCN1U.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80DEU.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-SME7N.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVRMIFOFiles3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audiolimiter.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMatroskaFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\encsession.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoDxCapture4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayMenu.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-24RH5.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOverlay.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\is-NP6NH.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoRecorder.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-EJ2QC.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-I4FTA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-71N74.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\is-LIQG5.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDDiskExt.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943717.0\ATL80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-GH07P.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-GBEMH.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-GA6GV.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-S28OD.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-P212G.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDSubpictureManager.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-PSSIF.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\videocolorconverter.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSWMVFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\msvcr70.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-UHP7D.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-U6U8R.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2MTP.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2Wire.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rnvideocodec.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEG2Codec.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9EA5.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcm80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-4KV4D.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\smplfsys.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoXmlDVDMenu.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-C754D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ITA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransform4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2Wireless.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoDVDMenu3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-NAP1A.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rmwriter.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-0IL6S.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-MTU6M.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2ActiveSync.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-C1C5R.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audioresampler.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-3281E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfcm80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\mediasink.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSm2vFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoEditor.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\is-40G3H.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-II6K5.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\ralf.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-9DSR5.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80FRA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-5MUBN.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ENU.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-RIIUT.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-2JVER.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-1NFAN.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-73FKL.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-A4S89.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2iConnectService2.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-9S32E.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-I91SS.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-KJE0B.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-KG748.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDAnalyzer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVRMFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OPB46.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\msxml3a.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSSWFFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-V9E4R.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-QG0HG.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80CHS.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-JNAVU.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-GOFIH.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-S087P.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-542QV.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSStreamParsers.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\colorcvt.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-D0UE0.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSTSCore4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-255BA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-POBOT.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-UG8SB.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-SN4VG.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ITA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-840DT.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-A902I.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioDxPlayer4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCaptureWeb.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioOverlay.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-U8FUA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BUAL1.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSOGMFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDataWriter3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\videolumaadj.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-Q01KR.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-7L63O.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\rn5a3260.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ESP.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSTSFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\is-6LKRT.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFlashBuilder3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-G43RQ.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-0J4IG.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfc80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-KUBBJ.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80DEU.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEGFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-LTFSS.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-NDDCH.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioFile4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSMobileUploader.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-ET8TH.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-865D4.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-J571G.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-DTMKQ.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-J7I7G.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-N08K0.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFinalizer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-QJ9CT.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-VD5B6.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAsyncBuffer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-K2JTS.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCDGFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoCompress3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-D6VPP.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfcm80u.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-51JBA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-1R4DU.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVOBFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\basc3260.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-HMA93.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80JPN.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-SFCF3.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-NUAU5.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\atrc.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-RU961.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-L6CEK.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1752.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-9FDVH.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rnaudiocodec.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80CHT.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-K67R6.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-UJ6GA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\sipr.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-R11BQ.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\drv1.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEG4Codec.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMTVFile3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcp80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcm80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFile3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfcm80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSUniversalVideoConverter.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFLVFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-LSV7U.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-EEK67.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\is-RU82L.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audiofmtconverter.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-0PMTL.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\auth3260.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfc80u.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-8SO74.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\unins000.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageView5.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-N2T5G.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSRMFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-F8P78.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\msvcp70.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDPGFile3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80KOR.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BVPB6.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCommercialDetection.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSIFOFiles.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSQuickTimeFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-TMM8G.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSPPTFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rnaudiopacketizer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-VUG13.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\pncrt.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-QGLJL.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-AUQGE.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSYouTubeUploader.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2ToshBT.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-RDO2T.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFLICFile3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80JPN.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSPSCore3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-TFOMD.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageCompose3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80CHT.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\is-40G3H.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\is-LIQG5.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfc80u.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcr80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ENU.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80FRA.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943717.0\ATL80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfcm80u.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ENU.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfcm80u.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\msvcp70.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80KOR.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80JPN.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ESP.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcp80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80KOR.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\msvcr70.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\msxml3a.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80CHS.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80FRA.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113946952.0\vcomp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ESP.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\mfc70.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\is-6LKRT.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9EA5.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcm80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80DEU.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114018092.0\vcomp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfc80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcr80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80DEU.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfc80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1752.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfc80u.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80CHT.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ITA.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017764.0\ATL80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80CHS.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80JPN.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcp80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcm80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ITA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\Windows\SysWOW64\is-NP6NH.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfcm80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfcm80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80CHT.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOUJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\VideoJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Video\AVS Video Editor 4.lnkJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,2_2_00422804
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_00423BB4
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_00423BB4
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0042413C IsIconic,SetActiveWindow,2_2_0042413C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00424184 IsIconic,SetActiveWindow,SetFocus,2_2_00424184
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,2_2_0047C25C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,2_2_0041832C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00417540 IsIconic,GetCapture,2_2_00417540
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00417C76 IsIconic,SetWindowPos,2_2_00417C76
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,2_2_00417C78
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0044AD34 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_0044AD34
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\cook.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-NA344.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\drv2.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2iDevice.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-JRHD4.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ENU.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-04MP6.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-C2T8I.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-SR6KI.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-9FO3B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfcm80u.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-5J4Q5.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rmsessionformat.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\eventpack.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOutput3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEGCodecs.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAVIFile3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80FRA.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113946952.0\vcomp.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-72V45.tmp\_isetup\_RegDLL.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-S0TK2.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-GQA9I.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcr80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageStudio3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCaptureDV.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfc80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017764.0\ATL80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOutFilter3.ax (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreDW.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaFormatSettings3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-UI9OL.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-C69FV.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-L6RUJ.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-2EVDU.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-GU80M.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-KNH71.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\erv4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-TVTI6.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcr80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSH264Codec.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoPlayer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-A9RV4.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\mpeg4audiopacketizer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransformEx4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFiles.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCDFS.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-U4579.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BO3QG.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ESP.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80KOR.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-Q4MGD.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImagePaint3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\enlv3260.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-FA4HT.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audiometer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-O5HLB.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rmto3260.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\mfc70.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audiolosslesscodec.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioRecord4.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114018092.0\vcomp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfc80u.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-72V45.tmp\_isetup\_shfoldr.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSNSVFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-AOVV2.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-JDLCC.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80CHS.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-5M71C.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\drvc.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioCompress4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaCore3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\raac.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-7AHQK.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-0BECM.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDSubpicture.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\erv3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Registration.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCaptureAVInput.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\rmwrtr.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-1PS44.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-KND0F.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-QSDE9.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-V74MG.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-IRUQL.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rmme3260.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-ST2KB.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSM2TSFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-SI8BA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaGrabber4.ax (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcp80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoBurner.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2UMS.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-2B38M.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-SHKDG.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageTransform3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-P04C1.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-72V45.tmp\_isetup\_setup64.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\sdpp3260.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSH263Codec.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-LCN1U.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80DEU.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-SME7N.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVRMIFOFiles3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audiolimiter.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMatroskaFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\encsession.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoDxCapture4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayMenu.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-24RH5.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOverlay.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\is-NP6NH.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoRecorder.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-EJ2QC.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-I4FTA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-71N74.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\is-LIQG5.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDDiskExt.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113943717.0\ATL80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-GH07P.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-GBEMH.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-GA6GV.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-S28OD.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-P212G.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDSubpictureManager.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-PSSIF.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\videocolorconverter.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSWMVFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\msvcr70.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-UHP7D.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-U6U8R.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2MTP.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2Wire.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rnvideocodec.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEG2Codec.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9EA5.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcm80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-4KV4D.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\smplfsys.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoXmlDVDMenu.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-C754D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ITA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransform4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2Wireless.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoDVDMenu3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-NAP1A.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rmwriter.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-0IL6S.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-MTU6M.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2ActiveSync.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-C1C5R.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audioresampler.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-3281E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfcm80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\mediasink.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSm2vFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoEditor.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\is-40G3H.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-II6K5.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\ralf.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80FRA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-9DSR5.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ENU.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-5MUBN.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-RIIUT.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-2JVER.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-1NFAN.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-73FKL.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2iConnectService2.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-A4S89.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-9S32E.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-I91SS.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-KJE0B.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-KG748.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVRMFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDAnalyzer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\msxml3a.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OPB46.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSSWFFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-V9E4R.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-QG0HG.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80CHS.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-JNAVU.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-GOFIH.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-S087P.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-542QV.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSStreamParsers.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\colorcvt.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSTSCore4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-D0UE0.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-255BA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-POBOT.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-UG8SB.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-SN4VG.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ITA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-840DT.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-A902I.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioDxPlayer4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCaptureWeb.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioOverlay.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-U8FUA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BUAL1.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSOGMFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDataWriter3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\videolumaadj.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-Q01KR.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-7L63O.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\rn5a3260.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ESP.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSTSFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\is-6LKRT.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFlashBuilder3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-0J4IG.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-G43RQ.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfc80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-KUBBJ.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80DEU.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEGFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-LTFSS.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioFile4.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSMobileUploader.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-ET8TH.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-865D4.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-J571G.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-DTMKQ.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-J7I7G.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFinalizer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-N08K0.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-QJ9CT.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAsyncBuffer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-VD5B6.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCDGFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-K2JTS.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoCompress3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfcm80u.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-D6VPP.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-51JBA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-1R4DU.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\basc3260.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVOBFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-HMA93.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80JPN.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-SFCF3.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-NUAU5.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\atrc.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-RU961.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-L6CEK.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1752.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-9FDVH.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rnaudiocodec.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80CHT.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-K67R6.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-UJ6GA.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\sipr.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\drv1.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-R11BQ.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEG4Codec.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMTVFile3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcm80.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcp80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFile3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfcm80.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSUniversalVideoConverter.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFLVFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-LSV7U.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-EEK67.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audiofmtconverter.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\is-RU82L.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-0PMTL.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\auth3260.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfc80u.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-8SO74.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\unins000.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageView5.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-N2T5G.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSRMFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-F8P78.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\msvcp70.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDPGFile3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80KOR.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCommercialDetection.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BVPB6.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSIFOFiles.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSQuickTimeFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-TMM8G.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSPPTFile3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rnaudiopacketizer.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-VUG13.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\pncrt.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-QGLJL.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-AUQGE.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSYouTubeUploader.exe (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2ToshBT.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-RDO2T.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFLICFile3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80JPN.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSPSCore3.dll (copy)Jump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-TFOMD.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpDropped PE file which has not been started: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageCompose3.dll (copy)Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80CHT.dllJump to dropped file
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_1-5348
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,2_2_00478B6C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0046F16C FindFirstFileA,FindNextFileA,FindClose,2_2_0046F16C
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004511DC FindFirstFileA,GetLastError,2_2_004511DC
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_2_00490094
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,2_2_00476A70
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_0045F3A4
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_0045F820
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose,2_2_0045DE20
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_00409948 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,1_2_00409948
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile opened: C:\Users\userJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile opened: C:\Users\user\AppData\RoamingJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
    Source: is-9DSR5.tmp.2.drBinary or memory string: .?AVCRegistryVirtualMachine@ATL@@I
    Source: is-SR6KI.tmp.2.drBinary or memory string: TQemuM
    Source: is-5J4Q5.tmp.2.drBinary or memory string: .?AV?$CComAggObject@VCAVSBluRayVirtualMachine@@@ATL@@
    Source: is-5J4Q5.tmp.2.drBinary or memory string: .?AV?$CComContainedObject@VCAVSBluRayVirtualMachine@@@ATL@@
    Source: is-5J4Q5.tmp.2.drBinary or memory string: {8AC41E8B-11CD-43FD-AC57-3D58FD792FDD}BluRayFiles.BluRayTitle.1%FriendlyName%CLSID{773BB807-47F1-4794-B028-6AE570EA345A}BluRayFiles.BluRayTitleCurVerProgIDVersionIndependentProgIDProgrammable%MODULETYPE%%MODULE%ThreadingModelapartmentAppID%APPID%TypeLib%MODULEGUID%CAVSBluRayTitle ObjectBluRayFiles.BluRayIndex.1{D5D1A5E3-BE54-42e1-86B2-87CBE6572225}BluRayFiles.BluRayIndexCAVSBluRayIndexTableFile ObjectBluRayFiles.BluRayMovieStreamEntry.1{6170723C-4D7F-4363-B432-5C832F31DE2A}BluRayFiles.BluRayMovieStreamEntryCAVSBluRayMoviePlayListItemStreamEntry ObjectBluRayFiles.BluRayMovieStreamAttr.1{84BD2F8E-2FE9-4f13-9386-112A095F0C8D}BluRayFiles.BluRayMovieStreamAttrCAVSBluRayMoviePlayListItemStreamAttributes ObjectBluRayFiles.BluRayMovieSTN.1{476A96F5-A4E5-4ca5-9EF3-B5D4C2B9F07E}BluRayFiles.BluRayMovieSTNCAVSBluRayMoviePlayListItemSTN ObjectBluRayFiles.BluRayMoviePlayListUOMask.1{DEBB741A-6346-4261-BEB7-210D07F1CF47}BluRayFiles.BluRayMoviePlayListUOMaskCAVSBluRayMoviePlayListUOMaskTable ObjectBluRayFiles.BluRayMoviePlayListItem.1{7FAB6321-13D8-4a1c-8B42-F33C8D669E7A}BluRayFiles.BluRayMoviePlayListItemCAVSBluRayMoviePlayListItem ObjectBluRayFiles.BluRayMovieSubPlayItem.1{E4F32E23-4E16-4036-9ABF-85CAD962EFE2}BluRayFiles.BluRayMovieSubPlayItemCAVSBluRayMoviePlayListSubPlayItem ObjectBluRayFiles.BluRayPlaySubPath.1{71EFC0FB-918B-4f93-AAF6-C73802D00A38}BluRayFiles.BluRayPlaySubPathCAVSBluRayMoviePlayListSubPath ObjectBluRayFiles.BluRayMoviePlayList.1{AAFB33ED-9602-48d5-B4EF-F06CBB9075BD}BluRayFiles.BluRayMoviePlayListCAVSBluRayMoviePlayList ObjectAVSBluRayFiles.BluRayPlayListMark.1{D66AF183-0411-4380-ABD2-758743DDD5CC}AVSBluRayFiles.BluRayPlayListMarkCAVSBluRayMoviePlayListMark ObjectAVSBluRayFiles.BluRayPlayAppInfo.1{C70F72AA-F3FF-4e21-8F5D-878C53699D5F}AVSBluRayFiles.BluRayPlayAppInfoCAVSBluRayMoviePlayListAppInfo ObjectAVSBluRayFiles.BluRayPlayListFile.1{6E38EF48-194E-401d-AB39-1670A84CE1DC}AVSBluRayFiles.BluRayPlayListFileCAVSBluRayMoviePlayListFile ObjectBluRayFiles.BluRayMovieObject.1{EE259CED-6B29-4937-B28C-1EA4BA148BEE}BluRayFiles.BluRayMovieObjectCAVSBluRayMovieObject ObjectBluRayFiles.BluRayMovieObjectFile.1{DC898B84-B090-4147-AA95-8641296649C0}BluRayFiles.BluRayMovieObjectFileCAVSBluRayMovieObjectFile ObjectBluRayFiles.BluRayClipInfo.1{32FDACA1-FE63-4368-B30D-5BAF09C3C189}BluRayFiles.BluRayClipInfoCAVSBluRayClipInfo ObjectBluRayFiles.BluRayClipSequenceInfo.1{016BB1D2-870D-41fa-BA51-DBF6F9B2B8EC}BluRayFiles.BluRayClipSequenceInfoCAVSBluRayClipSequenceInfo ObjectBluRayFiles.BluRayProgSeqStreamCod.1{4763DC08-715A-47e6-A56E-940B9C6989F0}BluRayFiles.BluRayProgSeqStreamCodCBluRayClipProgramSequencesStreamCodingInfo ObjectBluRayFiles.BluRayClipProgramInfo.1{0AE128F5-DDE6-4a77-823E-C7C1405455B5}BluRayFiles.BluRayClipProgramInfoCAVSBluRayClipProgramInfo ObjectBluRayFiles.BluRayClipCPIInfo.1{6341E62F-1377-41e5-8962-45E7BDD99F57}BluRayFiles.BluRayClipCPIInfoCAVSBluRayClipCPIInfo ObjectBluRayFiles.BluRayClipMark.1{5F8E3D60-2691-432b-9E21-E56922DECA58}BluRayFiles.
    Source: is-JNAVU.tmp.2.dr, is-U4579.tmp.2.dr, is-I4FTA.tmp.2.dr, is-SN4VG.tmp.2.dr, is-9DSR5.tmp.2.dr, is-5J4Q5.tmp.2.dr, is-SHKDG.tmp.2.dr, is-Q4MGD.tmp.2.dr, is-L6CEK.tmp.2.dr, is-24RH5.tmp.2.dr, is-7AHQK.tmp.2.dr, is-R11BQ.tmp.2.dr, is-PSSIF.tmp.2.drBinary or memory string: .?AVCRegistryVirtualMachine@ATL@@
    Source: is-JNAVU.tmp.2.drBinary or memory string: .?AVCRegistryVirtualMachine@ATL@@
    Source: is-5J4Q5.tmp.2.drBinary or memory string: BluRayFiles.BluRayVirtualMachine.1
    Source: is-5J4Q5.tmp.2.drBinary or memory string: BluRayFiles.BluRayVirtualMachine
    Source: is-5J4Q5.tmp.2.drBinary or memory string: .?AV?$CComObject@VCAVSBluRayVirtualMachine@@@ATL@@
    Source: is-5J4Q5.tmp.2.drBinary or memory string: .?AVCAVSBluRayVirtualMachine@@
    Source: is-5J4Q5.tmp.2.drBinary or memory string: .?AUIAVSBluRayVirtualMachine@@
    Source: is-5J4Q5.tmp.2.drBinary or memory string: 8:AIAVSBluRayVirtualMachine\
    Source: is-SHKDG.tmp.2.drBinary or memory string: .?AVCRegistryVirtualMachine@ATL@@d
    Source: is-KNH71.tmp.2.drBinary or memory string: xvmcidct
    Source: is-U4579.tmp.2.drBinary or memory string: .?AVCRegistryVirtualMachine@ATL@@\?
    Source: is-24RH5.tmp.2.drBinary or memory string: .?AVCRegistryVirtualMachine@ATL@@=
    Source: is-5J4Q5.tmp.2.drBinary or memory string: CAVSBluRayVirtualMachine Object
    Source: is-5J4Q5.tmp.2.drBinary or memory string: .?AV?$CComCoClass@VCAVSBluRayVirtualMachine@@$1?_GUID_6a66754d_79ad_4a16_b99a_9646f39741e8@@3U__s_GUID@@B@ATL@@
    Source: is-KNH71.tmp.2.drBinary or memory string: yuv420pyuyv422rgb24bgr24yuv422pyuv444prgb32yuv410pyuv411prgb565rgb555graymonowmonobpal8yuvj420pyuvj422pyuvj444pxvmcmcxvmcidctuyvy422uyyvyy411bgr32bgr565bgr555bgr8bgr4bgr4_bytergb8rgb4rgb4_bytenv12rgb32_1bgr32_1gray16begray16leyuv440pyuvj440pyuva420pvdpau_h264
    Source: is-PSSIF.tmp.2.drBinary or memory string: .?AVCRegistryVirtualMachine@ATL@@0
    Source: is-5J4Q5.tmp.2.drBinary or memory string: CAVSBluRayVirtualMachine\
    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0044AD34 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_0044AD34
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00471D70 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,2_2_00471D70
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\vcredist.msi"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exe "C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exe" /Q:A /R:NJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_0045A0E8 GetVersion,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,AllocateAndInitializeSid,GetLastError,LocalFree,2_2_0045A0E8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: GetLocaleInfoA,1_2_0040515C
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: GetLocaleInfoA,1_2_004051A8
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: GetLocaleInfoA,2_2_00408508
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: GetLocaleInfoA,2_2_00408554
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_004566B8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,2_2_004566B8
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_004026C4 GetSystemTime,1_2_004026C4
    Source: C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmpCode function: 2_2_00453AB0 GetUserNameA,2_2_00453AB0
    Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exeCode function: 1_2_00405C44 GetVersionExA,1_2_00405C44

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Replication Through Removable Media    		2
    Native API    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		1
    Deobfuscate/Decode Files or Information    		OS Credential Dumping1
    System Time Discovery    		Remote Services1
    Archive Collected Data    		1
    Encrypted Channel    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    Registry Run Keys / Startup Folder    		1
    DLL Side-Loading    		2
    Obfuscated Files or Information    		LSASS Memory11
    Peripheral Device Discovery    		Remote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Access Token Manipulation    		1
    Software Packing    		Security Account Manager1
    Account Discovery    		SMB/Windows Admin SharesData from Network Shared Drive1
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook12
    Process Injection    		1
    DLL Side-Loading    		NTDS3
    File and Directory Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
    Registry Run Keys / Startup Folder    		1
    File Deletion    		LSA Secrets26
    System Information Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
    Masquerading    		Cached Domain Credentials1
    Security Software Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Access Token Manipulation    		DCSync1
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
    Process Injection    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    Regsvr32    		/etc/passwd and /etc/shadow3
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447255 Sample: SecuriteInfo.com.Adware.Ins... Startdate: 24/05/2024 Architecture: WINDOWS Score: 8 43 www.google.com 2->43 45 www.clarity.ms 2->45 47 16 other IPs or domains 2->47 7 SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe 2 2->7         started        10 msiexec.exe 284 146 2->10         started        process3 file4 25 SecuriteInfo.com.A....768.7677.16658.tmp, PE32 7->25 dropped 12 SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp 119 602 7->12         started        27 C:\Windows\WinSxS\InstallTemp\...\vcomp.dll, PE32 10->27 dropped 29 C:\Windows\WinSxS\...\mfc80KOR.dll, PE32 10->29 dropped 31 C:\Windows\WinSxS\...\mfc80JPN.dll, PE32 10->31 dropped 33 36 other files (none is malicious) 10->33 dropped 15 msiexec.exe 10->15         started        process5 file6 35 C:\Windows\SysWOW64\msxml3a.dll (copy), PE32 12->35 dropped 37 C:\Windows\SysWOW64\msvcr70.dll (copy), PE32 12->37 dropped 39 C:\Windows\SysWOW64\msvcp70.dll (copy), PE32 12->39 dropped 41 264 other files (none is malicious) 12->41 dropped 17 msiexec.exe 1 12->17         started        19 WMFDist11.exe 12->19         started        21 regsvr32.exe 12->21         started        23 26 other processes 12->23 process7

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe5%ReversingLabs

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSMobileUploader.exe (copy)2%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoBurner.exe (copy)2%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoEditor.exe (copy)2%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoRecorder.exe (copy)2%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSYouTubeUploader.exe (copy)4%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Registration.exe (copy)3%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exe (copy)0%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-51JBA.tmp3%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-542QV.tmp4%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-5MUBN.tmp2%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-C1C5R.tmp2%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-LSV7U.tmp0%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-NDDCH.tmp0%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-SR6KI.tmp2%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-ST2KB.tmp2%ReversingLabs
    C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\unins000.exe (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAVIFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAsyncBuffer.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioCompress4.dll (copy)2%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioDxPlayer4.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioFile4.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioOverlay.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioRecord4.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransform4.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransformEx4.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFiles.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFinalizer.dll (copy)2%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayMenu.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCDGFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCommercialDetection.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCDFS.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCaptureAVInput.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCaptureDV.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCaptureWeb.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreDW.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDPGFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDAnalyzer.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDDiskExt.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDSubpicture.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDSubpictureManager.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDataWriter3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFLICFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFLVFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFlashBuilder3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSH263Codec.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSH264Codec.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSIFOFiles.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageCompose3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImagePaint3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageStudio3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageTransform3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageView5.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSM2TSFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEG2Codec.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEG4Codec.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEGCodecs.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEGFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMTVFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMatroskaFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaCore3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaFormatSettings3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaGrabber4.ax (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2ActiveSync.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2MTP.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2ToshBT.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2UMS.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2Wire.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2Wireless.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2iConnectService2.exe (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2iDevice.dll (copy)2%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSNSVFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSOGMFile3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSPPTFile3.dll (copy)2%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSPSCore3.dll (copy)0%ReversingLabs
    C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSQuickTimeFile3.dll (copy)0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://www.avsdop.com/avswebservice/service.asmx$basepath$NodeNamePenPropertiesBrushPropertiesTextPr0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Audio-Grabber.aspx0%Avira URL Cloudsafe
    http://ispp.sourceforge.net/L0%Avira URL Cloudsafe
    http://www.avs4you.com0%Avira URL Cloudsafe
    http://www.regnow.com/softsell/nph-softsell.cgi?item=0%Avira URL Cloudsafe
    http://www.winimage.com/zLibDll1.2.3rbr0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx.dl0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Registerch0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-System-Info.aspx0%Avira URL Cloudsafe
    http://www.innosetup.com/0%URL Reputationsafe
    http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Registerhttp://www.avs4you.com0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterR0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Archiver.aspx0%Avira URL Cloudsafe
    http://ispp.sourceforge.net/Acerca0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-TV-Box.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSVideoConverter6.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSAudioGrabber.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSMediaPlayer.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/index.aspx?ProgID=4&Type=App&URL=Mainn0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register&0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterC:0%Avira URL Cloudsafe
    http://www.avsmedia.com/0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterlnL0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSDiscCreator.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSFirewall.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSVideoEditor.exeJ0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register30%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register0%Avira URL Cloudsafe
    http://www.avs4you.com/support.aspx?ProgID=4&Type=App&URL=Support0%Avira URL Cloudsafe
    http://ispp.sourceforge.net/A0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Media-Player.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSVideoRemaker.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSTVBox.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Video-Editor4.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-DVD-Player.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Audio-Recorder.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com20%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterrbM0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register~0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSSystemCleaner.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSVideotoGo.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Image-Converter.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSDVDCopy.exe0%Avira URL Cloudsafe
    http://www.avsdop.com/avswebservice/service.asmx0%Avira URL Cloudsafe
    http://www.winimage.com/zLibDll-1.2.30%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Photo-Editor.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/Encrypted-DVD.aspx?ProgID=4&Type=App&URL=EncryptedDVD0%Avira URL Cloudsafe
    http://www.avs4you.com/Encrypted-DVD.asp80%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Audio-Mix.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Cover-Editor.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?utm_source=4&utm_medium=Register&utm_content=Register0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Registere0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Audio-Converter.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Audio-Editor.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Registerg0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Firewall.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-System-Cleaner.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Video-to-Flash.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Slideshow-Maker.aspx0%Avira URL Cloudsafe
    http://ispp.sourceforge.net/0%Avira URL Cloudsafe
    http://www.avs4you.com/Downloads/AVSVideoEditor.exeHc&0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSVideoEditor.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register$H0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Mobile-Uploader.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSAudioEditor.exeJ0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSDVDPlayer.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSPhotoEditor.exe0%Avira URL Cloudsafe
    http://www.realnetworks.com0%Avira URL Cloudsafe
    http://www.avs4you.com/Encrypted-DVD.aspx?ProgID=4&Type=App&URL=EncryptedDVDhtt0%Avira URL Cloudsafe
    http://www.avs4you.com40%Avira URL Cloudsafe
    http://www.realnetworks.comPD00%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSRingtoneMaker.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/index.aspx0%Avira URL Cloudsafe
    http://ispp.sourceforge.net/Informazioni0%Avira URL Cloudsafe
    http://www.avs4you.comn0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSRegistryCleaner.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/index.aspxhttp://www.avs4you.com/support.aspxhttp://www.avs4you.com/Encrypted0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Video-to-GO.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSAudioEditor.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-YouTube-Uploader.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSCoverEditor.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSYouTubeUploader.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Video-Converter6.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-DVD-Copy.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Registerpg0%Avira URL Cloudsafe
    http://www.avs4you.com/index.aspx?ProgID=4&Type=App&URL=Main0%Avira URL Cloudsafe
    http://www.avs4you.com/Encrypted-DVD.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/AVS-Video-Editor.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSAudioConverter.exe0%Avira URL Cloudsafe
    http://www.avs4you.com/support.aspx$H0%Avira URL Cloudsafe
    http://www.avs4you.com/support.aspx0%Avira URL Cloudsafe
    http://www.avs4you.com/downloads/AVSAudioMix.exe0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    dev.visualwebsiteoptimizer.com
    		34.96.102.137
    		truefalse
      		unknown
      sab84n7.x.incapdns.net
      		45.60.14.94
      		truefalse
        		unknown
        www.google.com
        		142.250.186.100
        		truefalse
          		unknown
          analytics.google.com
          		142.250.184.206
          		truefalse
            		unknown
            td.doubleclick.net
            		172.217.18.2
            		truefalse
              		unknown
              mdig4.x.incapdns.net
              		45.60.14.94
              		truefalse
                		unknown
                part-0039.t-0009.fb-t-msedge.net
                		13.107.226.67
                		truefalse
                  		unknown
                  www.avs4you.com
                  		18.244.140.33
                  		truefalse
                    		unknown
                    stats.g.doubleclick.net
                    		64.233.166.155
                    		truefalse
                      		unknown
                      secure.avangate.com
                      		unknown
                      		unknownfalse
                        		unknown
                        s.clarity.ms
                        		unknown
                        		unknownfalse
                          		unknown
                          www.clarity.ms
                          		unknown
                          		unknownfalse
                            		unknown
                            secure.2checkout.com
                            		unknown
                            		unknownfalse
                              		unknown
                              c.clarity.ms
                              		unknown
                              		unknownfalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://www.avs4you.com/register.aspx?ProgID=4&Type=Install&URL=Registerfalse
                                  		unknown
                                  https://td.doubleclick.net/td/ga/rul?tid=G-FEYVLL88YK&gacid=1262409697.1716565239&gtm=45je45m0v9123194436za200&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=305302535false
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://ispp.sourceforge.net/LSecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011879919.00000000020C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.comSecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011817092.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997726645.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2996759610.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997799783.0000000002288000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000005060.000000000228C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999903853.0000000002224000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avsdop.com/avswebservice/service.asmx$basepath$NodeNamePenPropertiesBrushPropertiesTextPris-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.winimage.com/zLibDll1.2.3rbris-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx.dlSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997726645.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2996759610.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997799783.0000000002288000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000005060.000000000228C000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Audio-Grabber.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterchSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.regnow.com/softsell/nph-softsell.cgi?item=SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2842000326.000000000229C000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Typesis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-System-Info.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Archiver.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspxSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2842000326.000000000229C000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ispp.sourceforge.net/AcercaSecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011089005.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3009178992.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005082676.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005978282.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011361149.00000000020BC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999605844.0000000002240000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Registerhttp://www.avs4you.comSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000605898.00000000005EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSMediaPlayer.exeis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSVideoConverter6.exeis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterRSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSAudioGrabber.exeis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-TV-Box.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/index.aspx?ProgID=4&Type=App&URL=MainnSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000086971.00000000022B4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register&SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000140005.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997958925.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000702632.000000000066E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterlnLSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSVideoEditor.exeJSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avsmedia.com/SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011089005.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3009178992.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005082676.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005978282.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011361149.00000000020BC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999605844.0000000002240000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSFirewall.exeis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register3SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000140005.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997958925.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000702632.000000000066E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSDiscCreator.exeis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterC:SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3001735666.00000000049C0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3003014204.0000000005BE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000702632.000000000066E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/support.aspx?ProgID=4&Type=App&URL=SupportSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ispp.sourceforge.net/ASecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011089005.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3009178992.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005082676.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005978282.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999637917.0000000002238000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Media-Player.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Video-Editor4.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011089005.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3009178992.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005082676.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005978282.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011361149.00000000020BC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999605844.0000000002240000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.innosetup.com/SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000000.2218500711.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSVideoRemaker.exeis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com2SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011817092.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999903853.0000000002224000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-DVD-Player.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSTVBox.exeis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Audio-Recorder.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterrbMSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register~SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000140005.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997958925.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000702632.000000000066E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSSystemCleaner.exeis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSVideotoGo.exeis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Image-Converter.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Photo-Editor.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSDVDCopy.exeis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avsdop.com/avswebservice/service.asmxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.winimage.com/zLibDll-1.2.3is-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Encrypted-DVD.aspx?ProgID=4&Type=App&URL=EncryptedDVDSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000086971.00000000022B4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?utm_source=4&utm_medium=Register&utm_content=RegisterSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Encrypted-DVD.asp8SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997927353.0000000002284000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Audio-Mix.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Cover-Editor.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegistereSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Audio-Converter.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Audio-Editor.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-System-Cleaner.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegistergSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Slideshow-Maker.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Firewall.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Video-to-Flash.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ispp.sourceforge.net/SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011089005.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011523167.00000000020C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3009178992.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005082676.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011683939.00000000020C4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005978282.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011817092.00000000020A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011361149.00000000020BC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997726645.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2996759610.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997799783.0000000002288000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999577912.0000000002244000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000005060.000000000228C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999903853.0000000002224000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999549879.000000000224C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999605844.0000000002240000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/AVS-Mobile-Uploader.aspxis-C1C5R.tmp.2.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Downloads/AVSVideoEditor.exeHc&SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998380848.0000000002260000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999930759.0000000002264000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSVideoEditor.exeSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/downloads/AVSAudioEditor.exeJSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=Register$HSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997726645.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2996759610.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997799783.0000000002288000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000005060.000000000228C000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.avs4you.com/Downloads/AVSVideoEditor.exeSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://www.avs4you.com/downloads/AVSDVDPlayer.exeis-C1C5R.tmp.2.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.avs4you.com/downloads/AVSPhotoEditor.exeis-C1C5R.tmp.2.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.realnetworks.comis-5M71C.tmp.2.dr, is-Q01KR.tmp.2.dr, is-NA344.tmp.2.dr, is-HMA93.tmp.2.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.avs4you.com/Encrypted-DVD.aspx?ProgID=4&Type=App&URL=EncryptedDVDhttSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000086971.00000000022B4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterrSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000140005.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997958925.000000000066B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000702632.000000000066E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://www.avs4you.com4is-9DSR5.tmp.2.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.avs4you.com/register.aspx?progid=4&type=install&url=registerSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://www.realnetworks.comPD0is-HMA93.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/downloads/AVSRingtoneMaker.exeis-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/index.aspxSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2842000326.000000000229C000.00000004.00001000.00020000.00000000.sdmp, is-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/downloads/AVSRegistryCleaner.exeis-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://ispp.sourceforge.net/InformazioniSecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011089005.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011523167.00000000020C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3009178992.00000000020B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005082676.00000000020A8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3005978282.00000000020AC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217287634.0000000002094000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.2217208437.0000000002380000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe, 00000001.00000003.3011361149.00000000020BC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997822394.0000000002220000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997757438.000000000221C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219696314.0000000002218000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2999577912.0000000002244000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.comnSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997726645.000000000227C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2996759610.0000000002268000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997799783.0000000002288000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000005060.000000000228C000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/AVS-Video-to-GO.aspxis-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/index.aspxhttp://www.avs4you.com/support.aspxhttp://www.avs4you.com/Encryptedis-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/AVS-YouTube-Uploader.aspxis-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/downloads/AVSAudioEditor.exeSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmp, is-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/downloads/AVSCoverEditor.exeis-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/downloads/AVSYouTubeUploader.exeis-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/index.aspx?ProgID=4&Type=App&URL=MainSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000086971.00000000022B4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/AVS-DVD-Copy.aspxis-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/AVS-Video-Converter6.aspxis-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/Register.aspx?ProgID=4&Type=Install&URL=RegisterpgSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2998094868.000000000069F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000002.3000727889.000000000069F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/Encrypted-DVD.aspxSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2842000326.000000000229C000.00000004.00001000.00020000.00000000.sdmp, is-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/AVS-Video-Editor.aspxSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2219624572.0000000003110000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/downloads/AVSAudioConverter.exeis-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/support.aspx$HSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.3000086971.00000000022B4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2997470650.00000000022A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/downloads/AVSAudioMix.exeis-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.avs4you.com/support.aspxSecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp, 00000002.00000003.2842000326.000000000229C000.00000004.00001000.00020000.00000000.sdmp, is-C1C5R.tmp.2.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown

                                          World Map of Contacted IPs

                                          No contacted IP infos

                                          General Information

                                          Joe Sandbox version:40.0.0 Tourmaline
                                          Analysis ID:1447255
                                          Start date and time:2024-05-24 17:38:11 +02:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 10m 43s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:40
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe
                                          Detection:CLEAN
                                          Classification:clean8.winEXE@129/974@38/0
                                          EGA Information:
                                          • Successful, ratio: 9.5%
                                          HCA Information:
                                          • Successful, ratio: 94%
                                          • Number of executed functions: 165
                                          • Number of non-executed functions: 146
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                          • Excluded IPs from analysis (whitelisted): 2.19.244.127, 142.250.185.163, 142.250.186.46, 142.250.110.84, 34.104.35.123, 142.250.186.42, 142.250.185.99, 172.217.16.200, 204.79.197.237, 13.107.21.237, 216.58.212.142, 23.96.124.68, 142.250.185.238, 68.219.88.97
                                          • Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, bat-bing-com.dual-a-0034.a-msedge.net, slscr.update.microsoft.com, c-msn-com-nsatc.trafficmanager.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, ocsp.digicert.com, www.googletagmanager.com, e16604.g.akamaiedge.net, bat.bing.com, azurefd-t-prod.trafficmanager.net, prod.fs.microsoft.com.akadns.net, clarity-ingest-eus-c-sc.eastus.cloudapp.azure.com, www.google-analytics.com, client.wns.windows.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, c-bing-com.dual-a-0034.a-msedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, c.bing.com, dual-a-0034.a-msedge.net, clients.l.google.com
                                          • Execution Graph export aborted for target WMFDist11.exe, PID 6040 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 1444 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 1948 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 2940 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 3004 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 3908 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 4440 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 5020 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 5056 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 5608 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 5832 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 5944 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 5976 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 640 because there are no executed function
                                          • Execution Graph export aborted for target regsvr32.exe, PID 6740 because there are no executed function
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                          • Report size getting too big, too many NtCreateKey calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                          • VT rate limit hit for: SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe

                                          Simulations

                                          Behavior and APIs

                                          No simulations

                                          Joe Sandbox View / Context

                                          IPs

                                          No context

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          analytics.google.comhttps://shop.ketochow.xyz/Get hashmaliciousUnknownBrowse
                                          • 216.58.206.46
                                          http://little-hat-6768.authe.workers.dev/assets/js/Get hashmaliciousUnknownBrowse
                                          • 172.217.23.110
                                          https://t.co/PmbTTSQ6z4Get hashmaliciousUnknownBrowse
                                          • 142.250.185.174
                                          sab84n7.x.incapdns.nethttps://secure.2checkout.com/affiliate.php?ACCOUNT=LANTECHS&AFFILIATE=120043&PATH=https%3A%2F%2Fiw2zxo.codesandbox.io/?x.o=Y2xpZmYuY2FsaG91bkBzd2dhcy5jb20=Get hashmaliciousUnknownBrowse
                                          • 45.60.14.94
                                          www.google.comhttp://twomancake.comGet hashmaliciousUnknownBrowse
                                          • 216.58.206.68
                                          https://proviaproducts-my.sharepoint.com/:b:/g/personal/bob_rossi_provia_com/EadoUKaCx_pLpRRZlPhQBbkBX2-aayjJ2XxHM4MjJFfXkA?e=7rg6fPGet hashmaliciousUnknownBrowse
                                          • 142.250.69.196
                                          http://003999.ccGet hashmaliciousUnknownBrowse
                                          • 142.250.185.132
                                          Invoice for 23-05-24 halboutevents.com-infected.htmlGet hashmaliciousHTMLPhisherBrowse
                                          • 216.58.206.68
                                          Quarantined Messages(1).zipGet hashmaliciousHTMLPhisherBrowse
                                          • 142.250.186.68
                                          https://moeteduvn-my.sharepoint.com/:w:/g/personal/nguyenhahuy_c1lvt_cs_gli_moet_edu_vn/Eb-PuOtdulxDkYlCZ4Orx5ABV5FknA5lnxLyyA6cwoboLQ?e=4%3aO0T4BT&at=9Get hashmaliciousHTMLPhisherBrowse
                                          • 216.58.206.68
                                          http://transfers.invoicenotices.com/s7tajdezj0ercqjzx20bd/1c6914/0b4c5963-d447-4bd0-b4e1-aa7a1bc55298Get hashmaliciousUnknownBrowse
                                          • 142.250.184.228
                                          https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-96811D97D405&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-2264-447f-bc39-96811D97D4c0&cs=825ad42b-2c78-40c6-8587-3b0541fc1564&cm_type=link&cm_link=0da11854-d710-40c4-8250-bcd92bcc7ee9&cm_destination=//neoparts%E3%80%82com.br/dayo/nayn/d3BvcHJhd2FAZXhldGVyZmluYW5jZS5jb20=$Get hashmaliciousFake Captcha, HTMLPhisherBrowse
                                          • 216.58.206.36
                                          https://docusign.cloud-drive.services/l/a5a5d8dbdc5a94b7e8b576d2f3acaa79eGet hashmaliciousUnknownBrowse
                                          • 142.250.185.132
                                          https://odisia-broker06.sunnystamp.com/odisia-broker/web/sign?tenantId=401&stepToken=56ec14b036496480e516fd5d9e5c4d0eGet hashmaliciousUnknownBrowse
                                          • 216.58.206.36
                                          dev.visualwebsiteoptimizer.comhttps://t.co/PmbTTSQ6z4Get hashmaliciousUnknownBrowse
                                          • 34.96.102.137
                                          http://danaa-gratis.000webhostapp.com/Get hashmaliciousUnknownBrowse
                                          • 34.96.102.137
                                          http://sallywilliamson.comGet hashmaliciousUnknownBrowse
                                          • 34.96.102.137
                                          http://sallywilliamson.com/Get hashmaliciousUnknownBrowse
                                          • 34.96.102.137
                                          https://br4mv5xs.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.highradius.com%2Ffinsider%2Famazon-vs-walmart-financial-analysis%2F%3Futm_source=email%26utm_medium=enmasse/1/02000000hs857ihm-grvaaqid-fdis-u2t7-f4hc-pcer9c79lbg0-000000/eXXFj06oKOZBJ3Phsao6m9622SE=374Get hashmaliciousUnknownBrowse
                                          • 34.96.102.137
                                          https://sacasqr3r3wesdgdzx.blob.core.windows.net/cdaswqrs242asdsasa/mhdihjhjudiuas.htmlGet hashmaliciousPhisherBrowse
                                          • 34.96.102.137
                                          https://93g0p.r.sp1-brevo.net/mk/cl/f/sh/SMK1E8tHeG13DkUeAL3zkg3QpNJN/uoxq9ieT09KeGet hashmaliciousUnknownBrowse
                                          • 34.96.102.137
                                          https://docomo3903-tatad0c0movsnl3932.000webhostapp.comGet hashmaliciousUnknownBrowse
                                          • 34.96.102.137
                                          https://subscription-management.paddle.com/subscription/23736269/hash/48f17787dd06251c79832319a0cd81181e25b6488ec57eb96bdbfa63d118f311/manage-subscriptionGet hashmaliciousUnknownBrowse
                                          • 34.96.102.137
                                          https://www.qwikxf.cn/Get hashmaliciousUnknownBrowse
                                          • 34.96.102.137

                                          ASNs

                                          No context

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Config.Msi\48157f.rbs

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):51173
                                          Entropy (8bit):5.713735910681134
                                          Encrypted:false
                                          SSDEEP:384:fjFjy/+BGhwcFSrbez01T6OoNEcaNF0e6epRja92l+2itMrteBzTBFgFiX/uR509:fRj0uGhhSLcaNF09wRja92l+2iAAu9C
                                          MD5:C03B64A498EEFADA7CF34C76986D1179
                                          SHA1:40C3EA7C44B19E3A0EE89E7E2ED542A038898DB6
                                          SHA-256:CD8CF4D28B8D64ACFB36B5011FE31ED0BD775FB7EDFFBE242C73E051AC3FA21E
                                          SHA-512:9B18FDCADC75FD680E2D7CACEDCEEA0D6DE87C396BE198386AF448618680D3F35B3FECBCDF90123C1DC9310ECF66BBD946A28173A2FA19BA38C5624C4ED714C0
                                          Malicious:false
                                          Preview:...@IXOS.@.....@.\.X.@.....@.....@.....@.....@.....@......&.{7299052b-02a4-4627-81f2-1818da5d550d}).Microsoft Visual C++ 2005 Redistributable..vcredist.msi.@.....@.....@.....@........&.{675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}.....@.....@.....@.....@.......@.....@.....@.......@....).Microsoft Visual C++ 2005 Redistributable......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{A49F249F-0C91-497F-86DF-B2585E8E76B7}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{EC50BE77-3064-11D5-A54A-0090278A1BB8}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{946F6004-4E08-BCAB-E01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{9B2CAF3C-B0AB-11EC-B01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{9B2CAF3C-B0AB-11EC-C01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.

                                          C:\Config.Msi\481583.rbs

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:modified
                                          Size (bytes):51189
                                          Entropy (8bit):5.714770280565399
                                          Encrypted:false
                                          SSDEEP:384:HjFjy/+BGhwcFSrbez01T6OoNEcaNF0e6epRja92l+2uSgrSelzTBFgFiX/uR5bS:HRj0uGhhSLcaNF09wRja92l+2uTbuEp
                                          MD5:238C1A259F3B3F38C3AD5C50968B0195
                                          SHA1:A42E7E7A03C3F12CFE1405453044996717085B0E
                                          SHA-256:421E73683EDCEC7B8C385060FAE66AFBC5AE8C1EBDF846869F9A81C0AD03D4CC
                                          SHA-512:6145662E862718B3980DAA63A039C6ADB408E7DD1F38872576AC68FB3924CC5BDEAF486E8F1E797093E9903FCC847195D33249E6E26BEB0B7EEB4D8415126D4D
                                          Malicious:false
                                          Preview:...@IXOS.@.....@.].X.@.....@.....@.....@.....@.....@......&.{7299052b-02a4-4627-81f2-1818da5d550d}).Microsoft Visual C++ 2005 Redistributable..vcredist.msi.@.....@.....@.....@........&.{675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}.....@.....@.....@.....@.......@.....@.....@.......@....).Microsoft Visual C++ 2005 Redistributable......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{A49F249F-0C91-497F-86DF-B2585E8E76B7}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{EC50BE77-3064-11D5-A54A-0090278A1BB8}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{946F6004-4E08-BCAB-E01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{9B2CAF3C-B0AB-11EC-B01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{9B2CAF3C-B0AB-11EC-C01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSMobileUploader.exe (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):1517672
                                          Entropy (8bit):7.990678497173329
                                          Encrypted:true
                                          SSDEEP:24576:t2U8aERn5ltB8nk2woXyoO1KRQ6fE9hwlvH+Bm/cUq3AXTib894ay8nMTfMNw4rl:t2eER5rqk2woXyQZ89hw/9q3AMKzy8n5
                                          MD5:E74F0209BEF9B4084130E65247C83D0C
                                          SHA1:2CD5A2DCF721AEC0CE700C2B03D55D398EF3AD40
                                          SHA-256:B7C14D86D4F5C92AC7BB633E2D9D189FF3E9DAE1E3254242698E970FDFA418C1
                                          SHA-512:4BB9115960FCA748C85B1BE46B83D39048AB35E16A33BAA302468DE45847D1C33599A97A84945A946E07B40CEC79483523E0AE236D7E9E9E67DC0148AF0A4FAB
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 2%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................D......X.............@..........................@......~............@..............................P........*.......... ...H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....*.......*..................@..P.............@......................@..P........................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoBurner.exe (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):1731200
                                          Entropy (8bit):7.992700214943045
                                          Encrypted:true
                                          SSDEEP:49152:p25YR09hQ/P9NCVWfZ6dGFSQIiZ7rwnBa4:8guQ3KewiZy
                                          MD5:42D366866717B02C432B3252561E8890
                                          SHA1:66F605A3D5A6C9801E4D11FBE57533CE852F9C01
                                          SHA-256:0DABC2E96274256246C8E2B25CC6DB16FF3D0DD38CDD6BCCFA02879EA1C720C3
                                          SHA-512:CDE5886985051631A1FEAAB3E1D22478468E7DB720ED67133CE5570674CD00EE229C6BF4A7DD31CA92FC7998B255C346CDBC9A72849D81BBCD22012B9420E629
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 2%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................D......X.............@..........................@...................@..............................P........*..........8^..H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....*.......*..................@..P.............@......................@..P........................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoEditor.exe (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):16406088
                                          Entropy (8bit):5.881318712888396
                                          Encrypted:false
                                          SSDEEP:196608:yfMriPUFT7cnmmCJMeamezun/qeWpetTF6PaxglxrKujbfJU7X7hy06L/Khoz:y9OXcnpmmeZtoPaxIxrKujbfJSX7hy/f
                                          MD5:1690EAB34A8B1303B8B6162BE5781E87
                                          SHA1:1710FBFB614C611119EC52C749B21F915EDE44F3
                                          SHA-256:8A4912A7923B39A2EF512BD314F1F1DBF035E0732B3F5269E00976F6F9A7646E
                                          SHA-512:2DF8627ACBE69DA268DC880CC478D2680E7685D079F7B8FC8C00A7DF91DAA6FDD2B4E19D45B75FA1A4219DEC1E9E48AD97F5E42072ED8E8CA315091EF63EBF53
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 2%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L.....DJ.................p].........t&........]...@..........................p.......Z........... ....................|..>...0|..I........m..........J..H.................................... |......................................................text....p]......h]................. ..`.data.........]......n].............@....tls..........|.......{.............@....rdata....... |.......{.............@..P.idata...P...0|..J....{.............@..@.edata...@....|..@...b{.............@..@

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoEditor.sib (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):759257
                                          Entropy (8bit):5.85897980430466
                                          Encrypted:false
                                          SSDEEP:12288:2u/VC5HjAVE35lsdDeFIJ1MVE0RE/iRdlFeOo4/xIQBFq808UpXEIVAWp1+0eWQP:2u/VC5HjAVE35lsdDeF6b/iRdlFeu/xD
                                          MD5:BB4C904851BA3AAB82431DCA25F2F392
                                          SHA1:69D76BC7EDF38FF11BD725711C7BE14CC6FB7799
                                          SHA-256:B7A41DCAAB10B6624E2AE0DCFB939C862A87B30366082187F67F8B2A6403D371
                                          SHA-512:ECEAC0B3F0D0AFD390D4048FC458298D2A86227EF2D0FBD7248F72D90652CA6A08AA53ABEBE06C92AFAA3FA119919E7D993A1BE20A0E2DB68B19A3764D20DB8E
                                          Malicious:false
                                          Preview:SIB file: TsiLang binary translation data.......TAVIProfileEditorFramec.....TBluRayProfileEditorFrame.-....TFormAboutKM....TFormAnimText.`....TFormCropScale.h....TFormDriveRegion q....TFormDuration4.....TFormEnterPresetName......TFormExportAudio.....TFormMessageDlg.....TFormMultiTrim$.....TFormPiP......TFormProgress......TFormProperties*.....TFormSaveWizard......TFormSettings.N....TFormSpeed_.....TFormTitleListView.....TFormTransition......TFormTrimI.....TFormTuneDisc......TFormUnregisteredVersion......TFormVolume......TframeAdjustBrightnessn.....TframeAdjustBrightnessEx......TframeAdjustColorize......TframeAdjustContrast......TframeAdjustGamma0.....TframeAdjustGrayscaleZ ....TframeAdjustHue.'....TframeAdjustPosterize.0....TframeAdjustSaturationU8....TframeAdjustSepia.@....TframeAdjustTemperatureDL....TframeAdjustThreshold.T....TframeAudioAmplifyA]....TframeAudioBandFilter.j....TframeAudioCompressor......TframeAudioDelayr.....TframeAudioEqualizer......TframeAudioFade......TframeAudi

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoRecorder.exe (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):2330720
                                          Entropy (8bit):7.995614987584974
                                          Encrypted:true
                                          SSDEEP:49152:a2N73LWXQf/YXxbtj2yBY8AhRNqcEEokk3EwK78raR:75pf/YhbtjLY5dRr23EwK78a
                                          MD5:B4DA6115764A739D61FD1AF4A4B017B4
                                          SHA1:8808C301610B198D8C1235ABF17D3ADD7B2FA51A
                                          SHA-256:A7BD1106F48C5885DFF8E6C4C576A43492D0236C988A638F915306311B31D3D6
                                          SHA-512:B036A371B69FE9D977AE17337DFC86D1EA21CE8DB746E5E53A9B0779C905520D0E0F167F847BE411DC58DC871E07D2A70F7FC4413A629B6810BFE353D57CA892
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 2%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................D......X.............@..........................@........#..........@..............................P........*............#.H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....*.......*..................@..P.............@......................@..P........................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSYouTubeUploader.exe (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):10891512
                                          Entropy (8bit):7.99974211090642
                                          Encrypted:true
                                          SSDEEP:196608:45v6PAVup5LKkL83kc/s8FNh7C1HuBVhsG4ozx73AnOmwUs5oASDPYCGLhW+pe9O:41OAVONTI3F/P37ua7syALwv5oASbGLz
                                          MD5:6BBE1BF139BCF381272F8021483DF632
                                          SHA1:2BF042978B1C599A95736D627AC2C048251237B7
                                          SHA-256:C3178E0812770AC3C3C66B179BCC4EBA8EBE08504C185BE4B6B181F5A1417E7B
                                          SHA-512:217A6C2F80EE29F861F864A36E0C357251EC00D76AF2814B24FC9B022B28C0B57358E667C684B38EFDF7546F9C18962C3CD69DDB386043C4D876CE7777A40D6C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 4%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................D......X.............@..........................@.......A...........@..............................P........*...........$..H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....*.......*..................@..P.............@......................@..P........................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Autumn\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17612
                                          Entropy (8bit):4.8935030557767085
                                          Encrypted:false
                                          SSDEEP:384:ccNJDkLJypWILTkLJypWILUHNJQkLJypWILhkLJypWIL7kLJypWILw1CjqwI1Cjr:rNNliNqbdKZbW
                                          MD5:4A39BEDBE85DFE3B6FCCC975B9DC7EBD
                                          SHA1:D82EB0E96823BF8DAA760BB991CB33E8EA343977
                                          SHA-256:BA0AF7DFA0C05871B78F0C2098BAEE29B286468B5D77FBE23F2557E97DAAC0C1
                                          SHA-512:A665AA50FEC93451F8034047DA9DE1FE95658D05204815C1DF3CC3325CFF11181A56F1832CBC126F5454ADDCB1C5B575CCC75A8BBDFEA08D28E6F59E302448FA
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Autumn" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="4704" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Autumn\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):229555
                                          Entropy (8bit):7.9708237163107745
                                          Encrypted:false
                                          SSDEEP:6144:xdqzZSRrjrlgs3HzS67kLusiRq3bqkFRnh6QjeeGCsDXWo8KPMaYb:xIzZS1qsDS67Lsaoqkzsja+XYYm
                                          MD5:22B072469E50B8234941AF76FA22743E
                                          SHA1:3F581703FF4E3F2D0F1277D799F209F5354FB55F
                                          SHA-256:663471F907B33EC9A442A123C665E8CB69156A7A827AC59FCC9B7463E1EE8470
                                          SHA-512:BD386290BA297CD555ABAE353331944B0FCBA6D24F6AE94659D93FBD191FAFE292FAFA0E934E2222FD1D2D015F36C6A2A6E8232EC600C2224225FE5CFDD78BA5
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.............................................................................#"""#''''''''''..................................................!! !!''''''''''......8...."....................................................................................!..1 ..0A"P`2.@#3..B$%.....................!1..AQa.. "q....2.0..BR.`.#b3@.r..P.C.Sc$.4...D.....................! 10`a.@PAQ."q...p.....2R...b.B....................!1AQ.aq... ...P..0.`@................~/..Z..9..3^o..l.v...O..p;..N.6[...-z=.7.....z.G....+ss.Y..q...z..Qj....t...},p.|..w&..UQ....ONmB....W>J.i....j......P.i....1i....^.J.wn..qm.q..v..m.1...7T...Rc3..:.e...k%.Y.....3.<...e>.5..p.f[....7eM$..i..u..){/.<.q@....p...\......g.Y..8.%.>n..n4nY.-.....s....D.2p......X...U`..c.j...h....sqK..A]..`!E .2X9%..L., .I.L.L....@..................................w....F..[.Nv.<...{!\...]s...}3n.......<\~..|..o...{J...Si1PWm..M...So..\.SG.ON}NwF.G.z.V.gD.5....R.S....,RQ.B

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Autumn\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2963
                                          Entropy (8bit):7.7384100254231765
                                          Encrypted:false
                                          SSDEEP:48:qA9na1tutEcv/G4YQiaHHWWAgRfAyW36eVZrlvAAXrQwheYVcDUZQi/:9ha1CtAQianduD31rlvAAXrQwzcDG1/
                                          MD5:9F407A8DE5DBAEE9DE73485609548599
                                          SHA1:DE865D65D04847F1D715F9395F3AD519CE8FE06F
                                          SHA-256:3FA9606C6607F5773F5C23AD3926786788D65C68CE1F01160D5DD4537A5125FB
                                          SHA-512:246A4D7A41201154FCE45B269C5935C1207E697470F7DFD5EE91C67642EF6D29263E9A7DB7F63E11EC606C057E493250F93B129AED1BE1F5D8264D614A0BB2D2
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!. 1"2.#.....................!..1AQ"..aq.2 .....BR#.b3$.....................! 1A..a.."2......................!.1AQaq.......................Cm".o.s.t..t.cf....;._l....z.js...h.:.diVW..._OK......p......B5=.^%.&.....=..}.t........../2..KVx. ...a.'Bk.@*.H..+.$..............->..Ui.Eh.m<..ZU_3.L...P...c0..F.O.................<.>....qs...>D.#5..f.....f@..................kn.S.5VQg.B.}Mj.ff..&p9.=.s.J........s.....@a.p..b....X>.b...Z..8....b.-`..6[].`.x........&0f&%..TP.lm.&....eY+Vp.J4...E+M..l....w+Xrk...i]U(.Cj..1,f..]}._.|t..V.m..-uv...u...WY,.,.....(.X_.....O.t#k.kKY+..Y]Y<..3...l.........W.gP....WP9@..`3.g........?../...w.u..P".O...........OY.....N..........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Autumn\Resources\is-5Q1BV.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):229555
                                          Entropy (8bit):7.9708237163107745
                                          Encrypted:false
                                          SSDEEP:6144:xdqzZSRrjrlgs3HzS67kLusiRq3bqkFRnh6QjeeGCsDXWo8KPMaYb:xIzZS1qsDS67Lsaoqkzsja+XYYm
                                          MD5:22B072469E50B8234941AF76FA22743E
                                          SHA1:3F581703FF4E3F2D0F1277D799F209F5354FB55F
                                          SHA-256:663471F907B33EC9A442A123C665E8CB69156A7A827AC59FCC9B7463E1EE8470
                                          SHA-512:BD386290BA297CD555ABAE353331944B0FCBA6D24F6AE94659D93FBD191FAFE292FAFA0E934E2222FD1D2D015F36C6A2A6E8232EC600C2224225FE5CFDD78BA5
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.............................................................................#"""#''''''''''..................................................!! !!''''''''''......8...."....................................................................................!..1 ..0A"P`2.@#3..B$%.....................!1..AQa.. "q....2.0..BR.`.#b3@.r..P.C.Sc$.4...D.....................! 10`a.@PAQ."q...p.....2R...b.B....................!1AQ.aq... ...P..0.`@................~/..Z..9..3^o..l.v...O..p;..N.6[...-z=.7.....z.G....+ss.Y..q...z..Qj....t...},p.|..w&..UQ....ONmB....W>J.i....j......P.i....1i....^.J.wn..qm.q..v..m.1...7T...Rc3..:.e...k%.Y.....3.<...e>.5..p.f[....7eM$..i..u..){/.<.q@....p...\......g.Y..8.%.>n..n4nY.-.....s....D.2p......X...U`..c.j...h....sqK..A]..`!E .2X9%..L., .I.L.L....@..................................w....F..[.Nv.<...{!\...]s...}3n.......<\~..|..o...{J...Si1PWm..M...So..\.SG.ON}NwF.G.z.V.gD.5....R.S....,RQ.B

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Autumn\Resources\is-EH2D0.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2963
                                          Entropy (8bit):7.7384100254231765
                                          Encrypted:false
                                          SSDEEP:48:qA9na1tutEcv/G4YQiaHHWWAgRfAyW36eVZrlvAAXrQwheYVcDUZQi/:9ha1CtAQianduD31rlvAAXrQwzcDG1/
                                          MD5:9F407A8DE5DBAEE9DE73485609548599
                                          SHA1:DE865D65D04847F1D715F9395F3AD519CE8FE06F
                                          SHA-256:3FA9606C6607F5773F5C23AD3926786788D65C68CE1F01160D5DD4537A5125FB
                                          SHA-512:246A4D7A41201154FCE45B269C5935C1207E697470F7DFD5EE91C67642EF6D29263E9A7DB7F63E11EC606C057E493250F93B129AED1BE1F5D8264D614A0BB2D2
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!. 1"2.#.....................!..1AQ"..aq.2 .....BR#.b3$.....................! 1A..a.."2......................!.1AQaq.......................Cm".o.s.t..t.cf....;._l....z.js...h.:.diVW..._OK......p......B5=.^%.&.....=..}.t........../2..KVx. ...a.'Bk.@*.H..+.$..............->..Ui.Eh.m<..ZU_3.L...P...c0..F.O.................<.>....qs...>D.#5..f.....f@..................kn.S.5VQg.B.}Mj.ff..&p9.=.s.J........s.....@a.p..b....X>.b...Z..8....b.-`..6[].`.x........&0f&%..TP.lm.&....eY+Vp.J4...E+M..l....w+Xrk...i]U(.Cj..1,f..]}._.|t..V.m..-uv...u...WY,.,.....(.X_.....O.t#k.kKY+..Y]Y<..3...l.........W.gP....WP9@..`3.g........?../...w.u..P".O...........OY.....N..........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Autumn\is-HGVB0.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17612
                                          Entropy (8bit):4.8935030557767085
                                          Encrypted:false
                                          SSDEEP:384:ccNJDkLJypWILTkLJypWILUHNJQkLJypWILhkLJypWIL7kLJypWILw1CjqwI1Cjr:rNNliNqbdKZbW
                                          MD5:4A39BEDBE85DFE3B6FCCC975B9DC7EBD
                                          SHA1:D82EB0E96823BF8DAA760BB991CB33E8EA343977
                                          SHA-256:BA0AF7DFA0C05871B78F0C2098BAEE29B286468B5D77FBE23F2557E97DAAC0C1
                                          SHA-512:A665AA50FEC93451F8034047DA9DE1FE95658D05204815C1DF3CC3325CFF11181A56F1832CBC126F5454ADDCB1C5B575CCC75A8BBDFEA08D28E6F59E302448FA
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Autumn" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="4704" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Baby\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17627
                                          Entropy (8bit):4.893944822268253
                                          Encrypted:false
                                          SSDEEP:384:6cNJikLJy9WILPkLJy9WILUHNJQkLJy9WILhkLJy9WIL7kLJy9WILw1CjqwI1Cjr:1N85KNqzlCZbW
                                          MD5:88FF3569930FFED9B5F0ED2C1D93B116
                                          SHA1:2E9209417366C8F9C3D75956F83C14241E60DA74
                                          SHA-256:52873DEF0A61DA5453825276332ADBEFDDC0AB85806CA41526A7C862039A9B2D
                                          SHA-512:596A8325EF99DF52B833CD3AEFA7A2411595106DE8FE9A9A9964A25F30452DC5200DEB26ED5122105A190995C994760CE2217331CBFCF90B53B3C64B9C053C8D
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Baby" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="11706352" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.........<PenP

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Baby\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):208581
                                          Entropy (8bit):7.979459108309103
                                          Encrypted:false
                                          SSDEEP:3072:C9/20b+DcnDW9tSaKfwxGUO1zGv7rv02eaQh9e3GWpPTyMQ4szeXZjzipffBqHNM:GAqWqf7WcWY9e3xpPTyB5rpfBqtM
                                          MD5:F0C08D5F8C7C85FB731375F269F2CDCC
                                          SHA1:C9957B55DE22DD51AF83509F0ED6730792B7FB3C
                                          SHA-256:4F15A66E699A151FEE0E3CD8FA1BA7E7991715F6FE9C9D4A56E6A861A9203246
                                          SHA-512:C607460CF1DB28995E417BA78127AF106A2B0ACD0A53CCD97637E250927B66A768107A9DD7B61C89D5DA0B941A56E891D1BE238DD5E33867505D0D6457605BEE
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......(.....!Adobe.d..................3.....................................................$$''$$53335;;;;;;;;;;.............................%......% #...# ((%%((22022;;;;;;;;;;......8...."..................................................................................!. 1.A..0"2.@.3P`B#4.C$.p...%D.....................!1. AQa0q.@..."2.....BR..brP#3.`p.c.CS..s.....................!1. AQq...2a."0P`..B..r@....Rb...#3....................!1AQaq..... ...0..@`P...............$.?R.D.f.....e6..t.....A%...%,.Wc&jH..V..jn..7I.[b..]4.j6g;.&t...B.D.qH...5u....j.4.).h..."......)*.).d.6H...r.hLcBF.f.Sa,.@.....Kb..S%J.&.b.b.......*........).7d.Fe%Cd.TR.H...i..I.h.-,..$.U.+.....!....D(.%1S.J..L.$.]lZ.H\'h.L.h......ju...L.\.%ed....b.a..{CWY...^..I.^..}9..2.b49Il.v...x.p"I4%....w...L...Dj..w1Ip6.r.I.6.\i.h.i1.3.ID..@9.M1.V.RP...4..\jE.4.nEI.!*.M..;......n\.bm9.E@.(P.....$.M.B. .TR.VD.*D..@.5..F..L.aN,D.H.t2.lj.mJ."m(....sH.d0....W.(...EJT.....R........s

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Baby\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 93x72, components 3
                                          Category:dropped
                                          Size (bytes):2673
                                          Entropy (8bit):7.7039433075432715
                                          Encrypted:false
                                          SSDEEP:48:bIAFzYgtyMscQ7YmGd8YcvHCqmQRYp+WGZhe7D0LLw+8VHaYSS55NzG+NM8LC:vFzYglhG87RJhp+BXPU61Sbopr
                                          MD5:910E41BCF714A3F9FE24E876E1F4D56E
                                          SHA1:E6E8226FCF2610E00DC7ACDDBB5173E93933F6EE
                                          SHA-256:202DE84AC1F32900C8AED948E9E33667DE1E7EC198CBEE7C479813BC34DE717E
                                          SHA-512:5670F7B300D1928D84C67A3EAA1BBCA5124E534C91EF7927D3B28E5746848006E83718BD614F087CC33CC04618215FA8DDE7BCF8A5547AACD680218540BB335F
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................o......................................................#"""#''''''''''..................................................!! !!''''''''''......H.].."....................................................................................!".1.A. @#.......................!1AQa".q2... ...B#....b..3$4.....................!1.AQ....@..".. .aB....................!1AQa..q.... ................7=...d..p.4m".,y..D.d....S^'Yy...%..ZN.z.....IT<.'.AvE.F.B..Tl................M.F.^....~].ow7.k......J=b.I..Sg.J.O...-................b.$..T.2E................t........tt...9a.4.....*.e.YwE................,P.b....."X.J@.G.l....=.3)..d...V.......Bn.........[..zET@Q1..V.N............\..*.1...".>m0./2.2...VW).W+aP..[.3=R]w.~!.e.$#..Q.[M....__.iGN...(....]...sto.?.{.WnB....8...f...m_MJ......|6.u.g.d.(...my/M+.PR..Vj...d.E.@.+Tl4s........?.....&O.K..;*"F.W.SS.{..=.0..@..K."..J-..`.[._........?.....{.:.....~.....vy.#%U[..-

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Baby\Resources\is-3UBTR.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):208581
                                          Entropy (8bit):7.979459108309103
                                          Encrypted:false
                                          SSDEEP:3072:C9/20b+DcnDW9tSaKfwxGUO1zGv7rv02eaQh9e3GWpPTyMQ4szeXZjzipffBqHNM:GAqWqf7WcWY9e3xpPTyB5rpfBqtM
                                          MD5:F0C08D5F8C7C85FB731375F269F2CDCC
                                          SHA1:C9957B55DE22DD51AF83509F0ED6730792B7FB3C
                                          SHA-256:4F15A66E699A151FEE0E3CD8FA1BA7E7991715F6FE9C9D4A56E6A861A9203246
                                          SHA-512:C607460CF1DB28995E417BA78127AF106A2B0ACD0A53CCD97637E250927B66A768107A9DD7B61C89D5DA0B941A56E891D1BE238DD5E33867505D0D6457605BEE
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......(.....!Adobe.d..................3.....................................................$$''$$53335;;;;;;;;;;.............................%......% #...# ((%%((22022;;;;;;;;;;......8...."..................................................................................!. 1.A..0"2.@.3P`B#4.C$.p...%D.....................!1. AQa0q.@..."2.....BR..brP#3.`p.c.CS..s.....................!1. AQq...2a."0P`..B..r@....Rb...#3....................!1AQaq..... ...0..@`P...............$.?R.D.f.....e6..t.....A%...%,.Wc&jH..V..jn..7I.[b..]4.j6g;.&t...B.D.qH...5u....j.4.).h..."......)*.).d.6H...r.hLcBF.f.Sa,.@.....Kb..S%J.&.b.b.......*........).7d.Fe%Cd.TR.H...i..I.h.-,..$.U.+.....!....D(.%1S.J..L.$.]lZ.H\'h.L.h......ju...L.\.%ed....b.a..{CWY...^..I.^..}9..2.b49Il.v...x.p"I4%....w...L...Dj..w1Ip6.r.I.6.\i.h.i1.3.ID..@9.M1.V.RP...4..\jE.4.nEI.!*.M..;......n\.bm9.E@.(P.....$.M.B. .TR.VD.*D..@.5..F..L.aN,D.H.t2.lj.mJ."m(....sH.d0....W.(...EJT.....R........s

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Baby\Resources\is-AM214.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 93x72, components 3
                                          Category:dropped
                                          Size (bytes):2673
                                          Entropy (8bit):7.7039433075432715
                                          Encrypted:false
                                          SSDEEP:48:bIAFzYgtyMscQ7YmGd8YcvHCqmQRYp+WGZhe7D0LLw+8VHaYSS55NzG+NM8LC:vFzYglhG87RJhp+BXPU61Sbopr
                                          MD5:910E41BCF714A3F9FE24E876E1F4D56E
                                          SHA1:E6E8226FCF2610E00DC7ACDDBB5173E93933F6EE
                                          SHA-256:202DE84AC1F32900C8AED948E9E33667DE1E7EC198CBEE7C479813BC34DE717E
                                          SHA-512:5670F7B300D1928D84C67A3EAA1BBCA5124E534C91EF7927D3B28E5746848006E83718BD614F087CC33CC04618215FA8DDE7BCF8A5547AACD680218540BB335F
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................o......................................................#"""#''''''''''..................................................!! !!''''''''''......H.].."....................................................................................!".1.A. @#.......................!1AQa".q2... ...B#....b..3$4.....................!1.AQ....@..".. .aB....................!1AQa..q.... ................7=...d..p.4m".,y..D.d....S^'Yy...%..ZN.z.....IT<.'.AvE.F.B..Tl................M.F.^....~].ow7.k......J=b.I..Sg.J.O...-................b.$..T.2E................t........tt...9a.4.....*.e.YwE................,P.b....."X.J@.G.l....=.3)..d...V.......Bn.........[..zET@Q1..V.N............\..*.1...".>m0./2.2...VW).W+aP..[.3=R]w.~!.e.$#..Q.[M....__.iGN...(....]...sto.?.{.WnB....8...f...m_MJ......|6.u.g.d.(...my/M+.PR..Vj...d.E.@.+Tl4s........?.....&O.K..;*"F.W.SS.{..=.0..@..K."..J-..`.[._........?.....{.:.....~.....vy.#%U[..-

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Baby\is-1P1VE.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17627
                                          Entropy (8bit):4.893944822268253
                                          Encrypted:false
                                          SSDEEP:384:6cNJikLJy9WILPkLJy9WILUHNJQkLJy9WILhkLJy9WIL7kLJy9WILw1CjqwI1Cjr:1N85KNqzlCZbW
                                          MD5:88FF3569930FFED9B5F0ED2C1D93B116
                                          SHA1:2E9209417366C8F9C3D75956F83C14241E60DA74
                                          SHA-256:52873DEF0A61DA5453825276332ADBEFDDC0AB85806CA41526A7C862039A9B2D
                                          SHA-512:596A8325EF99DF52B833CD3AEFA7A2411595106DE8FE9A9A9964A25F30452DC5200DEB26ED5122105A190995C994760CE2217331CBFCF90B53B3C64B9C053C8D
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Baby" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="11706352" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.........<PenP

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Bahamas\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17637
                                          Entropy (8bit):4.892649965298014
                                          Encrypted:false
                                          SSDEEP:384:4cNJDkLJy+WILTkLJy+WILUHNJQkLJy+WILhkLJy+WIL7kLJy+WILw1CjqwI1Cjr:fNNY/NqkaRZbW
                                          MD5:25438EF5F018D111E2CB6A008F935D8A
                                          SHA1:CEC780954A7B562ECC7C05DB039A2E4584F1C48B
                                          SHA-256:5DF9E440A1A6DA43FBB00EA846B246A185B5D291436CF49FEC45CC9277502886
                                          SHA-512:A85855D1A48C500C9A6F73E8008F2881AA5B1E87E6A4BE038D47340DD922CF862A6F335C76E2CBEBE46117701BBC6977165DD5212560FD886FF8CE72469D03AF
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Bahamas" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="12223802" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Bahamas\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):275961
                                          Entropy (8bit):7.987111161586988
                                          Encrypted:false
                                          SSDEEP:6144:lwmoRKvE0D5jsx6PQQPFFKG/oQOHdovpOgzumzFmYXftG+l3J:lbwOv9jsxCZrKGhO9QZXMM9H
                                          MD5:F81A72B7D6DC0022474FD047279606D8
                                          SHA1:5E1FEEE415F37363C7ABF9E685579D2DB6BF17DA
                                          SHA-256:37C533628442A3A8C94987CE889A338D762A4D2ECB477965D437F3F2423D58F5
                                          SHA-512:EEDC55084ABC4D6DDA442E3BB6C8B75D498A80BBD046AD60CD6561F25573F20EBDA08952CE8D9A245412F080F36A5158C35BB6681E3C2B9071BA76E0A8947EDB
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............7D..9...5.......................................................#"""#''''''''''..................................................!! !!''''''''''......8....".......................................................................................!. 1.A".02#@P`.B3.$4C%.5.....................!1AQ...aq" ..2..0....BR#..b3@`.r.P....CS.$p.c4...s.D.....................!1.AQ. 0`aq@...."P..2...B.Rb.r3p.#.....................!1AQa.q. ..0...@...P`...............C|.G..R.,.......I..+...qe.Y4.S[W...f..F.'A.5^.1....J.....h..Ya+W4'.9....h...L...[n.h..6.C~ze..[.....Gf..w.....ep..*...o.r.....#..4sE$..........^=..T..8..k.SyE...&M.Zg7\.......K.zZ......l.=.9.`z..!....;..*.F.Ln.,.mu^+.-..c\3]+f..Q+]...z..N.N...o2...6.......c.....z...".gL....ti.u....[.O...~..=./..o.._.._j.......z..6..v.s._...Xa..yu...^..q..}....?g;...n.n..^sX.....[.[...O.....>..f.....M...{..7EF..).{|W.=[.....{n.....~....8|?M.3|...{<??..}....|........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Bahamas\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2883
                                          Entropy (8bit):7.739387717494888
                                          Encrypted:false
                                          SSDEEP:48:uIAMfUAMAF/EelL46lvU8812dhWVErpOyL3hBb9JPkeRmaO/hA5PEaGgBX:yMfUA1/H4lz3YpOmT9JPkewap5DX
                                          MD5:205960FAEBCD07D6E691CE778DED3355
                                          SHA1:48720E8C68B7AE9378DF17B77E61A8CF49530DFB
                                          SHA-256:2278E811225D69517B05EF0078CD938ADDE5DF271C5AE4E93940EA0CDB8EDBA0
                                          SHA-512:9ADFC5227B65252182AE0A5C1131BDC0D9A7B7A9A466711EEC04D153A709F4FA3926731BBC7FC57F1DE75DEA9B84C7A7E891E60292C7CA1034B11510185CCD3A
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................A......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".....................................................................................!". 1.#.3........................!.1AQq"..a.2. ....#..r...B....................... .!A..1Qaq..........................!1AQa.q.........................c...;..s......._.,...|..M.+.9~......X..I..;o....FA.`..+..c ]z....l...hP..V....:.G"......~.a..S-....i...99.A{....o..>Y#WXR...BW............3..g3.....h&s9.)K...EY..?{Q...9..>...?\.g..........X.t...D.L..Y..U.8.Db...+;4...wZ..$n;z...............X.-.<@....t.2.0b.....u......e..:...LU.@'...u.=4....u....K..N...8.N#.1.& ...m^.^.Y. >kj....]kWo.B.~!....'.J/.?.pl.|....0-Z(.....q....N......3Q..5...t..Z(....B..q.V....yj..6.i./...?#...Z..].|.......ZW.FG...8....A.}y....0...(Q.>......rc.E/..|...>k.v]......g.......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Bahamas\Resources\is-LJ8EQ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):275961
                                          Entropy (8bit):7.987111161586988
                                          Encrypted:false
                                          SSDEEP:6144:lwmoRKvE0D5jsx6PQQPFFKG/oQOHdovpOgzumzFmYXftG+l3J:lbwOv9jsxCZrKGhO9QZXMM9H
                                          MD5:F81A72B7D6DC0022474FD047279606D8
                                          SHA1:5E1FEEE415F37363C7ABF9E685579D2DB6BF17DA
                                          SHA-256:37C533628442A3A8C94987CE889A338D762A4D2ECB477965D437F3F2423D58F5
                                          SHA-512:EEDC55084ABC4D6DDA442E3BB6C8B75D498A80BBD046AD60CD6561F25573F20EBDA08952CE8D9A245412F080F36A5158C35BB6681E3C2B9071BA76E0A8947EDB
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............7D..9...5.......................................................#"""#''''''''''..................................................!! !!''''''''''......8....".......................................................................................!. 1.A".02#@P`.B3.$4C%.5.....................!1AQ...aq" ..2..0....BR#..b3@`.r.P....CS.$p.c4...s.D.....................!1.AQ. 0`aq@...."P..2...B.Rb.r3p.#.....................!1AQa.q. ..0...@...P`...............C|.G..R.,.......I..+...qe.Y4.S[W...f..F.'A.5^.1....J.....h..Ya+W4'.9....h...L...[n.h..6.C~ze..[.....Gf..w.....ep..*...o.r.....#..4sE$..........^=..T..8..k.SyE...&M.Zg7\.......K.zZ......l.=.9.`z..!....;..*.F.Ln.,.mu^+.-..c\3]+f..Q+]...z..N.N...o2...6.......c.....z...".gL....ti.u....[.O...~..=./..o.._.._j.......z..6..v.s._...Xa..yu...^..q..}....?g;...n.n..^sX.....[.[...O.....>..f.....M...{..7EF..).{|W.=[.....{n.....~....8|?M.3|...{<??..}....|........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Bahamas\Resources\is-UQ35M.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2883
                                          Entropy (8bit):7.739387717494888
                                          Encrypted:false
                                          SSDEEP:48:uIAMfUAMAF/EelL46lvU8812dhWVErpOyL3hBb9JPkeRmaO/hA5PEaGgBX:yMfUA1/H4lz3YpOmT9JPkewap5DX
                                          MD5:205960FAEBCD07D6E691CE778DED3355
                                          SHA1:48720E8C68B7AE9378DF17B77E61A8CF49530DFB
                                          SHA-256:2278E811225D69517B05EF0078CD938ADDE5DF271C5AE4E93940EA0CDB8EDBA0
                                          SHA-512:9ADFC5227B65252182AE0A5C1131BDC0D9A7B7A9A466711EEC04D153A709F4FA3926731BBC7FC57F1DE75DEA9B84C7A7E891E60292C7CA1034B11510185CCD3A
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................A......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".....................................................................................!". 1.#.3........................!.1AQq"..a.2. ....#..r...B....................... .!A..1Qaq..........................!1AQa.q.........................c...;..s......._.,...|..M.+.9~......X..I..;o....FA.`..+..c ]z....l...hP..V....:.G"......~.a..S-....i...99.A{....o..>Y#WXR...BW............3..g3.....h&s9.)K...EY..?{Q...9..>...?\.g..........X.t...D.L..Y..U.8.Db...+;4...wZ..$n;z...............X.-.<@....t.2.0b.....u......e..:...LU.@'...u.=4....u....K..N...8.N#.1.& ...m^.^.Y. >kj....]kWo.B.~!....'.J/.?.pl.|....0-Z(.....q....N......3Q..5...t..Z(....B..q.V....yj..6.i./...?#...Z..].|.......ZW.FG...8....A.}y....0...(Q.>......rc.E/..|...>k.v]......g.......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Bahamas\is-RHE9S.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17637
                                          Entropy (8bit):4.892649965298014
                                          Encrypted:false
                                          SSDEEP:384:4cNJDkLJy+WILTkLJy+WILUHNJQkLJy+WILhkLJy+WIL7kLJy+WILw1CjqwI1Cjr:fNNY/NqkaRZbW
                                          MD5:25438EF5F018D111E2CB6A008F935D8A
                                          SHA1:CEC780954A7B562ECC7C05DB039A2E4584F1C48B
                                          SHA-256:5DF9E440A1A6DA43FBB00EA846B246A185B5D291436CF49FEC45CC9277502886
                                          SHA-512:A85855D1A48C500C9A6F73E8008F2881AA5B1E87E6A4BE038D47340DD922CF862A6F335C76E2CBEBE46117701BBC6977165DD5212560FD886FF8CE72469D03AF
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Bahamas" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="12223802" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\COMMON\Chapters.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 361 x 134, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):9121
                                          Entropy (8bit):7.941062362254899
                                          Encrypted:false
                                          SSDEEP:192:+SDS0tKg9E05T2bZ03eKmm/qkjFCbUxkHCG5aA/yug93THvkd:hJXE05ytuw9Uxox5Z/LgZTPkd
                                          MD5:32D4E861945001DDA8AA08726DAE99EE
                                          SHA1:057E0F5A114BB4392D96A8EDEB16A8C1614E4A6C
                                          SHA-256:1B4246F62B32D24C99B12D7193D8BC39FB532E1DB015BF0D88FA242D3BF9E150
                                          SHA-512:0E448EDC21F7F3D0D9BE12C7803FAC4A8E3CB1E67FA4EABD76A7499F6897FEB9570C9B93C3D09E0A516876D4FFA15A6361A6D17C98F533BFDDF6ACC7A41D3D2D
                                          Malicious:false
                                          Preview:.PNG........IHDR...i...........{.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\COMMON\Home.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 214 x 226, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):5813
                                          Entropy (8bit):7.90567752451454
                                          Encrypted:false
                                          SSDEEP:96:pSDZ/I09Da01l+gmkyTt6Hk8nTxC4PHrRS5NjtOtlNnffqDsux/OsWBUxPz:pSDS0tKg9E05TQGHrY5l2lXesKUUxPz
                                          MD5:F47421BE538726BF3B6D8BF93420E411
                                          SHA1:323CF22A7AE805C118442BC7408A3AE5CA5E87D4
                                          SHA-256:7CA1FBC6BDC8E5341D1632B94AED3B8D8EC8FA1E51C4EA0FA2ACEC18131E5301
                                          SHA-512:7C9EF0AE9DCDEE1E7EF1A7930ACBC98D18BBB6AA4A540D9B7743E16573BCE40381720A77AB24AFB39CC79E345445632A0A1619834B1598F02C98A19908609948
                                          Malicious:false
                                          Preview:.PNG........IHDR.............2.9.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\COMMON\Play Center.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 361 x 134, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6539
                                          Entropy (8bit):7.911630290113042
                                          Encrypted:false
                                          SSDEEP:192:+SDS0tKg9E05TfksL+BW7Pl9hrViJdrLMMzKk:hJXE05INQx9hrViL+k
                                          MD5:1C7F2D9D2B358C1E21BB2CA6168F38DF
                                          SHA1:3E0B988ABE29F7903366DCE505E145D4C4212ADD
                                          SHA-256:C7E13A42BAF9947952E3455B02D2C48394512C16E9C28812C6A88630897568C3
                                          SHA-512:8594F20E79C65B2D64AE82B6D0806D374C263C3F2DB55DF7C7D6D6E4DF1176D0E91DC1DCE19B4680895659E70272E5E72F8EE2B1A98611E597C3FA8E920D1426
                                          Malicious:false
                                          Preview:.PNG........IHDR...i...........{.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\COMMON\Play.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 361 x 134, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6559
                                          Entropy (8bit):7.901175654621792
                                          Encrypted:false
                                          SSDEEP:192:+SDS0tKg9E05TTiswRVgmquMJZ0BCf5Tzq9:hJXE05fisxj0BCfhzq9
                                          MD5:956DD3C3D0876480F653A735B41E2F95
                                          SHA1:8B9D575FA355680B15E2F9A8F68B501AE0B6FF06
                                          SHA-256:3F641B377351274964350929CE404F8B38F114FB9B5A9102587ABF50FB9F52E0
                                          SHA-512:EF53617B61A60627A6B5D773D9B7747993BBD641673E4A670EE20E2F76D16650831DBEAE421A960DDA8790B7D089F92FA6A497AD1E396720D2D0FBF28B31C214
                                          Malicious:false
                                          Preview:.PNG........IHDR...i...........{.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\COMMON\arrowLeft.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 250 x 205, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6150
                                          Entropy (8bit):7.924492786660738
                                          Encrypted:false
                                          SSDEEP:96:zSDZ/I09Da01l+gmkyTt6Hk8nTDBcXcIGaq2Iz22mVt4JmESXVIeCM9hG93SM5H:zSDS0tKg9E05TDqUJR2ht4a40uD
                                          MD5:D020305905BB24C7969143981EE6CB44
                                          SHA1:B96D46E82815E3B39243AD4F83550A4985BE7906
                                          SHA-256:BFB4F4BFF23403998FE1F8AEB8D8961000311D405BFB535D6C1291B04BF88FCE
                                          SHA-512:ED06CB736431B51FF5AF021DC96BF5AA701CE0CC4F3E625CF6907D2F5B8232BC2846C0ED58E63CFE7ADC8356D31C4BDF18D3860A480E3449A6C28183A28E51DE
                                          Malicious:false
                                          Preview:.PNG........IHDR...............m(....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\COMMON\arrowRight.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 250 x 205, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6200
                                          Entropy (8bit):7.92476656706805
                                          Encrypted:false
                                          SSDEEP:192:zSDS0tKg9E05T4l2s7CqCyPupCNVs5d4cl4Q:mJXE05yOBfCvs5dLlf
                                          MD5:452E0D800269C01EC1412DC8A8C8E0A6
                                          SHA1:1B58D5D7283A33A842025F8F23946076C5ED136B
                                          SHA-256:CF5FBE1E5F5249DB02FFD980F8E9324A38BB7D6A85E1F6288DBD0A659B914561
                                          SHA-512:FBDD11B1F3D10653F807CDF6B22E4574DC126AB2FE35E8265152AD704013CDCF20715992E8D7049D01B6D0318A0E9ABC4694D483539F880CEFBD898A57BFBFC8
                                          Malicious:false
                                          Preview:.PNG........IHDR...............m(....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\COMMON\is-9N8FC.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 250 x 205, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6150
                                          Entropy (8bit):7.924492786660738
                                          Encrypted:false
                                          SSDEEP:96:zSDZ/I09Da01l+gmkyTt6Hk8nTDBcXcIGaq2Iz22mVt4JmESXVIeCM9hG93SM5H:zSDS0tKg9E05TDqUJR2ht4a40uD
                                          MD5:D020305905BB24C7969143981EE6CB44
                                          SHA1:B96D46E82815E3B39243AD4F83550A4985BE7906
                                          SHA-256:BFB4F4BFF23403998FE1F8AEB8D8961000311D405BFB535D6C1291B04BF88FCE
                                          SHA-512:ED06CB736431B51FF5AF021DC96BF5AA701CE0CC4F3E625CF6907D2F5B8232BC2846C0ED58E63CFE7ADC8356D31C4BDF18D3860A480E3449A6C28183A28E51DE
                                          Malicious:false
                                          Preview:.PNG........IHDR...............m(....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\COMMON\is-MRFNF.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 361 x 134, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6539
                                          Entropy (8bit):7.911630290113042
                                          Encrypted:false
                                          SSDEEP:192:+SDS0tKg9E05TfksL+BW7Pl9hrViJdrLMMzKk:hJXE05INQx9hrViL+k
                                          MD5:1C7F2D9D2B358C1E21BB2CA6168F38DF
                                          SHA1:3E0B988ABE29F7903366DCE505E145D4C4212ADD
                                          SHA-256:C7E13A42BAF9947952E3455B02D2C48394512C16E9C28812C6A88630897568C3
                                          SHA-512:8594F20E79C65B2D64AE82B6D0806D374C263C3F2DB55DF7C7D6D6E4DF1176D0E91DC1DCE19B4680895659E70272E5E72F8EE2B1A98611E597C3FA8E920D1426
                                          Malicious:false
                                          Preview:.PNG........IHDR...i...........{.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\COMMON\is-POJFH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 361 x 134, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6559
                                          Entropy (8bit):7.901175654621792
                                          Encrypted:false
                                          SSDEEP:192:+SDS0tKg9E05TTiswRVgmquMJZ0BCf5Tzq9:hJXE05fisxj0BCfhzq9
                                          MD5:956DD3C3D0876480F653A735B41E2F95
                                          SHA1:8B9D575FA355680B15E2F9A8F68B501AE0B6FF06
                                          SHA-256:3F641B377351274964350929CE404F8B38F114FB9B5A9102587ABF50FB9F52E0
                                          SHA-512:EF53617B61A60627A6B5D773D9B7747993BBD641673E4A670EE20E2F76D16650831DBEAE421A960DDA8790B7D089F92FA6A497AD1E396720D2D0FBF28B31C214
                                          Malicious:false
                                          Preview:.PNG........IHDR...i...........{.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\COMMON\is-R2OH4.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 361 x 134, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):9121
                                          Entropy (8bit):7.941062362254899
                                          Encrypted:false
                                          SSDEEP:192:+SDS0tKg9E05T2bZ03eKmm/qkjFCbUxkHCG5aA/yug93THvkd:hJXE05ytuw9Uxox5Z/LgZTPkd
                                          MD5:32D4E861945001DDA8AA08726DAE99EE
                                          SHA1:057E0F5A114BB4392D96A8EDEB16A8C1614E4A6C
                                          SHA-256:1B4246F62B32D24C99B12D7193D8BC39FB532E1DB015BF0D88FA242D3BF9E150
                                          SHA-512:0E448EDC21F7F3D0D9BE12C7803FAC4A8E3CB1E67FA4EABD76A7499F6897FEB9570C9B93C3D09E0A516876D4FFA15A6361A6D17C98F533BFDDF6ACC7A41D3D2D
                                          Malicious:false
                                          Preview:.PNG........IHDR...i...........{.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\COMMON\is-RF9K4.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 250 x 205, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6200
                                          Entropy (8bit):7.92476656706805
                                          Encrypted:false
                                          SSDEEP:192:zSDS0tKg9E05T4l2s7CqCyPupCNVs5d4cl4Q:mJXE05yOBfCvs5dLlf
                                          MD5:452E0D800269C01EC1412DC8A8C8E0A6
                                          SHA1:1B58D5D7283A33A842025F8F23946076C5ED136B
                                          SHA-256:CF5FBE1E5F5249DB02FFD980F8E9324A38BB7D6A85E1F6288DBD0A659B914561
                                          SHA-512:FBDD11B1F3D10653F807CDF6B22E4574DC126AB2FE35E8265152AD704013CDCF20715992E8D7049D01B6D0318A0E9ABC4694D483539F880CEFBD898A57BFBFC8
                                          Malicious:false
                                          Preview:.PNG........IHDR...............m(....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\COMMON\is-TPOSA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 214 x 226, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):5813
                                          Entropy (8bit):7.90567752451454
                                          Encrypted:false
                                          SSDEEP:96:pSDZ/I09Da01l+gmkyTt6Hk8nTxC4PHrRS5NjtOtlNnffqDsux/OsWBUxPz:pSDS0tKg9E05TQGHrY5l2lXesKUUxPz
                                          MD5:F47421BE538726BF3B6D8BF93420E411
                                          SHA1:323CF22A7AE805C118442BC7408A3AE5CA5E87D4
                                          SHA-256:7CA1FBC6BDC8E5341D1632B94AED3B8D8EC8FA1E51C4EA0FA2ACEC18131E5301
                                          SHA-512:7C9EF0AE9DCDEE1E7EF1A7930ACBC98D18BBB6AA4A540D9B7743E16573BCE40381720A77AB24AFB39CC79E345445632A0A1619834B1598F02C98A19908609948
                                          Malicious:false
                                          Preview:.PNG........IHDR.............2.9.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Blue\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17642
                                          Entropy (8bit):4.894896091838645
                                          Encrypted:false
                                          SSDEEP:384:+cNJikLJycWILPkLJycWILUHNJQkLJycWILhkLJycWIL7kLJycWILw1CjqwI1Cjr:BN8aFNqaw3ZbW
                                          MD5:1BFA3AA1FE7713FF75C1B815B04F4A2D
                                          SHA1:2DECD90DF10763A21026CA93D63183A03483CA42
                                          SHA-256:A0DE59855E6C450AC0D07F29779459BFFA95E85D899A6FAC66BEE81B38C49EF1
                                          SHA-512:8F6445A5F210C561A45247F5B0094DD2C2F33D6E7C83FC5352A283C3478145F90E478D0DD3F2C38B2D09AEC47BD30E78041FD0C316099F57E2E92AE91810ECD1
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy Birthday Blue" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="11170068" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" /

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Blue\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):161910
                                          Entropy (8bit):7.97295943815501
                                          Encrypted:false
                                          SSDEEP:3072:h1ZeXd45pMAJlaci40pn1CZvsfrP/5rX6L41U:h2CuAJ10h1HfrdXk
                                          MD5:2D92739EECCB1D8AC874CFECBE6993F0
                                          SHA1:4670C96EC309A1CEC7C2D1B861F60B9DD63406BA
                                          SHA-256:000814D01EA1184C0EF72D202D996C87A9FA759941D26C52A04212036750E8AC
                                          SHA-512:F86F6567AD2B38068DE9B97BB30F6678D6603E135F51B7F6E52F00EA789A01807670275EF490042EAFAC519ECCA8A3F5D9D81EE10893431212124663690441BB
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............o......xt......................................................#"""#''''''''''..................................................!! !!''''''''''......8....".................................................................................... !1.A.0..`"2@P..B#3.$C4......................!.1A.. 0@QaPq."2...B.`..R..b#..r3....$pCc4.S.....................!.` 0@1PpQq.Aa....".........................!1AQ.aq. .0...@....P.................>...\...fz..$.5n..d.Fi4..[.Q.eA...h..=e.4th.6d.+...............;...&u.Z.kS.(.TY.....D..p.5.Ucf.:.3.53F..X....S.4...=y..Ht..\.In..K,:r.:".`..:.-..r;:.3Fad...JP.z.Yi...K1..M.bt.E.,.q..Y2t.$Tf....M.*.I.....Vb....9...9p.h..Im.DT.?.}._...tN...W......6>=P.T.F$...;e.y........8../W.u..r...Ug.c}9=..xq...'w9.j...1.......8......c../-%.Lh..ybt.(.4..V.*.Me4..ri2.*...Y6i7...Y.Y\.4..OL.L..:9...5w.....P*.&.e.2.sI.P..;4#IM..Z.U...;c...F.....KY...`e<..EvJ..".CJ.4. *u..k9.|.guu7.1.w#.JQ...p.S:.G-e.,.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Blue\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2694
                                          Entropy (8bit):7.707439622958847
                                          Encrypted:false
                                          SSDEEP:48:2usAhHc9oslNpeEcyupYE+QjEv8bLW34y93o7TBgAPM1nVKngEJhbRu/Lulk:x/hHc9oslTtcyAlrj0F3OTBTU1nVJEJu
                                          MD5:07051B5C90CCA67C120D1A943A35E09C
                                          SHA1:97A9FF870D3A0CBABABB86BC39CFF6566A5048D7
                                          SHA-256:E6820CE7032E2CB64598AB8A8FCFFAE41CFBD30ADB2A79833A68DD8484322F12
                                          SHA-512:6EEB69723B7D44C94E712B3E7FA32929572F6BEE899A67B9FE3FABAFCEFD14797130E409DC97D40FEB09BDFC755644E99CB8247578B87A9EBF8DA4C842057021
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................!.... A"123.........................!1Aa"..Qq.2. .3..Rbr#..B...Ccs..................... !1Q.."Aaq.......................!1AQaq........................E..^T.z.b.XR....v..0.u..y...g.....3..n..?...._..fw`......8.4>O.!..-..E...5../=?J...GX...#..*.a:.....^..G.2Ak..c.z.&E.\.............#.O..x.N..v.d^...v.x...6..&...S.............%:Q.....=.."....!..su.Wm.N...:G..n...............:.n<u.u..3....y.h.o+......U`.=.....F..W...a...0..G.:.w.r.....sX..U.....D...d../yvoT....o.\....I)......b`..$..E...8,..7.|u.[,I...[.o.......=...N....(.2C.*..TP..[...% ..Hh..........yU...L....#..Zg.i....5.Go..={..,NCa......_........?..j.g.P.ia(./.E.X.y.a..........?........?..S1.ZE......A.Cvt..9?g

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Blue\Resources\is-BG6VE.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):161910
                                          Entropy (8bit):7.97295943815501
                                          Encrypted:false
                                          SSDEEP:3072:h1ZeXd45pMAJlaci40pn1CZvsfrP/5rX6L41U:h2CuAJ10h1HfrdXk
                                          MD5:2D92739EECCB1D8AC874CFECBE6993F0
                                          SHA1:4670C96EC309A1CEC7C2D1B861F60B9DD63406BA
                                          SHA-256:000814D01EA1184C0EF72D202D996C87A9FA759941D26C52A04212036750E8AC
                                          SHA-512:F86F6567AD2B38068DE9B97BB30F6678D6603E135F51B7F6E52F00EA789A01807670275EF490042EAFAC519ECCA8A3F5D9D81EE10893431212124663690441BB
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............o......xt......................................................#"""#''''''''''..................................................!! !!''''''''''......8....".................................................................................... !1.A.0..`"2@P..B#3.$C4......................!.1A.. 0@QaPq."2...B.`..R..b#..r3....$pCc4.S.....................!.` 0@1PpQq.Aa....".........................!1AQ.aq. .0...@....P.................>...\...fz..$.5n..d.Fi4..[.Q.eA...h..=e.4th.6d.+...............;...&u.Z.kS.(.TY.....D..p.5.Ucf.:.3.53F..X....S.4...=y..Ht..\.In..K,:r.:".`..:.-..r;:.3Fad...JP.z.Yi...K1..M.bt.E.,.q..Y2t.$Tf....M.*.I.....Vb....9...9p.h..Im.DT.?.}._...tN...W......6>=P.T.F$...;e.y........8../W.u..r...Ug.c}9=..xq...'w9.j...1.......8......c../-%.Lh..ybt.(.4..V.*.Me4..ri2.*...Y6i7...Y.Y\.4..OL.L..:9...5w.....P*.&.e.2.sI.P..;4#IM..Z.U...;c...F.....KY...`e<..EvJ..".CJ.4. *u..k9.|.guu7.1.w#.JQ...p.S:.G-e.,.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Blue\Resources\is-QMHE4.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2694
                                          Entropy (8bit):7.707439622958847
                                          Encrypted:false
                                          SSDEEP:48:2usAhHc9oslNpeEcyupYE+QjEv8bLW34y93o7TBgAPM1nVKngEJhbRu/Lulk:x/hHc9oslTtcyAlrj0F3OTBTU1nVJEJu
                                          MD5:07051B5C90CCA67C120D1A943A35E09C
                                          SHA1:97A9FF870D3A0CBABABB86BC39CFF6566A5048D7
                                          SHA-256:E6820CE7032E2CB64598AB8A8FCFFAE41CFBD30ADB2A79833A68DD8484322F12
                                          SHA-512:6EEB69723B7D44C94E712B3E7FA32929572F6BEE899A67B9FE3FABAFCEFD14797130E409DC97D40FEB09BDFC755644E99CB8247578B87A9EBF8DA4C842057021
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................!.... A"123.........................!1Aa"..Qq.2. .3..Rbr#..B...Ccs..................... !1Q.."Aaq.......................!1AQaq........................E..^T.z.b.XR....v..0.u..y...g.....3..n..?...._..fw`......8.4>O.!..-..E...5../=?J...GX...#..*.a:.....^..G.2Ak..c.z.&E.\.............#.O..x.N..v.d^...v.x...6..&...S.............%:Q.....=.."....!..su.Wm.N...:G..n...............:.n<u.u..3....y.h.o+......U`.=.....F..W...a...0..G.:.w.r.....sX..U.....D...d../yvoT....o.\....I)......b`..$..E...8,..7.|u.[,I...[.o.......=...N....(.2C.*..TP..[...% ..Hh..........yU...L....#..Zg.i....5.Go..={..,NCa......_........?..j.g.P.ia(./.E.X.y.a..........?........?..S1.ZE......A.Cvt..9?g

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Blue\is-A95P5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17642
                                          Entropy (8bit):4.894896091838645
                                          Encrypted:false
                                          SSDEEP:384:+cNJikLJycWILPkLJycWILUHNJQkLJycWILhkLJycWIL7kLJycWILw1CjqwI1Cjr:BN8aFNqaw3ZbW
                                          MD5:1BFA3AA1FE7713FF75C1B815B04F4A2D
                                          SHA1:2DECD90DF10763A21026CA93D63183A03483CA42
                                          SHA-256:A0DE59855E6C450AC0D07F29779459BFFA95E85D899A6FAC66BEE81B38C49EF1
                                          SHA-512:8F6445A5F210C561A45247F5B0094DD2C2F33D6E7C83FC5352A283C3478145F90E478D0DD3F2C38B2D09AEC47BD30E78041FD0C316099F57E2E92AE91810ECD1
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy Birthday Blue" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="11170068" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" /

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Lilac\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17639
                                          Entropy (8bit):4.899371803164724
                                          Encrypted:false
                                          SSDEEP:384:OcNJxkLJyrWILckLJyrWILUHNJQkLJyrWILhkLJyrWIL7kLJyrWILw1CjqwI1Cjr:xNL8gNqBbQZbW
                                          MD5:C94FE72739DE7112FA3A10F87B2E327C
                                          SHA1:9E1E75BAF0380D6BE52687A2A03374216F0C2E25
                                          SHA-256:F18CEB22A5D5F19800844E440542831A57E9703111B97D23AF35F11E3FF07FFA
                                          SHA-512:A45108E7C61C6A914C483D5121D93B058B1DCC9F3D4400CEAABCFF060A390D06185C9F965B4A885B88170A25C57204E6EAA4760A04B074749551506F93E57717
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy Birthday Lilac" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="5791649" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="770" y1="216" x2="1130" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1"

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Lilac\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):96881
                                          Entropy (8bit):7.862467032087204
                                          Encrypted:false
                                          SSDEEP:1536:wHQQdItPEoGcvBdoky7NxuX1cAAa4LAlfrahU1xK00Jd6DdEUhHkaCl7o0c:iQcXoLvBduNxuX1GEVahUqhdf+HWzc
                                          MD5:1FACCFD25D63834D2F9EBC50D362181C
                                          SHA1:1D48A737AEA2535315F9B6A100BA6494C07EEB81
                                          SHA-256:2C2848F90C79D0FE7737D7B4494190633154E5F8738F561DE2F096DA4AF2D1A9
                                          SHA-512:3E8B0FB700B08B03279BE75790113A2E1F2FD052B80A0B27B5EC509CC37C921C955A55E42217C146108328BEC18EEA030D44BB932F43A348E5443EBC68011AF1
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......;.....!Adobe.d...............X......zo........................................................... ................ ......8.......................................................................................... !1..0p.@"2.AP#3.`B...$4..C.....................!. 1.0AQaq.@p.."2....BR.br.P`..#3..S..s4...C$....................!p. 01.@.Aa."...Qq.........................!.1A Qa0q.p...@.`....P..................\.,()aJ!bXX..R.aJ..,u.R.v.....X)\.x,.[.....&.))$..5..e...RS.b,.]6.3D...BA+..\."...B......."..J.......P.............../.*R...te....J....'Nf..si......!......2..$.-..H\...IR+5.......McaD*R......d..-....@,....=3...*..;..C..$.M..`..K..D.Y,..Y.....Z4...\.M ....e....."..d.*...(...............@.(%...@...(..4.e.... .9t...3.Z........k.*.....%j....GD.cn`.$..B.[fc..Ay1....\.ZY\.PR...eo6.-V..7.h.X..@XTH5M.j.li! .PB.p.uZ.....I...$.%-[L.'....Rl..q.VZI.H........EL...[..T.A...H .@.E

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Lilac\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2215
                                          Entropy (8bit):7.606267368576538
                                          Encrypted:false
                                          SSDEEP:48:uAzTqNDh9tSsRYSrvCuwRnishtIqYL+WGIbx8I4Eb+C/ZTMoXsO:RzoDz3RYSOuwwNqV45+4ZX
                                          MD5:6878F354838724800E10ED5E4382B8DE
                                          SHA1:F0C62E7A609FA25FF19A8D34222B5389C2978C0D
                                          SHA-256:5AA95BD8A57BE602AE72A9CEE2FBA405876D8E3F4A7907712939A90236B6A3A1
                                          SHA-512:64E58B2F73F5D698718E21C2CC2C8193CBD9AFCBBBE9D909EFDD9CB2074201E83F9AECBFF558238D756F33F004761D161CF80355286E7C06F1AC17B783DD26D4
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............^..............................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".................................................................................. ....!.2........................!1Aa".Q.. q...0.2B#3...Rb...................... .!..1AQa.0.B.....................!1AQa.q. .......................JWK'.S..Wn[.e.8......]s...?k..%.R.-..t..=.....`.T...w.8......1.k.....t.I.g.....AG.?U-t.........y9.0.....%... 1...........bv.G.~...$}......9#eu.,.;..............\.(.l.....Fd`@...G..............e.\...Q.@...nNXc...94Ld..yYn....F.P..w.v..u.x.o..\6$N....WR"T...N..8.p..*...p.5..!.a^.v...7..wVY..M.RXd.u..J.../.).......M.g1......n...1*.U..jO.[?.|....."..}.>-.e=L.qR?.7o..u$....;Q.S.c.f.......3Y..........?.pv4TU.OY$m...=....|..Tg........?...d..PP..T...........?.<.....|..|>....#..5:.U.@..h......x...z...x......Q..C ...d|iI.k

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Lilac\Resources\is-14RGR.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2215
                                          Entropy (8bit):7.606267368576538
                                          Encrypted:false
                                          SSDEEP:48:uAzTqNDh9tSsRYSrvCuwRnishtIqYL+WGIbx8I4Eb+C/ZTMoXsO:RzoDz3RYSOuwwNqV45+4ZX
                                          MD5:6878F354838724800E10ED5E4382B8DE
                                          SHA1:F0C62E7A609FA25FF19A8D34222B5389C2978C0D
                                          SHA-256:5AA95BD8A57BE602AE72A9CEE2FBA405876D8E3F4A7907712939A90236B6A3A1
                                          SHA-512:64E58B2F73F5D698718E21C2CC2C8193CBD9AFCBBBE9D909EFDD9CB2074201E83F9AECBFF558238D756F33F004761D161CF80355286E7C06F1AC17B783DD26D4
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............^..............................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".................................................................................. ....!.2........................!1Aa".Q.. q...0.2B#3...Rb...................... .!..1AQa.0.B.....................!1AQa.q. .......................JWK'.S..Wn[.e.8......]s...?k..%.R.-..t..=.....`.T...w.8......1.k.....t.I.g.....AG.?U-t.........y9.0.....%... 1...........bv.G.~...$}......9#eu.,.;..............\.(.l.....Fd`@...G..............e.\...Q.@...nNXc...94Ld..yYn....F.P..w.v..u.x.o..\6$N....WR"T...N..8.p..*...p.5..!.a^.v...7..wVY..M.RXd.u..J.../.).......M.g1......n...1*.U..jO.[?.|....."..}.>-.e=L.qR?.7o..u$....;Q.S.c.f.......3Y..........?.pv4TU.OY$m...=....|..Tg........?...d..PP..T...........?.<.....|..|>....#..5:.U.@..h......x...z...x......Q..C ...d|iI.k

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Lilac\Resources\is-QL1DK.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):96881
                                          Entropy (8bit):7.862467032087204
                                          Encrypted:false
                                          SSDEEP:1536:wHQQdItPEoGcvBdoky7NxuX1cAAa4LAlfrahU1xK00Jd6DdEUhHkaCl7o0c:iQcXoLvBduNxuX1GEVahUqhdf+HWzc
                                          MD5:1FACCFD25D63834D2F9EBC50D362181C
                                          SHA1:1D48A737AEA2535315F9B6A100BA6494C07EEB81
                                          SHA-256:2C2848F90C79D0FE7737D7B4494190633154E5F8738F561DE2F096DA4AF2D1A9
                                          SHA-512:3E8B0FB700B08B03279BE75790113A2E1F2FD052B80A0B27B5EC509CC37C921C955A55E42217C146108328BEC18EEA030D44BB932F43A348E5443EBC68011AF1
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......;.....!Adobe.d...............X......zo........................................................... ................ ......8.......................................................................................... !1..0p.@"2.AP#3.`B...$4..C.....................!. 1.0AQaq.@p.."2....BR.br.P`..#3..S..s4...C$....................!p. 01.@.Aa."...Qq.........................!.1A Qa0q.p...@.`....P..................\.,()aJ!bXX..R.aJ..,u.R.v.....X)\.x,.[.....&.))$..5..e...RS.b,.]6.3D...BA+..\."...B......."..J.......P.............../.*R...te....J....'Nf..si......!......2..$.-..H\...IR+5.......McaD*R......d..-....@,....=3...*..;..C..$.M..`..K..D.Y,..Y.....Z4...\.M ....e....."..d.*...(...............@.(%...@...(..4.e.... .9t...3.Z........k.*.....%j....GD.cn`.$..B.[fc..Ay1....\.ZY\.PR...eo6.-V..7.h.X..@XTH5M.j.li! .PB.p.uZ.....I...$.%-[L.'....Rl..q.VZI.H........EL...[..T.A...H .@.E

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Lilac\is-RT43R.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17639
                                          Entropy (8bit):4.899371803164724
                                          Encrypted:false
                                          SSDEEP:384:OcNJxkLJyrWILckLJyrWILUHNJQkLJyrWILhkLJyrWIL7kLJyrWILw1CjqwI1Cjr:xNL8gNqBbQZbW
                                          MD5:C94FE72739DE7112FA3A10F87B2E327C
                                          SHA1:9E1E75BAF0380D6BE52687A2A03374216F0C2E25
                                          SHA-256:F18CEB22A5D5F19800844E440542831A57E9703111B97D23AF35F11E3FF07FFA
                                          SHA-512:A45108E7C61C6A914C483D5121D93B058B1DCC9F3D4400CEAABCFF060A390D06185C9F965B4A885B88170A25C57204E6EAA4760A04B074749551506F93E57717
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy Birthday Lilac" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="5791649" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="770" y1="216" x2="1130" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1"

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Peach\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17637
                                          Entropy (8bit):4.8960427020868105
                                          Encrypted:false
                                          SSDEEP:384:ZqcNJikLJylWILPkLJylWILUHNJQkLJylWILhkLJylWIL7kLJylWILw1CjqwI1CP:rN8JaNqD1SZbW
                                          MD5:662D6369773C50DCEDC6D1FE2E370303
                                          SHA1:48DD4F4728838645458C7A381491DD6DA4BDD382
                                          SHA-256:26AC12BE6DE93595C516BA15A7A375A7788FAC3EDA8305D51CB2BFC511AA5CDA
                                          SHA-512:193DB78E0FEE086346F811728AC3D28E79B3C8A5160E90FA2AB9C8ABC5E4A094E0BDEC3C62F6E241165DA98E3D62359D0CA1F1425B7F32CD9F7FB7F806331D52
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy Birthday Peach" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="3124193" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" /

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Peach\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):225058
                                          Entropy (8bit):7.979822311499385
                                          Encrypted:false
                                          SSDEEP:6144:DyHF9nx/jcn1oy2pI0Z9BdXqNpjhiomvOa:Dyl9tc12/ZtX6p+Oa
                                          MD5:8A4E5877A1741C7312B2C1526FDCA19F
                                          SHA1:F5AC77931D10368273A8C0075AEBFD94A8A91BB5
                                          SHA-256:A3D2F14D284E38DCEF79F7B4CCDC205435438C89826A72632B3C6D2D1A04D490
                                          SHA-512:793BDBE61038FC03B982F37D70D36FB8714F76E884D23CC48C6462761B0F461D81703D20E3E897507AB6D8D90753DD000FC9DD8C3D72E232BEC5B5AAF20A2CF6
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d......................o ......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."...................................................................................... !..10A."2..@#3.B$P4.%CD5.....................!.1..AQa". q..2.0...BR@`.b#3.Pp.r....CS...$..cs...D4dt.....................!.1AQ. aq.0@..."P`..2BR..br...#..3S.Cc....................!1.AQaq... ......0@.................[<..#E.m5.Y.L.].-0..8=)k..a".....w.a.e...86..V|...S1.)z..H5..&Z!V..*b.p..d(0..f..j...z.*?......2._Ro!HWb.-..tm.W..yx.I.F..v........(.k[.......0...`.+p.7.dPW.S:0.4....F1LSEF.U..}5m&:e.....R..Sa#R...!9/1.Qr=+s[/z.Wj<.T....F...4.[.t.W`F..VZ.].r.\.f.q\$...%.Ib...D.Kj...Z]D.!..r9$.$..d....\_p.u.3.\?...;.~Ow.,.\.E:cE6.....(....%e=.3D.k......`......>..o7&.0I..lQ..1..f..45.a.....%7kC..o.......+(`..e.F.sUz(.a...f...].E.7..=.ic....bUJ....Ai*.....6J4....._..6.4

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Peach\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3078
                                          Entropy (8bit):7.763112700585088
                                          Encrypted:false
                                          SSDEEP:48:ZAjkI7W02Audj33LeiudZHAzavc35t50IZGFXz8NAl6Pef0y+HUyaMhC5PY5Aa:qjBgLlwZgzB3x04eXzmm6P84P95Aa
                                          MD5:6C3490E43BB43937C688BA31264648BF
                                          SHA1:CA7505093AC7062B359D878C1485BEE851A31B3E
                                          SHA-256:D144709EDC208EED7EA00B7E9C9503D2713873B8C041D61F4B570AF248DCEA28
                                          SHA-512:860D03BE8443904F4C8E151F754BB7BD6F68AE6F9A4381F6BE17FF4A9B7CAD06E20A93492CA1F09160BA333E0D22B7C85FD3A97EC41800D8604496516569CEA6
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!...1"#... 3$.......................!1A.Q".. aq2...BR#0.....br.c.....................!.1AQa. ...."2Rq..Bb....................!1AQa...q......................NE.0p.d[.....,V#.lU.+w.27.>......6./.I.hF......L.9......P]B..O[V.4^.K.3.....Z.x.5.`..t.)S..Tw$.!.E[..S%..s|l|.u...j.....`.C....!R.B(..............avE.FV.Z.A>....n......<P...].Dx.(z;..#..N._"w"............/..o......MnKY...A...r.O..^.._.............wD ..Go....Y:W..u..b...[#..........vu......_~.k...#..<#...#p..>.)....%.....c.9.Y...C........V.#B.....$..0.4.0.M3!d.~...@......b;v#....igccu.<...j.C~_....2Xg.x.(#B...T...W..Mt._k2.:..9.+:9.Xs..s.d5.J.ar...d..'gz.vU.|...Y<.4,.`.s .+ob..`u......0/..._....d........?..F..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Peach\Resources\is-6OASP.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):225058
                                          Entropy (8bit):7.979822311499385
                                          Encrypted:false
                                          SSDEEP:6144:DyHF9nx/jcn1oy2pI0Z9BdXqNpjhiomvOa:Dyl9tc12/ZtX6p+Oa
                                          MD5:8A4E5877A1741C7312B2C1526FDCA19F
                                          SHA1:F5AC77931D10368273A8C0075AEBFD94A8A91BB5
                                          SHA-256:A3D2F14D284E38DCEF79F7B4CCDC205435438C89826A72632B3C6D2D1A04D490
                                          SHA-512:793BDBE61038FC03B982F37D70D36FB8714F76E884D23CC48C6462761B0F461D81703D20E3E897507AB6D8D90753DD000FC9DD8C3D72E232BEC5B5AAF20A2CF6
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d......................o ......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."...................................................................................... !..10A."2..@#3.B$P4.%CD5.....................!.1..AQa". q..2.0...BR@`.b#3.Pp.r....CS...$..cs...D4dt.....................!.1AQ. aq.0@..."P`..2BR..br...#..3S.Cc....................!1.AQaq... ......0@.................[<..#E.m5.Y.L.].-0..8=)k..a".....w.a.e...86..V|...S1.)z..H5..&Z!V..*b.p..d(0..f..j...z.*?......2._Ro!HWb.-..tm.W..yx.I.F..v........(.k[.......0...`.+p.7.dPW.S:0.4....F1LSEF.U..}5m&:e.....R..Sa#R...!9/1.Qr=+s[/z.Wj<.T....F...4.[.t.W`F..VZ.].r.\.f.q\$...%.Ib...D.Kj...Z]D.!..r9$.$..d....\_p.u.3.\?...;.~Ow.,.\.E:cE6.....(....%e=.3D.k......`......>..o7&.0I..lQ..1..f..45.a.....%7kC..o.......+(`..e.F.sUz(.a...f...].E.7..=.ic....bUJ....Ai*.....6J4....._..6.4

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Peach\Resources\is-RJG9A.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3078
                                          Entropy (8bit):7.763112700585088
                                          Encrypted:false
                                          SSDEEP:48:ZAjkI7W02Audj33LeiudZHAzavc35t50IZGFXz8NAl6Pef0y+HUyaMhC5PY5Aa:qjBgLlwZgzB3x04eXzmm6P84P95Aa
                                          MD5:6C3490E43BB43937C688BA31264648BF
                                          SHA1:CA7505093AC7062B359D878C1485BEE851A31B3E
                                          SHA-256:D144709EDC208EED7EA00B7E9C9503D2713873B8C041D61F4B570AF248DCEA28
                                          SHA-512:860D03BE8443904F4C8E151F754BB7BD6F68AE6F9A4381F6BE17FF4A9B7CAD06E20A93492CA1F09160BA333E0D22B7C85FD3A97EC41800D8604496516569CEA6
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!...1"#... 3$.......................!1A.Q".. aq2...BR#0.....br.c.....................!.1AQa. ...."2Rq..Bb....................!1AQa...q......................NE.0p.d[.....,V#.lU.+w.27.>......6./.I.hF......L.9......P]B..O[V.4^.K.3.....Z.x.5.`..t.)S..Tw$.!.E[..S%..s|l|.u...j.....`.C....!R.B(..............avE.FV.Z.A>....n......<P...].Dx.(z;..#..N._"w"............/..o......MnKY...A...r.O..^.._.............wD ..Go....Y:W..u..b...[#..........vu......_~.k...#..<#...#p..>.)....%.....c.9.Y...C........V.#B.....$..0.4.0.M3!d.~...@......b;v#....igccu.<...j.C~_....2Xg.x.(#B...T...W..Mt._k2.:..9.+:9.Xs..s.d5.J.ar...d..'gz.vU.|...Y<.4,.`.s .+ob..`u......0/..._....d........?..F..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Happy Birthday Peach\is-V7BS4.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17637
                                          Entropy (8bit):4.8960427020868105
                                          Encrypted:false
                                          SSDEEP:384:ZqcNJikLJylWILPkLJylWILUHNJQkLJylWILhkLJylWIL7kLJylWILw1CjqwI1CP:rN8JaNqD1SZbW
                                          MD5:662D6369773C50DCEDC6D1FE2E370303
                                          SHA1:48DD4F4728838645458C7A381491DD6DA4BDD382
                                          SHA-256:26AC12BE6DE93595C516BA15A7A375A7788FAC3EDA8305D51CB2BFC511AA5CDA
                                          SHA-512:193DB78E0FEE086346F811728AC3D28E79B3C8A5160E90FA2AB9C8ABC5E4A094E0BDEC3C62F6E241165DA98E3D62359D0CA1F1425B7F32CD9F7FB7F806331D52
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy Birthday Peach" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="3124193" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" /

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Heading North\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17630
                                          Entropy (8bit):4.895246440174683
                                          Encrypted:false
                                          SSDEEP:384:OcNJikLJyKWILPkLJyKWILUHNJQkLJyKWILhkLJyKWIL7kLJyKWILw1CjqwI1Cjr:xN8wrNqIWdZbW
                                          MD5:E1ECBE2D4025C63C7F515B28B5AF1552
                                          SHA1:A449DB20768E0412F8A69C685B5B19EDC9F362FD
                                          SHA-256:C2F9CDECCC232EF6F767458923FD1101CA1FD48294A1897DBBA732295FE2BED0
                                          SHA-512:7A7231866B4EA4FA5F7AE4479EF732025DD2CE74AE5EB5A0F3F2E4A8EF501B57DF8A0028E3F786EE59273AF3D39DADEA0BECE7F0428086CA5A832BF3C90AB1DD
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Heading North" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="2707831" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Heading North\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):326227
                                          Entropy (8bit):7.979628041075152
                                          Encrypted:false
                                          SSDEEP:6144:4VrAsXtum8dAh+pjtkBn0WREGm8VSwtul/X05KQT/lOa7gJ2pjIZv:KrLXEJSKCB3R7m5Qkf05rtOa7AWkh
                                          MD5:A54E1E5A3DE9991B0FB4C3E339EA708D
                                          SHA1:D6CB2E828D83A9BFE4C9C21EEC578B5C171977A3
                                          SHA-256:7470B0A3A23AF91730DDE23A6F9AB5BBAFCE7E478207208FF9DD0518FCB1C5A0
                                          SHA-512:50805BC54A05C56246D67ED53A0580982A909F03C4780BE00E0FA28A27DB866ED420A28E43FF15FE29E3192163D49B2BC21B93B7C480A9B4AF094E9D21A3E580
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............X........Q......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."....................................................................................!..1"... 0A2.@B#.P3.C$4%.`.D5.....................!1AQ...aq"....2. ..B.Rbr#3.0...@...CP`..Ss$.c4......DT%t5.....................!1 0`AQq.@Pa...2.."....R..r.3.Bb.......................!1AQaq...... ....0@...............,.......M..c".2..V.e.D642bE...X$.1i.i....:.rY.........U.U.%...7.B..rt..c..].SMF..f2d[..BK.mT.Wi.UL:.#..+-..o6...;....t.K.......)]1.A......le.J.B-.".e+UV...+^..H.X.....E.DQ.mY..ku6e..A. .DJc.Nz%U....d.+.T.Yk.qj......Jz...."-..]......_......B......b2...K.eChaR...s..[.gP.=1.$......)..h.uZr.....Q..4.rd..NV.kDz....4.1.u?=.I.5lS\....xX.3...2..A...-.6..l.B.A.c3...pl.|...UF.@..U....*..4j].4..TlH.,....K.d.F.;AX.......Cl...hI........$-."X..5.AM(.......L..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Heading North\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x74, components 3
                                          Category:dropped
                                          Size (bytes):3226
                                          Entropy (8bit):7.7937199807002076
                                          Encrypted:false
                                          SSDEEP:96:Uc0WMiMjHgN8aNQUoYyTh+wBjTBMpXzoS4GA:65GhoW9pXzIGA
                                          MD5:A585F5A0E638CE9DAB19EDEEDAA15E83
                                          SHA1:70AA7604EAA5B043D8E805B3C78434EB38B813C0
                                          SHA-256:670ED705CB2002418BC29FE8DDE639FCE79528337D02197EA757C0F011A08798
                                          SHA-512:DBE5645FAD9E709BD8E26401AC4B52E5304E7875C1B350578E972614D7B6A4BD7CDC5D75B68EB3ACB3805E3DD4192C79A58A20BFC2B0F30D620E0A009AE5C40B
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................R..........................................................#"""#''''''''''..................................................!! !!''''''''''......J.`..".......................................................................................!1.A"2.4#3$.5......................!1..A".Qa23.q..B ..R.#C...b..5r..4......................!.1Qa. .Aq...2...3....................!1AQaq.........................1[..X...Ib........j.J3.y.X.U2..&.L.....v.m.\(...r....o+..{8g..jY.....'&.oA.0.cE..02.]...FY....1.8..u.....6..X.4.._|.G.l...'N1....Gk.o..........................ExY.A..K..C.D...$.k.zv..#-}.......^.6...............T5....x#.m....).[m..U.4jkm..@!.5..n.............7..;.\...+p.O.F.u:.iZ.h..._de].RZ..".~.(.e..j..5L.N..*ue....:....Z@&.7.J...R.H..@.."....o..Yc.\|n .D...@jT4.fF....f.U...|a.$.r.2...t..X.X7o..1.3w@A.:C.."D.%.?9.2y......q_...`.[e...G".P..,..,Yps.....yP...p./......y.g..:..$.....6.... ..`.....B}.[f.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Heading North\Resources\is-DKCA3.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x74, components 3
                                          Category:dropped
                                          Size (bytes):3226
                                          Entropy (8bit):7.7937199807002076
                                          Encrypted:false
                                          SSDEEP:96:Uc0WMiMjHgN8aNQUoYyTh+wBjTBMpXzoS4GA:65GhoW9pXzIGA
                                          MD5:A585F5A0E638CE9DAB19EDEEDAA15E83
                                          SHA1:70AA7604EAA5B043D8E805B3C78434EB38B813C0
                                          SHA-256:670ED705CB2002418BC29FE8DDE639FCE79528337D02197EA757C0F011A08798
                                          SHA-512:DBE5645FAD9E709BD8E26401AC4B52E5304E7875C1B350578E972614D7B6A4BD7CDC5D75B68EB3ACB3805E3DD4192C79A58A20BFC2B0F30D620E0A009AE5C40B
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................R..........................................................#"""#''''''''''..................................................!! !!''''''''''......J.`..".......................................................................................!1.A"2.4#3$.5......................!1..A".Qa23.q..B ..R.#C...b..5r..4......................!.1Qa. .Aq...2...3....................!1AQaq.........................1[..X...Ib........j.J3.y.X.U2..&.L.....v.m.\(...r....o+..{8g..jY.....'&.oA.0.cE..02.]...FY....1.8..u.....6..X.4.._|.G.l...'N1....Gk.o..........................ExY.A..K..C.D...$.k.zv..#-}.......^.6...............T5....x#.m....).[m..U.4jkm..@!.5..n.............7..;.\...+p.O.F.u:.iZ.h..._de].RZ..".~.(.e..j..5L.N..*ue....:....Z@&.7.J...R.H..@.."....o..Yc.\|n .D...@jT4.fF....f.U...|a.$.r.2...t..X.X7o..1.3w@A.:C.."D.%.?9.2y......q_...`.[e...G".P..,..,Yps.....yP...p./......y.g..:..$.....6.... ..`.....B}.[f.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Heading North\Resources\is-HI7U6.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):326227
                                          Entropy (8bit):7.979628041075152
                                          Encrypted:false
                                          SSDEEP:6144:4VrAsXtum8dAh+pjtkBn0WREGm8VSwtul/X05KQT/lOa7gJ2pjIZv:KrLXEJSKCB3R7m5Qkf05rtOa7AWkh
                                          MD5:A54E1E5A3DE9991B0FB4C3E339EA708D
                                          SHA1:D6CB2E828D83A9BFE4C9C21EEC578B5C171977A3
                                          SHA-256:7470B0A3A23AF91730DDE23A6F9AB5BBAFCE7E478207208FF9DD0518FCB1C5A0
                                          SHA-512:50805BC54A05C56246D67ED53A0580982A909F03C4780BE00E0FA28A27DB866ED420A28E43FF15FE29E3192163D49B2BC21B93B7C480A9B4AF094E9D21A3E580
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............X........Q......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."....................................................................................!..1"... 0A2.@B#.P3.C$4%.`.D5.....................!1AQ...aq"....2. ..B.Rbr#3.0...@...CP`..Ss$.c4......DT%t5.....................!1 0`AQq.@Pa...2.."....R..r.3.Bb.......................!1AQaq...... ....0@...............,.......M..c".2..V.e.D642bE...X$.1i.i....:.rY.........U.U.%...7.B..rt..c..].SMF..f2d[..BK.mT.Wi.UL:.#..+-..o6...;....t.K.......)]1.A......le.J.B-.".e+UV...+^..H.X.....E.DQ.mY..ku6e..A. .DJc.Nz%U....d.+.T.Yk.qj......Jz...."-..]......_......B......b2...K.eChaR...s..[.gP.=1.$......)..h.uZr.....Q..4.rd..NV.kDz....4.1.u?=.I.5lS\....xX.3...2..A...-.6..l.B.A.c3...pl.|...UF.@..U....*..4j].4..TlH.,....K.d.F.;AX.......Cl...hI........$-."X..5.AM(.......L..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Heading North\is-NC6M8.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17630
                                          Entropy (8bit):4.895246440174683
                                          Encrypted:false
                                          SSDEEP:384:OcNJikLJyKWILPkLJyKWILUHNJQkLJyKWILhkLJyKWIL7kLJyKWILw1CjqwI1Cjr:xN8wrNqIWdZbW
                                          MD5:E1ECBE2D4025C63C7F515B28B5AF1552
                                          SHA1:A449DB20768E0412F8A69C685B5B19EDC9F362FD
                                          SHA-256:C2F9CDECCC232EF6F767458923FD1101CA1FD48294A1897DBBA732295FE2BED0
                                          SHA-512:7A7231866B4EA4FA5F7AE4479EF732025DD2CE74AE5EB5A0F3F2E4A8EF501B57DF8A0028E3F786EE59273AF3D39DADEA0BECE7F0428086CA5A832BF3C90AB1DD
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Heading North" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="2707831" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\I Love You\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17634
                                          Entropy (8bit):4.899897826447525
                                          Encrypted:false
                                          SSDEEP:384:qcNJDkLJyfWILTkLJyfWILUHNJQkLJyfWILhkLJyfWIL7kLJyfWILw1CjqwI1Cjr:FNNTANqh7wZbW
                                          MD5:05AAE6B8643BC8A12BE126C6E515C31F
                                          SHA1:16F53A0D8FEB1E7A1B007EAB58BC1903FEDA4E2A
                                          SHA-256:2691409D591E4B8DB6449827263447916F304601E50D45162721CE06FBB40B78
                                          SHA-512:C5AD3D289EDCC24063FBF93D4D881188345DCEAC9E76614B2EA030542AA9A8304D7D3D92C8B2E3CA7E60CE034C7B6582E55C7AEB0E9888AD447E679BE9A59F53
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="I Love You" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="9416397" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\I Love You\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):82371
                                          Entropy (8bit):7.9568270697264705
                                          Encrypted:false
                                          SSDEEP:1536:/actFmRxZ9ierJJnMrpokZkeGyuNjNhFG4zGggkhzZ8fpm:yct4Rdf3YOmGjjNhFhzTCfA
                                          MD5:536B2C54157E96FB232C7F2554CA67AB
                                          SHA1:394121C24B12CACE861EDC72CACD6232F835CC07
                                          SHA-256:3BF85CF2CDF894A1AF3F4B30E51F3A4D42643C03E0C84AAD84D719EB694B5D8C
                                          SHA-512:47B7E35BFCC8847688A09BF05FA078035575A87E868CF6262F28DDB1BB3100BB27EA24D7BDB981F56262DD859522A454EA32A04C3AEFF99A63C79BAED1CCF8B3
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................*..A.......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."................................................................................... ...01AP!..@...`"2#.$.3..B4.D%......................!.1AQ"..aq.2. ....BR#0@p.br3.P`.C....S.$4..c....s......................!1.Q 0`Aaq..."2..@.....3p...R.B......................1.!A Qa0q.@P.......`.p.................?.....K...........L.YT..:Yd......u..:I.CX.#P.5...*,.:*.,$...D....@.....N]....8.).l..,.k:.z.YL.....9.7.f%..J....m'..M.)..;f....u....8....Y@E.fu........,.....@.....N.Z.<.s...........y>.X.Q.......%........*...K,..[.}9..]gI%.....k...e MgE..`. (".P..........f.R.....6bk5....u\..Y.%...7...I.-.Y"YD.X5....n\.:..Xs.t..4..gR.}9.X..H5..:.!`........AR. ..... .,...]yP.@........,.}4.` ....... ..]yu.9.U,,.N.T.w..gxK...X.K,(5..2J.o...,...,...E.@.....o.E.s.<..h..ky.I...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\I Love You\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2265
                                          Entropy (8bit):7.641271469435774
                                          Encrypted:false
                                          SSDEEP:48:FAFr/tZiSw4x0IZ2odvh/gONUkVCwZROxTcdg+8dAM7OPJ6l+leHedqq:2FrVZiIfl3/gOooR6P7mbqq
                                          MD5:5F23C9F496688E20C0433213BD12EB45
                                          SHA1:C1AC4F3F20963C8B23925E7F8CAD171589C5EE7D
                                          SHA-256:137E9D7F560970DB70870797CF3E12488EA89E63001C1A67299C6565C2C6B627
                                          SHA-512:3989CE6635381BB0FC3606D5E99B17B665DEFD70D63E94564C5C2EEC5F05AA33AA6F507F3AECAFEAE1DEA948FFEED60571AB61CB6115E1A8E20C48FF4070D13D
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............`..............................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".....................................................................................1.A.. 0!.2#.".......................!.1AQa".... q..2#@.B..Rbr..3..................!.... 1.".0AQa..2q....R......................!1A.Qaq......................A...WF.A.WATSY.......E.V..7...<.....B!T....[!..[.l.E......mq..4.V..H#....oM.x)bl.&.h.g..ty(....6.k.%.0.. @....`:H................C...h...N.@Th.JmZ...h..Z.Q............&..1...#.....mX.a..r*G0..x.3.....d...._...........Cc.......Q.Cg.]FQ..b. <.[:GG..K.....g....e.^...<...|.<E.h......1.Y.._...Y...G....n.........$....cwap....P.u..K.........X........P../.]=......D.d._9.*..l.T..N.7wQ...T...........?...}..]T...w7..U......W........?..F......bx...fnW'....T...$i-3..E....}......US..V_.......1............?..1..O$d).....H.[Z

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\I Love You\Resources\is-AFV52.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2265
                                          Entropy (8bit):7.641271469435774
                                          Encrypted:false
                                          SSDEEP:48:FAFr/tZiSw4x0IZ2odvh/gONUkVCwZROxTcdg+8dAM7OPJ6l+leHedqq:2FrVZiIfl3/gOooR6P7mbqq
                                          MD5:5F23C9F496688E20C0433213BD12EB45
                                          SHA1:C1AC4F3F20963C8B23925E7F8CAD171589C5EE7D
                                          SHA-256:137E9D7F560970DB70870797CF3E12488EA89E63001C1A67299C6565C2C6B627
                                          SHA-512:3989CE6635381BB0FC3606D5E99B17B665DEFD70D63E94564C5C2EEC5F05AA33AA6F507F3AECAFEAE1DEA948FFEED60571AB61CB6115E1A8E20C48FF4070D13D
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............`..............................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".....................................................................................1.A.. 0!.2#.".......................!.1AQa".... q..2#@.B..Rbr..3..................!.... 1.".0AQa..2q....R......................!1A.Qaq......................A...WF.A.WATSY.......E.V..7...<.....B!T....[!..[.l.E......mq..4.V..H#....oM.x)bl.&.h.g..ty(....6.k.%.0.. @....`:H................C...h...N.@Th.JmZ...h..Z.Q............&..1...#.....mX.a..r*G0..x.3.....d...._...........Cc.......Q.Cg.]FQ..b. <.[:GG..K.....g....e.^...<...|.<E.h......1.Y.._...Y...G....n.........$....cwap....P.u..K.........X........P../.]=......D.d._9.*..l.T..N.7wQ...T...........?...}..]T...w7..U......W........?..F......bx...fnW'....T...$i-3..E....}......US..V_.......1............?..1..O$d).....H.[Z

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\I Love You\Resources\is-BH8PE.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):82371
                                          Entropy (8bit):7.9568270697264705
                                          Encrypted:false
                                          SSDEEP:1536:/actFmRxZ9ierJJnMrpokZkeGyuNjNhFG4zGggkhzZ8fpm:yct4Rdf3YOmGjjNhFhzTCfA
                                          MD5:536B2C54157E96FB232C7F2554CA67AB
                                          SHA1:394121C24B12CACE861EDC72CACD6232F835CC07
                                          SHA-256:3BF85CF2CDF894A1AF3F4B30E51F3A4D42643C03E0C84AAD84D719EB694B5D8C
                                          SHA-512:47B7E35BFCC8847688A09BF05FA078035575A87E868CF6262F28DDB1BB3100BB27EA24D7BDB981F56262DD859522A454EA32A04C3AEFF99A63C79BAED1CCF8B3
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................*..A.......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."................................................................................... ...01AP!..@...`"2#.$.3..B4.D%......................!.1AQ"..aq.2. ....BR#0@p.br3.P`.C....S.$4..c....s......................!1.Q 0`Aaq..."2..@.....3p...R.B......................1.!A Qa0q.@P.......`.p.................?.....K...........L.YT..:Yd......u..:I.CX.#P.5...*,.:*.,$...D....@.....N]....8.).l..,.k:.z.YL.....9.7.f%..J....m'..M.)..;f....u....8....Y@E.fu........,.....@.....N.Z.<.s...........y>.X.Q.......%........*...K,..[.}9..]gI%.....k...e MgE..`. (".P..........f.R.....6bk5....u\..Y.%...7...I.-.Y"YD.X5....n\.:..Xs.t..4..gR.}9.X..H5..:.!`........AR. ..... .,...]yP.@........,.}4.` ....... ..]yu.9.U,,.N.T.w..gxK...X.K,(5..2J.o...,...,...E.@.....o.E.s.<..h..ky.I...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\I Love You\is-TV0QU.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17634
                                          Entropy (8bit):4.899897826447525
                                          Encrypted:false
                                          SSDEEP:384:qcNJDkLJyfWILTkLJyfWILUHNJQkLJyfWILhkLJyfWIL7kLJyfWILw1CjqwI1Cjr:FNNTANqh7wZbW
                                          MD5:05AAE6B8643BC8A12BE126C6E515C31F
                                          SHA1:16F53A0D8FEB1E7A1B007EAB58BC1903FEDA4E2A
                                          SHA-256:2691409D591E4B8DB6449827263447916F304601E50D45162721CE06FBB40B78
                                          SHA-512:C5AD3D289EDCC24063FBF93D4D881188345DCEAC9E76614B2EA030542AA9A8304D7D3D92C8B2E3CA7E60CE034C7B6582E55C7AEB0E9888AD447E679BE9A59F53
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="I Love You" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="9416397" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Merry Christmas\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17634
                                          Entropy (8bit):4.894826050277977
                                          Encrypted:false
                                          SSDEEP:384:ZcNJxkLJyZWILckLJyZWILUHNJQkLJyZWILhkLJyZWIL7kLJyZWILw1CjqwI1Cjr:SNLamNqnBuZbW
                                          MD5:E44D6852006FCFC1C2D5D55EE56240B0
                                          SHA1:4101F39155D9AFE427E409C24F8BC8D997B1BD3F
                                          SHA-256:9F5609DAAA8ED12475F3B904192B5A6A23E129EB014837A7220686FEB2F25D01
                                          SHA-512:C85AE3692EC15C33E17178572D15B3EF5E1D71CB505E836D211DE87AAA5B5418E3EF4015A423EF5317CE38A8B4D78B260E370F72E55E797619472EDF5CA5E42E
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Merry Christmas" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="5672180" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="770" y1="216" x2="1130" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Merry Christmas\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):151804
                                          Entropy (8bit):7.969470901222156
                                          Encrypted:false
                                          SSDEEP:3072:BqBX+IXVcEi/IxJYkJeM/WKfFzz7VQ4k4Lfml6OBeGKzlyv4R:BqQBEiUdWyRbxhyvs
                                          MD5:FA415360552CB47821E336A5BBD90ACC
                                          SHA1:A8E06D8CBAB3F5626176E7A05C56CC15A1A1A482
                                          SHA-256:E64A0D8F5F0484D0C1AE15C7C9193117440C411228D0468B41AF40CCF4573023
                                          SHA-512:1478065B343D8C1B2A2438A0335BA425844229399D6E0C42ABC0A54A01E2A8D6B7BA126996E9676CBEAD4655C4A9FC94AE01D7EC8CC9C503030B6A2F28DCD355
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.................H...P.......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."........................................................................................ !10..@A".P`2#.pB3$C4.%5.....................!.1...AQa" q.2.0p.B....R#.@.b3C.r..$.P`.Sc..4.....................!.1AQ. `aq.0..."@..2BR...#.br.3p.CS.....................!1A.Qa 0q..@.......P`...........................4.e.C..D.$..B.H..bb..2..M.....F..._....>c...+.j...W.N....|.Y............}.......O.P.t.....f{..}^..q.]..g..;.y=_;.&.....C........{.#...?.g.......{_...O./=.9....}..y...z.S......=<.].j.....?..o..y.....>...|..|.O............V]t!.^..Wo...|..x...]...m._..>.%v....,............1..@....J .@..!.&&...............&........`...&....M...d... JJ......J...2M.%@..J..I.L:.^o. ...bM.iZ....B.."....h....d.I....S.f.....z:.O.y...E.7u...7.c.y.z.......U.....?...i.z.w..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Merry Christmas\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3306
                                          Entropy (8bit):7.76711735242704
                                          Encrypted:false
                                          SSDEEP:96:jaeLI8sthHM/WL+oMXe21YfzV8IYNk7AFeN1L:knt9AWL+oMJYbV8IJA0p
                                          MD5:63634EDB1719B1692D1113FF3E3E5677
                                          SHA1:95385A22B13C92322C1FBBAB447A4AE5AD860749
                                          SHA-256:99659AEF33B988167A4D27DC0527BD75855A89B2F735EC95319793EF3FA73103
                                          SHA-512:E1B6480F4A4A612D304A9EEDDDB1D6A333F775E654670BDECC54B17846CC4E73D44B796D4EDF39B7AFA917A4D4F19C67CADF2F5BD5D5F7EE74CD24F3BFB9F9B1
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!.2 1A"#$......................!.1."..AQaq.2B. ....#3....Rbc$....................!1..AQ.a.. ."2.q...b......................!1AQaq.........................o.....D.-...)....QMX..N.sk....*...z.>~..M._.6.)(s.@..Pi..#..sF..aZx.3..=]..:....s.4/ls>..Aa.......!...P.]...^..K...?..<.T...l.J[2R................L.N.$%.;.V........Y....y..1....................y..V.XF.3f.......j.w.g.J.nY."..-...........a9.7.=...y...............(...0K....[;..K.*.{.-.'Xm.r..9.s...g.c....f.....1.#..@.{..@...ru.<.$.b..^.~&r=.q..b.X...'.Y(...`.)....9....k..............>|.RP.6.G.Fv.^u..b.qX...a...w..v...m.H.u.D.........t..v...J....L=.#._...bN{H....jbAw..~.....]L.hp).C......._f....>.IQ-..k..C.........H.L

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Merry Christmas\Resources\is-3R159.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):151804
                                          Entropy (8bit):7.969470901222156
                                          Encrypted:false
                                          SSDEEP:3072:BqBX+IXVcEi/IxJYkJeM/WKfFzz7VQ4k4Lfml6OBeGKzlyv4R:BqQBEiUdWyRbxhyvs
                                          MD5:FA415360552CB47821E336A5BBD90ACC
                                          SHA1:A8E06D8CBAB3F5626176E7A05C56CC15A1A1A482
                                          SHA-256:E64A0D8F5F0484D0C1AE15C7C9193117440C411228D0468B41AF40CCF4573023
                                          SHA-512:1478065B343D8C1B2A2438A0335BA425844229399D6E0C42ABC0A54A01E2A8D6B7BA126996E9676CBEAD4655C4A9FC94AE01D7EC8CC9C503030B6A2F28DCD355
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.................H...P.......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."........................................................................................ !10..@A".P`2#.pB3$C4.%5.....................!.1...AQa" q.2.0p.B....R#.@.b3C.r..$.P`.Sc..4.....................!.1AQ. `aq.0..."@..2BR...#.br.3p.CS.....................!1A.Qa 0q..@.......P`...........................4.e.C..D.$..B.H..bb..2..M.....F..._....>c...+.j...W.N....|.Y............}.......O.P.t.....f{..}^..q.]..g..;.y=_;.&.....C........{.#...?.g.......{_...O./=.9....}..y...z.S......=<.].j.....?..o..y.....>...|..|.O............V]t!.^..Wo...|..x...]...m._..>.%v....,............1..@....J .@..!.&&...............&........`...&....M...d... JJ......J...2M.%@..J..I.L:.^o. ...bM.iZ....B.."....h....d.I....S.f.....z:.O.y...E.7u...7.c.y.z.......U.....?...i.z.w..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Merry Christmas\Resources\is-50084.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3306
                                          Entropy (8bit):7.76711735242704
                                          Encrypted:false
                                          SSDEEP:96:jaeLI8sthHM/WL+oMXe21YfzV8IYNk7AFeN1L:knt9AWL+oMJYbV8IJA0p
                                          MD5:63634EDB1719B1692D1113FF3E3E5677
                                          SHA1:95385A22B13C92322C1FBBAB447A4AE5AD860749
                                          SHA-256:99659AEF33B988167A4D27DC0527BD75855A89B2F735EC95319793EF3FA73103
                                          SHA-512:E1B6480F4A4A612D304A9EEDDDB1D6A333F775E654670BDECC54B17846CC4E73D44B796D4EDF39B7AFA917A4D4F19C67CADF2F5BD5D5F7EE74CD24F3BFB9F9B1
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!.2 1A"#$......................!.1."..AQaq.2B. ....#3....Rbc$....................!1..AQ.a.. ."2.q...b......................!1AQaq.........................o.....D.-...)....QMX..N.sk....*...z.>~..M._.6.)(s.@..Pi..#..sF..aZx.3..=]..:....s.4/ls>..Aa.......!...P.]...^..K...?..<.T...l.J[2R................L.N.$%.;.V........Y....y..1....................y..V.XF.3f.......j.w.g.J.nY."..-...........a9.7.=...y...............(...0K....[;..K.*.{.-.'Xm.r..9.s...g.c....f.....1.#..@.{..@...ru.<.$.b..^.~&r=.q..b.X...'.Y(...`.)....9....k..............>|.RP.6.G.Fv.^u..b.qX...a...w..v...m.H.u.D.........t..v...J....L=.#._...bN{H....jbAw..~.....]L.hp).C......._f....>.IQ-..k..C.........H.L

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Merry Christmas\is-2LVVI.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17634
                                          Entropy (8bit):4.894826050277977
                                          Encrypted:false
                                          SSDEEP:384:ZcNJxkLJyZWILckLJyZWILUHNJQkLJyZWILhkLJyZWIL7kLJyZWILw1CjqwI1Cjr:SNLamNqnBuZbW
                                          MD5:E44D6852006FCFC1C2D5D55EE56240B0
                                          SHA1:4101F39155D9AFE427E409C24F8BC8D997B1BD3F
                                          SHA-256:9F5609DAAA8ED12475F3B904192B5A6A23E129EB014837A7220686FEB2F25D01
                                          SHA-512:C85AE3692EC15C33E17178572D15B3EF5E1D71CB505E836D211DE87AAA5B5418E3EF4015A423EF5317CE38A8B4D78B260E370F72E55E797619472EDF5CA5E42E
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Merry Christmas" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="5672180" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="770" y1="216" x2="1130" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Ocean\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17624
                                          Entropy (8bit):4.897856378790001
                                          Encrypted:false
                                          SSDEEP:384:YUcNJxkLJy+WILckLJy+WILUHNJQkLJy+WILhkLJy+WIL7kLJy+WILw1CjqwI1CP:aNLhXNqsy5ZbW
                                          MD5:0C58AC178A7F725EB52DB32EF2762E0E
                                          SHA1:A06B3453EAE271C18DE5190251248EDD030F3F90
                                          SHA-256:5D3D348893C0063F8225F94E44C35371E68E02572AD87E96BF20C1C43832B2B5
                                          SHA-512:0CC64481B2E413C856F4166F2C2D07BE790C2F6F12A87036364508AF36A576EDEAB950D6C4C2895DD7FA0CFB105D832F800D097270134AF6E744D830EE173173
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Ocean" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="7298374" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="770" y1="216" x2="1130" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.........<Pen

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Ocean\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):219478
                                          Entropy (8bit):7.972895540664627
                                          Encrypted:false
                                          SSDEEP:6144:4VYWA5Vz7CSF+Ul2+vpQWWROlfR0+w1EzF4jbPttP:4mWAnPCS+Ul3lWROL0+w+zFovP
                                          MD5:4BE7F9C64661E1A802AF0108F712207D
                                          SHA1:47C522A9C39ED0C8E7BDFDA3D4ADA393C10F16C8
                                          SHA-256:93C0104A6C834B228C9A1C6197D23EDE272241CD4B86E0CE05656B8793917A53
                                          SHA-512:71AFFB2846D766C3287CBEFE2F110780D72CD570EF96488C14A5E9D8ADE63C946927AA1F378BF1DDC2CD75344DB32B8F781C6333A157252E3FBCC8E0BE5C2A71
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............J^...M..YT......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."......................................................................................!.. .1"0@A2.#.P`p.3$.B.4......................!1AQ."..a2 q......BR#.0.b@Pp..r3`...C..S$...s.c....................!. 1Q0`A.."@aq......2P....pBRb.#....................!1A.Qaq. .....0...@P`.................D>..Q.r".4. ..Uh8h8D. (.(.. .... (....5E....@p.( ...F...Q.DP..D.4... (.. .AD.@.@T@r"I......F.... 9......D$...T.Uh9.E...... ...ADA.$......5@@Q........(.."%F........D.D.@.......J..Q......D.A."..(....@Q.p..".D.. ..Q..DI8D.@Q.r (.8h(..... ...p..2..@........P.....ADP.D..@AA.AP......EA@.....D....... .... .....T.@...P.@T.@...*(.I@.T.D........". ..*..L..*.."....."......E@.Dr.. ....."*.......%P......@......$... .*... ........ ..........T.......T..E.. ..P....P.....AA.......T.E.E.P.P.Q.DP..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Ocean\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3316
                                          Entropy (8bit):7.787395116253325
                                          Encrypted:false
                                          SSDEEP:96:Rq4rQLeQxHeXPijFyH4walZpv4wz3xylsUalN7ZKUnz:LWeQleXqjka1vvByejN7bnz
                                          MD5:4A479DEE7B22DB78AEE14D4D839454CA
                                          SHA1:8C09B0794AEB448777910C302B16925377A94390
                                          SHA-256:77803D298E49E29189A8E59CDA90DD0768065B4622A6DFBEA1461270DE5D2BBB
                                          SHA-512:AA111C6705EE9D0876FEB93B54EE63EDE984893DC2CAF5FB192821745E2CDADBE825381B84F3A8C489E7A7C8F43BDB71178BAB31E1A76E552D45BF492DB67DE7
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................... !.."2#.0.....................!..1A"..Q2aq#...BR...3C$@.b.....................1.!AQ. ..q..."2BR.....................!1AQaq......................../..ZR=."......I......J2..vc.^?.cx.)+y...P..2'.@'....Yh.f;....gX.MS.._L..;.z.(..E^../J./.c,.g..N.U..JF.......77....t....@.w%....d..............,.-.He5.."RH.....A./ ..N.m..e.,2.G...yG.x._.............n...'.qx.j....x....u.u..[..Ge......F..s..............L...2.;...6.m2.O.mU..s........X......+'...7_..|0....&.J.3...>`..q#.v...ci9..j..2h..%.7.O..;..I`.I.. .....*L.2.G.......U....h...M..&.K...x!.:."9.......a.4^.9y.[V]..#.v.=..h.E(O`.Ca.if....o.P....1....|....%.t...[.5...zD.....q.z..@._.........X..7..e..Z~T.j....*..Z.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Ocean\Resources\is-81EKU.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):219478
                                          Entropy (8bit):7.972895540664627
                                          Encrypted:false
                                          SSDEEP:6144:4VYWA5Vz7CSF+Ul2+vpQWWROlfR0+w1EzF4jbPttP:4mWAnPCS+Ul3lWROL0+w+zFovP
                                          MD5:4BE7F9C64661E1A802AF0108F712207D
                                          SHA1:47C522A9C39ED0C8E7BDFDA3D4ADA393C10F16C8
                                          SHA-256:93C0104A6C834B228C9A1C6197D23EDE272241CD4B86E0CE05656B8793917A53
                                          SHA-512:71AFFB2846D766C3287CBEFE2F110780D72CD570EF96488C14A5E9D8ADE63C946927AA1F378BF1DDC2CD75344DB32B8F781C6333A157252E3FBCC8E0BE5C2A71
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............J^...M..YT......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."......................................................................................!.. .1"0@A2.#.P`p.3$.B.4......................!1AQ."..a2 q......BR#.0.b@Pp..r3`...C..S$...s.c....................!. 1Q0`A.."@aq......2P....pBRb.#....................!1A.Qaq. .....0...@P`.................D>..Q.r".4. ..Uh8h8D. (.(.. .... (....5E....@p.( ...F...Q.DP..D.4... (.. .AD.@.@T@r"I......F.... 9......D$...T.Uh9.E...... ...ADA.$......5@@Q........(.."%F........D.D.@.......J..Q......D.A."..(....@Q.p..".D.. ..Q..DI8D.@Q.r (.8h(..... ...p..2..@........P.....ADP.D..@AA.AP......EA@.....D....... .... .....T.@...P.@T.@...*(.I@.T.D........". ..*..L..*.."....."......E@.Dr.. ....."*.......%P......@......$... .*... ........ ..........T.......T..E.. ..P....P.....AA.......T.E.E.P.P.Q.DP..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Ocean\Resources\is-KCKV3.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3316
                                          Entropy (8bit):7.787395116253325
                                          Encrypted:false
                                          SSDEEP:96:Rq4rQLeQxHeXPijFyH4walZpv4wz3xylsUalN7ZKUnz:LWeQleXqjka1vvByejN7bnz
                                          MD5:4A479DEE7B22DB78AEE14D4D839454CA
                                          SHA1:8C09B0794AEB448777910C302B16925377A94390
                                          SHA-256:77803D298E49E29189A8E59CDA90DD0768065B4622A6DFBEA1461270DE5D2BBB
                                          SHA-512:AA111C6705EE9D0876FEB93B54EE63EDE984893DC2CAF5FB192821745E2CDADBE825381B84F3A8C489E7A7C8F43BDB71178BAB31E1A76E552D45BF492DB67DE7
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................... !.."2#.0.....................!..1A"..Q2aq#...BR...3C$@.b.....................1.!AQ. ..q..."2BR.....................!1AQaq......................../..ZR=."......I......J2..vc.^?.cx.)+y...P..2'.@'....Yh.f;....gX.MS.._L..;.z.(..E^../J./.c,.g..N.U..JF.......77....t....@.w%....d..............,.-.He5.."RH.....A./ ..N.m..e.,2.G...yG.x._.............n...'.qx.j....x....u.u..[..Ge......F..s..............L...2.;...6.m2.O.mU..s........X......+'...7_..|0....&.J.3...>`..q#.v...ci9..j..2h..%.7.O..;..I`.I.. .....*L.2.G.......U....h...M..&.K...x!.:."9.......a.4^.9y.[V]..#.v.=..h.E(O`.Ca.if....o.P....1....|....%.t...[.5...zD.....q.z..@._.........X..7..e..Z~T.j....*..Z.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Ocean\is-N21LI.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17624
                                          Entropy (8bit):4.897856378790001
                                          Encrypted:false
                                          SSDEEP:384:YUcNJxkLJy+WILckLJy+WILUHNJQkLJy+WILhkLJy+WIL7kLJy+WILw1CjqwI1CP:aNLhXNqsy5ZbW
                                          MD5:0C58AC178A7F725EB52DB32EF2762E0E
                                          SHA1:A06B3453EAE271C18DE5190251248EDD030F3F90
                                          SHA-256:5D3D348893C0063F8225F94E44C35371E68E02572AD87E96BF20C1C43832B2B5
                                          SHA-512:0CC64481B2E413C856F4166F2C2D07BE790C2F6F12A87036364508AF36A576EDEAB950D6C4C2895DD7FA0CFB105D832F800D097270134AF6E744D830EE173173
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Ocean" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="7298374" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="770" y1="216" x2="1130" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.........<Pen

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Picnic\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17629
                                          Entropy (8bit):4.895181183200661
                                          Encrypted:false
                                          SSDEEP:384:lcNJikLJykWILPkLJykWILUHNJQkLJykWILhkLJykWIL7kLJykWILw1CjqwI1Cjr:WN8+RNqeMjZbW
                                          MD5:B711C547E27BA8998095EDE4D0FDB20F
                                          SHA1:F9B76382C75E248B56C8AFCA758B272F693AD4B6
                                          SHA-256:79417E5BDBE089F6D486ECE18467246D6CA7D54FFB1F3CBF1AF4ACFC856C9EF9
                                          SHA-512:68B860577679AFBE39A288A3B13EF4665392E0EEA7EF97F2C141A26FA2003D3BF47D8F1EA0AB4E4A5E8B9E240C6DEF8CDB3CE545D60469ECBB462C4A5492A7F6
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Picnic" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="10118935" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.........<Pe

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Picnic\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):287266
                                          Entropy (8bit):7.9845429264937025
                                          Encrypted:false
                                          SSDEEP:6144:OVQxXnSxBWm0FvJGZG0UWNgdpvOZfaHLOg7BVqkNV1LZz1srU4r:OVkCWDaN6OZfaH6GW65zy1r
                                          MD5:869F8C928B8AE22467BB383990EC3878
                                          SHA1:3F7A71F0FA40C02E45B7FA9D6CD89E64710971AA
                                          SHA-256:66C83BAE303D19139BEEC25BBC83334F3561DE5B2F3C7B4172DA7B31AC9A02CB
                                          SHA-512:1478C35BAB1A0BF850C345857648D25C6E9BC55AD98B127E0E2052081A0FCCE9CA3B9CD9A191120340A27E72217E526A90D322C58AD951AADA694916FDF06EF6
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............T.......b ......................................................#"""#''''''''''..................................................!! !!''''''''''......8....".......................................................................................!. ".01.@2#.AP3$.`B4C%5.D.....................!.1A.Qaq"...2B.....R.br# 0..3C.P.S@`p...c$4.s..D.Td...................... !10Qq@`Aa..P...p.."2....bB......................!1AQ.aq.. ...0....@P...............4..9.S.e.N..:.1...c..W.!.}o.....o.gp.}X.....1..|.s...}.G&t...Ji.....[...M4.R9.k'+.{.Xj.K..J...U.792.2v....).<.gFumqm..N..N..[...q....d.=yB...].= 3J..$L.*..]..t.z.b....r.W.A.k.S+......&.G.uS.4.z.:.}E..a.:v+....1RT....t.N.......Qy f..gM..%....O4..".(.*N.bD..&.V..:.V.0......<...j2.m&s+...YXy.......E...;d..z...]!Q.N..e_..B.z0.d.1....6d.qdZI.D...b.......X..4.1F.f..f`#j...1...p..Ex.T...YR7.:c..:.............8k.DB.G....Y...i/.Y:.J.....y..RQ.1.....4cs..A.x{09@..7

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Picnic\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3274
                                          Entropy (8bit):7.762012971021008
                                          Encrypted:false
                                          SSDEEP:96:jrOfn1chgxqaGk9zEECs6H8JlL390jAEz7:iHSpseyL3K/7
                                          MD5:2E694EB0E62B16E58708404F64F152F5
                                          SHA1:B89A9A33DA8FD76B5B124E63FA3025596C2AB085
                                          SHA-256:9C92553ECD04C853EA81FE40C201387B5BD472925104B8EE4B52B92040DB258B
                                          SHA-512:56316EA3A7D7A2EC9F29A3DD4115C4EDFBAFC553016D6875B995A7F81627071BBA0D42FB5E67C5F5FBF7BA58DCE38C536797D1C2046318FE08534D83BA51B80C
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................!....".. #1$.......................!1..A"Qa..q..2#..B...b3.r..$....................!1. Q.2Aq.......a....................!.1AQaq...... ...............8......K+....U..Ys]W#-.6...h..=..x_F9.....V6.f.%...'!.]."..i.do..E..8.V.UT.F.n...1....{...,...ps...y.b.a.`..K.{...VIs.rT..%..#.i.............i.r.H[.M..#...jp.F....".5.*..........*.L.=.f....<..........).x...c............5.3..$..}8z..q...o.k.\...........R.......... ....e.'..cEV<.]2..b..a.......P5P%..V....R.D..cu7.....C....1.<..>.8(.\...Z.sl.....G....?# ...7....jJ`E.'..j....."E..58I...e?Wc.}8 H..=;.g...&c/q(..?......Be.....5..x*V...m....hoE...v..U....4..R..d.Q&....6..:N..u..QZ.Xk.61#..nJS...M....)...i."..v....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Picnic\Resources\is-2RS8B.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):287266
                                          Entropy (8bit):7.9845429264937025
                                          Encrypted:false
                                          SSDEEP:6144:OVQxXnSxBWm0FvJGZG0UWNgdpvOZfaHLOg7BVqkNV1LZz1srU4r:OVkCWDaN6OZfaH6GW65zy1r
                                          MD5:869F8C928B8AE22467BB383990EC3878
                                          SHA1:3F7A71F0FA40C02E45B7FA9D6CD89E64710971AA
                                          SHA-256:66C83BAE303D19139BEEC25BBC83334F3561DE5B2F3C7B4172DA7B31AC9A02CB
                                          SHA-512:1478C35BAB1A0BF850C345857648D25C6E9BC55AD98B127E0E2052081A0FCCE9CA3B9CD9A191120340A27E72217E526A90D322C58AD951AADA694916FDF06EF6
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............T.......b ......................................................#"""#''''''''''..................................................!! !!''''''''''......8....".......................................................................................!. ".01.@2#.AP3$.`B4C%5.D.....................!.1A.Qaq"...2B.....R.br# 0..3C.P.S@`p...c$4.s..D.Td...................... !10Qq@`Aa..P...p.."2....bB......................!1AQ.aq.. ...0....@P...............4..9.S.e.N..:.1...c..W.!.}o.....o.gp.}X.....1..|.s...}.G&t...Ji.....[...M4.R9.k'+.{.Xj.K..J...U.792.2v....).<.gFumqm..N..N..[...q....d.=yB...].= 3J..$L.*..]..t.z.b....r.W.A.k.S+......&.G.uS.4.z.:.}E..a.:v+....1RT....t.N.......Qy f..gM..%....O4..".(.*N.bD..&.V..:.V.0......<...j2.m&s+...YXy.......E...;d..z...]!Q.N..e_..B.z0.d.1....6d.qdZI.D...b.......X..4.1F.f..f`#j...1...p..Ex.T...YR7.:c..:.............8k.DB.G....Y...i/.Y:.J.....y..RQ.1.....4cs..A.x{09@..7

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Picnic\Resources\is-98G5U.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3274
                                          Entropy (8bit):7.762012971021008
                                          Encrypted:false
                                          SSDEEP:96:jrOfn1chgxqaGk9zEECs6H8JlL390jAEz7:iHSpseyL3K/7
                                          MD5:2E694EB0E62B16E58708404F64F152F5
                                          SHA1:B89A9A33DA8FD76B5B124E63FA3025596C2AB085
                                          SHA-256:9C92553ECD04C853EA81FE40C201387B5BD472925104B8EE4B52B92040DB258B
                                          SHA-512:56316EA3A7D7A2EC9F29A3DD4115C4EDFBAFC553016D6875B995A7F81627071BBA0D42FB5E67C5F5FBF7BA58DCE38C536797D1C2046318FE08534D83BA51B80C
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................!....".. #1$.......................!1..A"Qa..q..2#..B...b3.r..$....................!1. Q.2Aq.......a....................!.1AQaq...... ...............8......K+....U..Ys]W#-.6...h..=..x_F9.....V6.f.%...'!.]."..i.do..E..8.V.UT.F.n...1....{...,...ps...y.b.a.`..K.{...VIs.rT..%..#.i.............i.r.H[.M..#...jp.F....".5.*..........*.L.=.f....<..........).x...c............5.3..$..}8z..q...o.k.\...........R.......... ....e.'..cEV<.]2..b..a.......P5P%..V....R.D..cu7.....C....1.<..>.8(.\...Z.sl.....G....?# ...7....jJ`E.'..j....."E..58I...e?Wc.}8 H..=;.g...&c/q(..?......Be.....5..x*V...m....hoE...v..U....4..R..d.Q&....6..:N..u..QZ.Xk.61#..nJS...M....)...i."..v....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Picnic\is-E0NK3.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17629
                                          Entropy (8bit):4.895181183200661
                                          Encrypted:false
                                          SSDEEP:384:lcNJikLJykWILPkLJykWILUHNJQkLJykWILhkLJykWIL7kLJykWILw1CjqwI1Cjr:WN8+RNqeMjZbW
                                          MD5:B711C547E27BA8998095EDE4D0FDB20F
                                          SHA1:F9B76382C75E248B56C8AFCA758B272F693AD4B6
                                          SHA-256:79417E5BDBE089F6D486ECE18467246D6CA7D54FFB1F3CBF1AF4ACFC856C9EF9
                                          SHA-512:68B860577679AFBE39A288A3B13EF4665392E0EEA7EF97F2C141A26FA2003D3BF47D8F1EA0AB4E4A5E8B9E240C6DEF8CDB3CE545D60469ECBB462C4A5492A7F6
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Picnic" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="10118935" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.........<Pe

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Snowmen\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17631
                                          Entropy (8bit):4.896941072568917
                                          Encrypted:false
                                          SSDEEP:384:GcNJDkLJy2WILTkLJy2WILUHNJQkLJy2WILhkLJy2WIL7kLJy2WILw1CjqwI1Cjr:ZNNEDNqwOlZbW
                                          MD5:7392CFC2B257AE28CF1389059A087799
                                          SHA1:7DE058A4313DAE7463829073230FF92B97BAA343
                                          SHA-256:C5534F1853F60CA4711634836F6D0B0CD5E506CB2E2C237DCA9D83824735368D
                                          SHA-512:DC584E0FB948050A00DCB8132899249F79D3387F1EBED0A466B4BC89E9C6940E6F14206C3A0687B29FED0F8EE999842563E36BFAEEDC4DB3D904FEFA47870126
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Snowmen" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="7895278" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Snowmen\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=14, height=1080, bps=182, compression=LZW, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):682066
                                          Entropy (8bit):7.732564764962827
                                          Encrypted:false
                                          SSDEEP:12288:9JfcSisyRVmoxQJ7O5Zd9V2moeIGsfMzm+yTJJOCU18pFX8nbeej/LNouDufjEgG:4ns+bcaTd9dvIsC+yNU1oX8nbe2LNour
                                          MD5:D626520BFCFEB47B92AC6371F8905E0D
                                          SHA1:F4FFC225C63954C87856CD58328FCC9FF402E9A9
                                          SHA-256:E8D85B334E11EBDD07D43047685A8FB327B597D091AD640A953AA23C9168B22E
                                          SHA-512:E4E9D7CE61A39A6C9DBD38301186673632EB28568C8DB8CCAAFE70D4C5C46991159E4714A6340A791FFFFF711D224137C831939DF70AD625A2A1990C0B2DA259
                                          Malicious:false
                                          Preview:......JFIF.....H.H.....-Exif..II*...........................8...................................................................................................(...........1...........2...........i...........(..............'.......'..Adobe Photoshop CS4 Windows.2009:04:18 09:48:54...................................8...............................v...........~...(.......................................H.......H.............JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................Z...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......H5FKn.d....@.Ks.i.I0RLl....2.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Snowmen\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2774
                                          Entropy (8bit):7.710434719116522
                                          Encrypted:false
                                          SSDEEP:48:JlsA5xzWHC85DWuQGvtbADF529W7+KT7a0fweNBsgMcgsnCMXOD2dLkqzglebx7N:L5xidZQicDYS7a0fw4fCMXODMeq
                                          MD5:1A34078C458727BF8C09FFED400F26F9
                                          SHA1:B59E29DEB8A5AAA41DAE6D84F5CEE566A623B25F
                                          SHA-256:64BA3488639AEFA223F77B72221D99F7922BB67C6142981FEA74FAC58263097F
                                          SHA-512:613F7CA7004308F52B4C3684E720FA42052CD35BBFFB347E1AA6DC7035EB027A2F501E0E085B6D33B070623586AB4506BE74F959FEAFED4DF49CF1185E7DD168
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................~..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!..1".23.......................!1.AQa".2 q.#....BR.0..b3s$.....................!1Q... 0Aq...".a...B.....................!1AQa.q.......................3.hz.e.Wk".U......<W..@.p. L.r.&N..*..t...B...b..k,d.@.T......w.;..7..s.m..c/.9...u|....."..[1.R.....O...b.D.J..H|<....Au},..F.$.r.$..............SZ.s0..1.b^..o...aa.....|.MG...........M..\....4..4.0.g.dkS.)..8........(....."..... ......j\.g................9..Yr./..&c....."]., ....bI.."Nj-C....W# "..y........+.&7..W..K...c..8.}....A.........*l...2.?( ....:7..ikp.2-t..s...M...z8Yc.CK..:....TO}Y`.]D......o)).I.6...n..0...a6.e...2..[M.v.m9.\.AE......P9..>7../o|9z.....,tE]l.z.....M..Z;.nm..W>O........?..E....4^.....[...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Snowmen\Resources\is-DGUA7.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2774
                                          Entropy (8bit):7.710434719116522
                                          Encrypted:false
                                          SSDEEP:48:JlsA5xzWHC85DWuQGvtbADF529W7+KT7a0fweNBsgMcgsnCMXOD2dLkqzglebx7N:L5xidZQicDYS7a0fw4fCMXODMeq
                                          MD5:1A34078C458727BF8C09FFED400F26F9
                                          SHA1:B59E29DEB8A5AAA41DAE6D84F5CEE566A623B25F
                                          SHA-256:64BA3488639AEFA223F77B72221D99F7922BB67C6142981FEA74FAC58263097F
                                          SHA-512:613F7CA7004308F52B4C3684E720FA42052CD35BBFFB347E1AA6DC7035EB027A2F501E0E085B6D33B070623586AB4506BE74F959FEAFED4DF49CF1185E7DD168
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................~..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!..1".23.......................!1.AQa".2 q.#....BR.0..b3s$.....................!1Q... 0Aq...".a...B.....................!1AQa.q.......................3.hz.e.Wk".U......<W..@.p. L.r.&N..*..t...B...b..k,d.@.T......w.;..7..s.m..c/.9...u|....."..[1.R.....O...b.D.J..H|<....Au},..F.$.r.$..............SZ.s0..1.b^..o...aa.....|.MG...........M..\....4..4.0.g.dkS.)..8........(....."..... ......j\.g................9..Yr./..&c....."]., ....bI.."Nj-C....W# "..y........+.&7..W..K...c..8.}....A.........*l...2.?( ....:7..ikp.2-t..s...M...z8Yc.CK..:....TO}Y`.]D......o)).I.6...n..0...a6.e...2..[M.v.m9.\.AE......P9..>7../o|9z.....,tE]l.z.....M..Z;.nm..W>O........?..E....4^.....[...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Snowmen\Resources\is-RKJJ2.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=14, height=1080, bps=182, compression=LZW, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):682066
                                          Entropy (8bit):7.732564764962827
                                          Encrypted:false
                                          SSDEEP:12288:9JfcSisyRVmoxQJ7O5Zd9V2moeIGsfMzm+yTJJOCU18pFX8nbeej/LNouDufjEgG:4ns+bcaTd9dvIsC+yNU1oX8nbe2LNour
                                          MD5:D626520BFCFEB47B92AC6371F8905E0D
                                          SHA1:F4FFC225C63954C87856CD58328FCC9FF402E9A9
                                          SHA-256:E8D85B334E11EBDD07D43047685A8FB327B597D091AD640A953AA23C9168B22E
                                          SHA-512:E4E9D7CE61A39A6C9DBD38301186673632EB28568C8DB8CCAAFE70D4C5C46991159E4714A6340A791FFFFF711D224137C831939DF70AD625A2A1990C0B2DA259
                                          Malicious:false
                                          Preview:......JFIF.....H.H.....-Exif..II*...........................8...................................................................................................(...........1...........2...........i...........(..............'.......'..Adobe Photoshop CS4 Windows.2009:04:18 09:48:54...................................8...............................v...........~...(.......................................H.......H.............JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................Z...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......H5FKn.d....@.Ks.i.I0RLl....2.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Snowmen\is-P0BJ2.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17631
                                          Entropy (8bit):4.896941072568917
                                          Encrypted:false
                                          SSDEEP:384:GcNJDkLJy2WILTkLJy2WILUHNJQkLJy2WILhkLJy2WIL7kLJy2WILw1CjqwI1Cjr:ZNNEDNqwOlZbW
                                          MD5:7392CFC2B257AE28CF1389059A087799
                                          SHA1:7DE058A4313DAE7463829073230FF92B97BAA343
                                          SHA-256:C5534F1853F60CA4711634836F6D0B0CD5E506CB2E2C237DCA9D83824735368D
                                          SHA-512:DC584E0FB948050A00DCB8132899249F79D3387F1EBED0A466B4BC89E9C6940E6F14206C3A0687B29FED0F8EE999842563E36BFAEEDC4DB3D904FEFA47870126
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Snowmen" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="7895278" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Spring and Summer\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17636
                                          Entropy (8bit):4.897193482855179
                                          Encrypted:false
                                          SSDEEP:384:aYcNJxkLJyvWILckLJyvWILUHNJQkLJyvWILhkLJyvWIL7kLJyvWILw1CjqwI1CP:ANLEoNq5jIZbW
                                          MD5:5A7D86E4237E9311F791922E960D51D0
                                          SHA1:B0E1465BA13141C0C93C4AFDE5E7A819F366EBF4
                                          SHA-256:D08B03C67F8C2715AC23F7A5CD7C5A5CEDC10BEDFA354ED668DE966AADCB25E7
                                          SHA-512:D2330809BA6A6E86B819425C38CBBD4D4311A5FAF798FF6F4526FFC35997D91116F09EB084DC8CAB90A90712C9EE7367D15601477FF8F5C23E20954D0954DFD7
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Spring and Summer" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="3484712" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="770" y1="216" x2="1130" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Spring and Summer\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):95405
                                          Entropy (8bit):7.974980854279951
                                          Encrypted:false
                                          SSDEEP:1536:Y6rHpgaVJpwaTTj5HezhOSlZ3+7rVbGUJS76Y/CATw9XTleDQ9VexrCO3:Y67pg4JO4jFe1H2lGCSuY/CpTjXgN3
                                          MD5:3049D44EAC806BF6E58A1FE5E1F51A05
                                          SHA1:54BFB5EBA6EB785BBAD7FE57DFEBB0C634BAF5BC
                                          SHA-256:BDC2E27AC44907984E24ABE5B46DE2F2BFA3FB8538993DD1DED937CC2540EC53
                                          SHA-512:0669260B71A5D3665E3AC40AFEB6EA7819D992848EFF2E9E3163BF642E5923E4477B153EC3920B52BB716A090E8F701B4D9F3512501EDDC612302952DEFE3184
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.....................t.......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."..................................................................................... !1..0.@P`"2pA..#3$4..B5C......................!. 1AQ..0a"2@q....p....BRP.br.#.3S..Cc`..s$.......................!. `0@1Qaq.PA....p."......r....................!.1A Qaq.0.....@`..Pp.................L.H).....g.Vc..Y.{f...ZE.....|.s.8.m..jW+f.UsUS6i\..S.....9._..4.5..N...iN..y.Eq.kL.....\k..2.k.Dk..Fh..Zi%..^.Z....f.............{-z.z..iK..nZ.1i.&be.L.......&.L.."&.LX....&)........@LX....H.... .(H%...@..@M.$.P......$. .(J....@..@J.$..I.'.qh.....Z.t.=L..=Ls.3*kE.e...Up.6e.......na....s..1..2.r..li.|)._..4.,...N..y..i:..S.yd.....e..]k.F.DYQd...f$.ZbK^./.z&.g...SK/.4......oV.K^...r..^.-1%.$.L.0...S...T"..E....1d&.L.. T..P.L.... .PI........P) $.H$...A%..I`.H.J.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Spring and Summer\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2842
                                          Entropy (8bit):7.734332153653018
                                          Encrypted:false
                                          SSDEEP:48:PAgo1nsX8w3JSvWky47m/ttmao5trAx197IYwAnosit:ogo1nsv3JjLim/Lm/52x197cAnosa
                                          MD5:22755DC86DF929F9A9E4F707BA3C7FBC
                                          SHA1:8F1A9077921A9194E890DA6E36C57FA7DD085F8E
                                          SHA-256:FED4FE0F592CE765893E52A049C08141F6C2F6523F54174F6590817C3AD02229
                                          SHA-512:E1E49D1699ADB98CCBC725107184C735A572C2C3050F8E7F9B31A08AB54CBA09CD414208AFF6D8348085646C3F35A33AE819C839F8634E2A404E8B530C34590A
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!.1A.# "$4.........................!1AQ.aq". .2Br#3...R.....S...b......................... !.1Qa"@Aq....#....................!1AQa.q...... ..................w.z......:...,m..h..=.......N.G.I._.3DaFu.=.1...f..$K8+.7......L./.d..t..j..O.02y...Vi....]x.2.r.2..W...V.8;)9.[%.ci,.-$h2y#@...?...............5....la..t`......w......4..u7v.0.!...!./.................u.E{.Y................q.9d...T.N...QD, ..`...N..GVg...j5.`{.;/b..V&2>...].,7..OTm...A.0.S.lr..Tc.ZlZ...Q.7.Y...D..,, ....f<.....w.Z.[.....k..C...L.%XX@)..lg.K..I.........$l/..F.c,.6.(...\.0..c..1.v.(.n..,.J.r.........[..<.C%j..{........KNm..sEX..91..ppp.<-t.6...qk..r<G..35.D.l8q.r\.\.........?.t

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Spring and Summer\Resources\is-J6ATR.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):95405
                                          Entropy (8bit):7.974980854279951
                                          Encrypted:false
                                          SSDEEP:1536:Y6rHpgaVJpwaTTj5HezhOSlZ3+7rVbGUJS76Y/CATw9XTleDQ9VexrCO3:Y67pg4JO4jFe1H2lGCSuY/CpTjXgN3
                                          MD5:3049D44EAC806BF6E58A1FE5E1F51A05
                                          SHA1:54BFB5EBA6EB785BBAD7FE57DFEBB0C634BAF5BC
                                          SHA-256:BDC2E27AC44907984E24ABE5B46DE2F2BFA3FB8538993DD1DED937CC2540EC53
                                          SHA-512:0669260B71A5D3665E3AC40AFEB6EA7819D992848EFF2E9E3163BF642E5923E4477B153EC3920B52BB716A090E8F701B4D9F3512501EDDC612302952DEFE3184
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.....................t.......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."..................................................................................... !1..0.@P`"2pA..#3$4..B5C......................!. 1AQ..0a"2@q....p....BRP.br.#.3S..Cc`..s$.......................!. `0@1Qaq.PA....p."......r....................!.1A Qaq.0.....@`..Pp.................L.H).....g.Vc..Y.{f...ZE.....|.s.8.m..jW+f.UsUS6i\..S.....9._..4.5..N...iN..y.Eq.kL.....\k..2.k.Dk..Fh..Zi%..^.Z....f.............{-z.z..iK..nZ.1i.&be.L.......&.L.."&.LX....&)........@LX....H.... .(H%...@..@M.$.P......$. .(J....@..@J.$..I.'.qh.....Z.t.=L..=Ls.3*kE.e...Up.6e.......na....s..1..2.r..li.|)._..4.,...N..y..i:..S.yd.....e..]k.F.DYQd...f$.ZbK^./.z&.g...SK/.4......oV.K^...r..^.-1%.$.L.0...S...T"..E....1d&.L.. T..P.L.... .PI........P) $.H$...A%..I`.H.J.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Spring and Summer\Resources\is-K1SOM.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2842
                                          Entropy (8bit):7.734332153653018
                                          Encrypted:false
                                          SSDEEP:48:PAgo1nsX8w3JSvWky47m/ttmao5trAx197IYwAnosit:ogo1nsv3JjLim/Lm/52x197cAnosa
                                          MD5:22755DC86DF929F9A9E4F707BA3C7FBC
                                          SHA1:8F1A9077921A9194E890DA6E36C57FA7DD085F8E
                                          SHA-256:FED4FE0F592CE765893E52A049C08141F6C2F6523F54174F6590817C3AD02229
                                          SHA-512:E1E49D1699ADB98CCBC725107184C735A572C2C3050F8E7F9B31A08AB54CBA09CD414208AFF6D8348085646C3F35A33AE819C839F8634E2A404E8B530C34590A
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!.1A.# "$4.........................!1AQ.aq". .2Br#3...R.....S...b......................... !.1Qa"@Aq....#....................!1AQa.q...... ..................w.z......:...,m..h..=.......N.G.I._.3DaFu.=.1...f..$K8+.7......L./.d..t..j..O.02y...Vi....]x.2.r.2..W...V.8;)9.[%.ci,.-$h2y#@...?...............5....la..t`......w......4..u7v.0.!...!./.................u.E{.Y................q.9d...T.N...QD, ..`...N..GVg...j5.`{.;/b..V&2>...].,7..OTm...A.0.S.lr..Tc.ZlZ...Q.7.Y...D..,, ....f<.....w.Z.[.....k..C...L.%XX@)..lg.K..I.........$l/..F.c,.6.(...\.0..c..1.v.(.n..,.J.r.........[..<.C%j..{........KNm..sEX..91..ppp.<-t.6...qk..r<G..35.D.l8q.r\.\.........?.t

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Spring and Summer\is-SNVRU.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17636
                                          Entropy (8bit):4.897193482855179
                                          Encrypted:false
                                          SSDEEP:384:aYcNJxkLJyvWILckLJyvWILUHNJQkLJyvWILhkLJyvWIL7kLJyvWILw1CjqwI1CP:ANLEoNq5jIZbW
                                          MD5:5A7D86E4237E9311F791922E960D51D0
                                          SHA1:B0E1465BA13141C0C93C4AFDE5E7A819F366EBF4
                                          SHA-256:D08B03C67F8C2715AC23F7A5CD7C5A5CEDC10BEDFA354ED668DE966AADCB25E7
                                          SHA-512:D2330809BA6A6E86B819425C38CBBD4D4311A5FAF798FF6F4526FFC35997D91116F09EB084DC8CAB90A90712C9EE7367D15601477FF8F5C23E20954D0954DFD7
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Spring and Summer" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="3484712" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="770" y1="216" x2="1130" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Spring\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17624
                                          Entropy (8bit):4.894105226280529
                                          Encrypted:false
                                          SSDEEP:384:pcNJDkLJyZWILTkLJyZWILUHNJQkLJyZWILhkLJyZWIL7kLJyZWILw1CjqwI1Cjr:CNNFCNq79qZbW
                                          MD5:0751380A5FE0FFCA2F4431C8638E2554
                                          SHA1:F729BD2356ECCDC46F4C64658A528F63CEA88404
                                          SHA-256:94DCE4E0015C12FD94F444755E99803366AAB938368161F1F03ECB97A09DFFF9
                                          SHA-512:5BBE8A51B2887CD741972089B4C68559B03F4F4C9BD0DFCA373169F7641D4BB79ED42EC4F097CB6F97CBBC53F7E48ADD33B13BE3E1B29D368A33BBA9A422B365
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Spring" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="821617" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Spring\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):186779
                                          Entropy (8bit):7.980208119869183
                                          Encrypted:false
                                          SSDEEP:3072:9gOrpb41MrbhunoFsanFKqclHqmWWTcI6G7QUI2InsJE+7tLpO1Tqg81jOr/Ieoc:/pbMMZ0oFsagNBvc0g2IqE+lpO5q1ir3
                                          MD5:7AE5BB62AC5E52BDDED195F3799BD18D
                                          SHA1:A2AA130397038761944694A559C89A53B1D019AB
                                          SHA-256:A8A672153930770B0DCD1F7A4B54CC8C1A30AC7CECC3AEAA5DDC51F60A0FA84E
                                          SHA-512:0C4B6C1DF15A5E17177EB1F68318222813DBD22210129943EE3CCE2F09235FFFE2268399FBDABC7ACD19D8E39529CDD8F6DAAB155C7C88096527EE8DC67D828D
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............Y...".........................................................#"""#''''''''''..................................................!! !!''''''''''......8....".......................................................................................! 1..0@P".A2`#..3$B.....................!.1AQ.. a"0q.2.@P..`....BRb#..3..pr..C...S..s$4D.....................!.. 1.0@AQaq".P...`..2..B#pR...b..3........................!1A.Qaq. ..0...@...P...............`.....L.`...a.'..4.n.!>."..o.....'...C@..4!.L......@.....4. h."M..I.....@..&.G.b..b.w'.{..~x..M{.t......@.........@.H ...@.8.....4%...`..h....U\R...H.0....<_.<......n..t.........q.......I.{t...iq[>..GV=.../g...3...E.~.~..s....x].,.....x...{.-..y}.g.g..y..I......~..O._s......}...<W[B.o-.Msm....QO..,.W..D..W....F..G.[=..4k.r.,......'=o..p.^;...DV].y.ws..\..qe..K..Kt%..i.F..}d'6bs .....410i....r..../..|..mI8.S_g.........9......@..M.h@. ..&.0.......Brm1.......@...??...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Spring\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3449
                                          Entropy (8bit):7.803904940675616
                                          Encrypted:false
                                          SSDEEP:96:jpTcFGWjX6pJzWtlQ+KAQ7EtVIzHnj51k:pcnGTz+lQ5ctSzHnjI
                                          MD5:4B2EEBB76BA6DCE5536BB92A8F358D54
                                          SHA1:E2DE34C0933A0F307C267C177AB79443CFF6D4B8
                                          SHA-256:B53B869684E8C0B91E1F0430ED32FE2521FD43C558C964BC0B446BB6C4B5614B
                                          SHA-512:EE158CD489AFFC0D215092E9EEC2C137F23BB1D728F215147D6EEC44A82E7D5F1DE67C8D9348EB288A474ACF50F96735358131CAF792D1647171779BCE413FC0
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................w......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!. 02.1A#.....................!..1.A".Qaq2........BRb.#3..r.$ .......................!.1AQa". q.2...0....BR#3....................!1AQaq... ........................~B.~..[...3..c...4..~...2C....`l.0.K..I.H^w1..aC....o....b..k.t.'...\aW..iY.L....b..hl8.........S....J....LH.......58.H.Hk!`............=.B..TD@B%.FA.BY......LN..J......1.a.B...(.X...<...,...N....?............>..I.(.h....>............F..pl..m.[....{..P..T:f.E.wH._r..j...k...".,.FL.3.<.2}..d[..z....[Z..d...:,.#.1..o.23.k......$...X]3.%.]..{.u..W.}..,......X...v.._.....%.d..<.....&..R.j...a.37.6...K D..h.......j.]J.#..0|...E..6......8~-m[N..jVZnt5..].U.c`..../.XA.....K...$.#.4.5+.Ro.Y`.. D........y.)

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Spring\Resources\is-830UQ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3449
                                          Entropy (8bit):7.803904940675616
                                          Encrypted:false
                                          SSDEEP:96:jpTcFGWjX6pJzWtlQ+KAQ7EtVIzHnj51k:pcnGTz+lQ5ctSzHnjI
                                          MD5:4B2EEBB76BA6DCE5536BB92A8F358D54
                                          SHA1:E2DE34C0933A0F307C267C177AB79443CFF6D4B8
                                          SHA-256:B53B869684E8C0B91E1F0430ED32FE2521FD43C558C964BC0B446BB6C4B5614B
                                          SHA-512:EE158CD489AFFC0D215092E9EEC2C137F23BB1D728F215147D6EEC44A82E7D5F1DE67C8D9348EB288A474ACF50F96735358131CAF792D1647171779BCE413FC0
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................w......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!. 02.1A#.....................!..1.A".Qaq2........BRb.#3..r.$ .......................!.1AQa". q.2...0....BR#3....................!1AQaq... ........................~B.~..[...3..c...4..~...2C....`l.0.K..I.H^w1..aC....o....b..k.t.'...\aW..iY.L....b..hl8.........S....J....LH.......58.H.Hk!`............=.B..TD@B%.FA.BY......LN..J......1.a.B...(.X...<...,...N....?............>..I.(.h....>............F..pl..m.[....{..P..T:f.E.wH._r..j...k...".,.FL.3.<.2}..d[..z....[Z..d...:,.#.1..o.23.k......$...X]3.%.]..{.u..W.}..,......X...v.._.....%.d..<.....&..R.j...a.37.6...K D..h.......j.]J.#..0|...E..6......8~-m[N..jVZnt5..].U.c`..../.XA.....K...$.#.4.5+.Ro.Y`.. D........y.)

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Spring\Resources\is-HCM01.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):186779
                                          Entropy (8bit):7.980208119869183
                                          Encrypted:false
                                          SSDEEP:3072:9gOrpb41MrbhunoFsanFKqclHqmWWTcI6G7QUI2InsJE+7tLpO1Tqg81jOr/Ieoc:/pbMMZ0oFsagNBvc0g2IqE+lpO5q1ir3
                                          MD5:7AE5BB62AC5E52BDDED195F3799BD18D
                                          SHA1:A2AA130397038761944694A559C89A53B1D019AB
                                          SHA-256:A8A672153930770B0DCD1F7A4B54CC8C1A30AC7CECC3AEAA5DDC51F60A0FA84E
                                          SHA-512:0C4B6C1DF15A5E17177EB1F68318222813DBD22210129943EE3CCE2F09235FFFE2268399FBDABC7ACD19D8E39529CDD8F6DAAB155C7C88096527EE8DC67D828D
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............Y...".........................................................#"""#''''''''''..................................................!! !!''''''''''......8....".......................................................................................! 1..0@P".A2`#..3$B.....................!.1AQ.. a"0q.2.@P..`....BRb#..3..pr..C...S..s$4D.....................!.. 1.0@AQaq".P...`..2..B#pR...b..3........................!1A.Qaq. ..0...@...P...............`.....L.`...a.'..4.n.!>."..o.....'...C@..4!.L......@.....4. h."M..I.....@..&.G.b..b.w'.{..~x..M{.t......@.........@.H ...@.8.....4%...`..h....U\R...H.0....<_.<......n..t.........q.......I.{t...iq[>..GV=.../g...3...E.~.~..s....x].,.....x...{.-..y}.g.g..y..I......~..O._s......}...<W[B.o-.Msm....QO..,.W..D..W....F..G.[=..4k.r.,......'=o..p.^;...DV].y.ws..\..qe..K..Kt%..i.F..}d'6bs .....410i....r..../..|..mI8.S_g.........9......@..M.h@. ..&.0.......Brm1.......@...??...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Spring\is-CH9IA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17624
                                          Entropy (8bit):4.894105226280529
                                          Encrypted:false
                                          SSDEEP:384:pcNJDkLJyZWILTkLJyZWILUHNJQkLJyZWILhkLJyZWIL7kLJyZWILw1CjqwI1Cjr:CNNFCNq79qZbW
                                          MD5:0751380A5FE0FFCA2F4431C8638E2554
                                          SHA1:F729BD2356ECCDC46F4C64658A528F63CEA88404
                                          SHA-256:94DCE4E0015C12FD94F444755E99803366AAB938368161F1F03ECB97A09DFFF9
                                          SHA-512:5BBE8A51B2887CD741972089B4C68559B03F4F4C9BD0DFCA373169F7641D4BB79ED42EC4F097CB6F97CBBC53F7E48ADD33B13BE3E1B29D368A33BBA9A422B365
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Spring" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="821617" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Summer\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17630
                                          Entropy (8bit):4.895008690709037
                                          Encrypted:false
                                          SSDEEP:384:1cNJDkLJypxWILTkLJypxWILUHNJQkLJypxWILhkLJypxWIL7kLJypxWILw1Cjq6:GNNvkNqtPUZbW
                                          MD5:8A1AA7FF41F460C6F4A1C6E924FCCFBF
                                          SHA1:3425FECE8F2E7F604ADCD65EBB8BBAA3D85DD92E
                                          SHA-256:DCE94C91BA1BBFC2F640227B9806469549CCB4270DCC33215A37BB9DEE417259
                                          SHA-512:6ECE5ECE98DD76B988936932F0912F7E081FC49542A16CDAEC232D166EFED42F9D9A5925A48B57189D355296BAA3CABCA3A80C8A6725F846B27C9497D32B7101
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Summer" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="4361027" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Summer\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):154265
                                          Entropy (8bit):7.962223465762841
                                          Encrypted:false
                                          SSDEEP:3072:ed8P9dZoKUqn2LjCfq4s8tA95xpwZYtGaBGJm3YnkwDF:lPjUq26y7eA95xpwZhh
                                          MD5:D7609BB115EC7434D02A8EBE570BF35C
                                          SHA1:D06755E565A26B2EE29438A59C81CC6E2B622D4B
                                          SHA-256:E0D898E15E4D8E55B76E10F3DC4136EF3B3BEE93CD42339DEAABBA1D82CF95FB
                                          SHA-512:7B25417429CC4FC1246D5430B119145D2EBB16E6002566AFD8E377E76126DAD6E19FA74A141BDBF6F12A3A071C070BF0167B51611DB1C3F4BA6663DAF159AC50
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..................Kt..Z.......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."...................................................................................... !1..0".P`A2@#..3B$4p.....................!. 1A..0Qa".2.@q..`p....BR#P.b.3.r.C..c..S....................!. 10.`AQa.@."q..P.p..2....#...BRb....................!1AQ.aq ......P.0`..@...............E...>..O.x..C&......uyn.....5.>..z.y...}Z:<M...+..]..5.E].....m.5...4..g..^I..Ov#....2...G<_.x...7..E......:..5....v`..l.<u...x.u.T.:.F..W.k.e.%.._....L..1....s3..r...j.N|..U...9.5l..c.-...ua...2....io..>......}..s..D...T.J.u3..).X..^..W=.jD..".(.l...Qq.t....5..GO.EbI0.3.h.U5d&. r.I.1......`...@.............h..0....`.....`..9...`...0.`.......`....!.0?,4{.O.....>g...yn...q...>'.....*........tU}..FY.....GB..69.N..B3....m/.^.+=^.....o_..\....E.U..{^^............u....3.G.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Summer\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3484
                                          Entropy (8bit):7.800526603580059
                                          Encrypted:false
                                          SSDEEP:96:/Sh8NmW41+7zX4WXwwvkytMP/MUweqQtb:43Lu74WXwwvkaMX4Ql
                                          MD5:E299ED35D4B90BB735AAD7C3C100F5D3
                                          SHA1:E51AF27CC3FB9B9F4BB7D1E3626D5EFA60640874
                                          SHA-256:BE2EFC066989BC9091C19AFABEF5058003C9D78C537ECD8B3CF095D4CE5B5BF0
                                          SHA-512:DFBBDE87BC5A6434961D438B3D94A863E24171E8CC75D4FF0D8BE48974791C3CF7EA32CFC8EEC74BC03BF3E191177C827A65E64A1ECA046212A2F0F2FD422E00
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!."..A.......................!1.A"..Qa2.q....B#3. ....rRb..c$.....................!.1AQaq. ...0......................!1AQ.aq.......................-..{...S.jf...#m.h8Ts.........h.4Z.<r...OG.D..}..it..pVl-....../.5...!i..M#..xD.]x.\3.4....Q........m..(.I.v.9".H.H.....z.T.._.................o.l4z.........k......|.................m..s...:..Oh......?3...lt...I..]s........x...............?....o.4(..3t.b..G..$+VGL.....k...$...=.K...q.Y....fg.LUd.....X...........R...k;9,Y).-^@..0">Q.....3...>QH,=.^.cPa..3GI...3q...0....f.....a._.z.a..I.dh.W....... ...Z.h.9/K.\N..z...V.,..C..Vx W...0.......\W.=.c5.u..Z......<.R..u..j....0.x..m$kU".a{..V../.W..O.c...~......_N.......ODY

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Summer\Resources\is-4J7I7.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):154265
                                          Entropy (8bit):7.962223465762841
                                          Encrypted:false
                                          SSDEEP:3072:ed8P9dZoKUqn2LjCfq4s8tA95xpwZYtGaBGJm3YnkwDF:lPjUq26y7eA95xpwZhh
                                          MD5:D7609BB115EC7434D02A8EBE570BF35C
                                          SHA1:D06755E565A26B2EE29438A59C81CC6E2B622D4B
                                          SHA-256:E0D898E15E4D8E55B76E10F3DC4136EF3B3BEE93CD42339DEAABBA1D82CF95FB
                                          SHA-512:7B25417429CC4FC1246D5430B119145D2EBB16E6002566AFD8E377E76126DAD6E19FA74A141BDBF6F12A3A071C070BF0167B51611DB1C3F4BA6663DAF159AC50
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..................Kt..Z.......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."...................................................................................... !1..0".P`A2@#..3B$4p.....................!. 1A..0Qa".2.@q..`p....BR#P.b.3.r.C..c..S....................!. 10.`AQa.@."q..P.p..2....#...BRb....................!1AQ.aq ......P.0`..@...............E...>..O.x..C&......uyn.....5.>..z.y...}Z:<M...+..]..5.E].....m.5...4..g..^I..Ov#....2...G<_.x...7..E......:..5....v`..l.<u...x.u.T.:.F..W.k.e.%.._....L..1....s3..r...j.N|..U...9.5l..c.-...ua...2....io..>......}..s..D...T.J.u3..).X..^..W=.jD..".(.l...Qq.t....5..GO.EbI0.3.h.U5d&. r.I.1......`...@.............h..0....`.....`..9...`...0.`.......`....!.0?,4{.O.....>g...yn...q...>'.....*........tU}..FY.....GB..69.N..B3....m/.^.+=^.....o_..\....E.U..{^^............u....3.G.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Summer\Resources\is-8VDG9.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3484
                                          Entropy (8bit):7.800526603580059
                                          Encrypted:false
                                          SSDEEP:96:/Sh8NmW41+7zX4WXwwvkytMP/MUweqQtb:43Lu74WXwwvkaMX4Ql
                                          MD5:E299ED35D4B90BB735AAD7C3C100F5D3
                                          SHA1:E51AF27CC3FB9B9F4BB7D1E3626D5EFA60640874
                                          SHA-256:BE2EFC066989BC9091C19AFABEF5058003C9D78C537ECD8B3CF095D4CE5B5BF0
                                          SHA-512:DFBBDE87BC5A6434961D438B3D94A863E24171E8CC75D4FF0D8BE48974791C3CF7EA32CFC8EEC74BC03BF3E191177C827A65E64A1ECA046212A2F0F2FD422E00
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!."..A.......................!1.A"..Qa2.q....B#3. ....rRb..c$.....................!.1AQaq. ...0......................!1AQ.aq.......................-..{...S.jf...#m.h8Ts.........h.4Z.<r...OG.D..}..it..pVl-....../.5...!i..M#..xD.]x.\3.4....Q........m..(.I.v.9".H.H.....z.T.._.................o.l4z.........k......|.................m..s...:..Oh......?3...lt...I..]s........x...............?....o.4(..3t.b..G..$+VGL.....k...$...=.K...q.Y....fg.LUd.....X...........R...k;9,Y).-^@..0">Q.....3...>QH,=.^.cPa..3GI...3q...0....f.....a._.z.a..I.dh.W....... ...Z.h.9/K.\N..z...V.,..C..Vx W...0.......\W.=.c5.u..Z......<.R..u..j....0.x..m$kU".a{..V../.W..O.c...~......_N.......ODY

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Summer\is-B82L2.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17630
                                          Entropy (8bit):4.895008690709037
                                          Encrypted:false
                                          SSDEEP:384:1cNJDkLJypxWILTkLJypxWILUHNJQkLJypxWILhkLJypxWIL7kLJypxWILw1Cjq6:GNNvkNqtPUZbW
                                          MD5:8A1AA7FF41F460C6F4A1C6E924FCCFBF
                                          SHA1:3425FECE8F2E7F604ADCD65EBB8BBAA3D85DD92E
                                          SHA-256:DCE94C91BA1BBFC2F640227B9806469549CCB4270DCC33215A37BB9DEE417259
                                          SHA-512:6ECE5ECE98DD76B988936932F0912F7E081FC49542A16CDAEC232D166EFED42F9D9A5925A48B57189D355296BAA3CABCA3A80C8A6725F846B27C9497D32B7101
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Summer" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="4361027" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Sun\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17620
                                          Entropy (8bit):4.8937888171124
                                          Encrypted:false
                                          SSDEEP:384:4cNJikLJyHWILPkLJyHWILUHNJQkLJyHWILhkLJyHWIL7kLJyHWILw1CjqwI1Cjr:fN8r0Nq9fkZbW
                                          MD5:AA2733F9FD17EA1ABDA9F59146EA4140
                                          SHA1:6A17D4E13A9933586A6AC7A6686D9665A0F6F156
                                          SHA-256:FD4082BF248346AC87666606845FEF2A3A3DE3415990D9CD48BB9D3F49E549D1
                                          SHA-512:7C3376C3E0A3D00870D40FA19BAAB1663BC4F95DFC15EBF111D1517355AC336E4B03127C1509A0343BD9B9AD642527C7AE927AFE91E1F0A96C394C18932052F3
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Sun" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="5013431" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.........<PenPro

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Sun\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):529686
                                          Entropy (8bit):7.9904112264032365
                                          Encrypted:true
                                          SSDEEP:12288:2DNxfLxiEdxbG7Y/n+dP+XF0PKIc/TpEjCwUlz5f:kDxi6oyn+dCFEvcF9wU/
                                          MD5:22B394FA6026FC7602B5948AD41D1E0A
                                          SHA1:F1E661460EF76CD81B1262860E789745ACFBBE61
                                          SHA-256:D5246FA6AEB497CC87B4A4791ECFB87AAD3E978560D8D7031D95EF7885879143
                                          SHA-512:16A58E10D3D6BF994FE550DC3075809C320398EB18572B0EB57171015CB2466A6C1A086A807EBB0557797FC2EE7E07A51039FD33E6A4429F668C35176EA130EA
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................x..........................................................#"""#''''''''''..................................................!! !!''''''''''......8...."..........%........................................................................!...1. A"02#..@B3$P`C4.p%5D.6.....................!.1.AQaq"....2....BR#3...br.....4. ...Cs..$Sc.0P..5@p..D..Tdt%`......................... !10AQ@aq......2P..."`Bb..Rr.p.3.....................!1AQaq........ .0@P`...............w...O.iO.>.W.].(.R...^......[..28..dR..X.U[t.b.*.Y>..W..=....ww..!....#.3Y.Ml+..H.VbH..:.>.d.Z.e.Yj...^k76.t......D....j-.Jf.d.jg...C]1.....D.......u.Y.......dt.wO2:x#..^.2:.....<.........<........DE.+...0...O.t."&......P.q..[DTt.....ekj.X.IH.K.&....OZ.M..&....%.....g@.W:..".H<Z..2......(J..h.:..P.(<J..j..%...6.R.Z.3[...k0....v.LEB..............A.E.....[.\GRj.^N....,........E".....[...#.........rq..=...H^..5.&...Me.Z.....Zbjg...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Sun\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2907
                                          Entropy (8bit):7.739523784465857
                                          Encrypted:false
                                          SSDEEP:48:+A+0+I+hYMhk5K9nvOwUolRkfGzNYGngoj0GzZNzQi7/hE4GX4yUng5aLnsamWbK:h+VI6XoKAmLzvlQOzQibAX4yCDpmWb3a
                                          MD5:7EED59090048207D09F25F3D1F50EFF0
                                          SHA1:24A93B3EE2D31C8E19C1A8D01BABFAD078AC8FD2
                                          SHA-256:66790DC3AFE1C2C67B5E64E757F3F1599CBC628FC2CBD0078D70CA76D5557BA9
                                          SHA-512:D01683DF51D4F9594313F57BFEB451AA9280A39CF42C7D2CBDC5928FFCB4DC797F1DCB273EB783D963507E8BF5AB3F9FCB90A4E6AFC3310193D18A963640BF16
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................P...Y......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".....................................................................................!.".1#......................!..1AQaq."2.....BRb..#..0...3Cs.4.................1..0. .!A....................!1AQaq.........................>z..w.Wr.....M.g.R.._h&.......j.G..v^d.....o....F...g-...",q.,.f.M*.q.Zb.....PW...6^.q...mu....`K...h4.......'/A..J2)=..%..............Nk.b`B.>Y.e9o.Os.5...Kx..Xa.............+............'...).s...... .a.............Q..@.30....`..2..Z..h.;:.&.&&./>........ ...8..............hv.#......8.u.F.c.n..................w..}...a..m.X..3.....|.1....u...Oe..~..i.}..l..|.h]A.g..n.m.t..u1ezK..U4...s)L.7...Y....%.J...*/Ycl.,}.K}...R.Ks...rv..*...B...O....fYZYP......NoUk..A.QP...>......U.o.+.)........?.b......[m.........?.A...$..........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Sun\Resources\is-4JVNJ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):529686
                                          Entropy (8bit):7.9904112264032365
                                          Encrypted:true
                                          SSDEEP:12288:2DNxfLxiEdxbG7Y/n+dP+XF0PKIc/TpEjCwUlz5f:kDxi6oyn+dCFEvcF9wU/
                                          MD5:22B394FA6026FC7602B5948AD41D1E0A
                                          SHA1:F1E661460EF76CD81B1262860E789745ACFBBE61
                                          SHA-256:D5246FA6AEB497CC87B4A4791ECFB87AAD3E978560D8D7031D95EF7885879143
                                          SHA-512:16A58E10D3D6BF994FE550DC3075809C320398EB18572B0EB57171015CB2466A6C1A086A807EBB0557797FC2EE7E07A51039FD33E6A4429F668C35176EA130EA
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................x..........................................................#"""#''''''''''..................................................!! !!''''''''''......8...."..........%........................................................................!...1. A"02#..@B3$P`C4.p%5D.6.....................!.1.AQaq"....2....BR#3...br.....4. ...Cs..$Sc.0P..5@p..D..Tdt%`......................... !10AQ@aq......2P..."`Bb..Rr.p.3.....................!1AQaq........ .0@P`...............w...O.iO.>.W.].(.R...^......[..28..dR..X.U[t.b.*.Y>..W..=....ww..!....#.3Y.Ml+..H.VbH..:.>.d.Z.e.Yj...^k76.t......D....j-.Jf.d.jg...C]1.....D.......u.Y.......dt.wO2:x#..^.2:.....<.........<........DE.+...0...O.t."&......P.q..[DTt.....ekj.X.IH.K.&....OZ.M..&....%.....g@.W:..".H<Z..2......(J..h.:..P.(<J..j..%...6.R.Z.3[...k0....v.LEB..............A.E.....[.\GRj.^N....,........E".....[...#.........rq..=...H^..5.&...Me.Z.....Zbjg...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Sun\Resources\is-7DGLR.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2907
                                          Entropy (8bit):7.739523784465857
                                          Encrypted:false
                                          SSDEEP:48:+A+0+I+hYMhk5K9nvOwUolRkfGzNYGngoj0GzZNzQi7/hE4GX4yUng5aLnsamWbK:h+VI6XoKAmLzvlQOzQibAX4yCDpmWb3a
                                          MD5:7EED59090048207D09F25F3D1F50EFF0
                                          SHA1:24A93B3EE2D31C8E19C1A8D01BABFAD078AC8FD2
                                          SHA-256:66790DC3AFE1C2C67B5E64E757F3F1599CBC628FC2CBD0078D70CA76D5557BA9
                                          SHA-512:D01683DF51D4F9594313F57BFEB451AA9280A39CF42C7D2CBDC5928FFCB4DC797F1DCB273EB783D963507E8BF5AB3F9FCB90A4E6AFC3310193D18A963640BF16
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................P...Y......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".....................................................................................!.".1#......................!..1AQaq."2.....BRb..#..0...3Cs.4.................1..0. .!A....................!1AQaq.........................>z..w.Wr.....M.g.R.._h&.......j.G..v^d.....o....F...g-...",q.,.f.M*.q.Zb.....PW...6^.q...mu....`K...h4.......'/A..J2)=..%..............Nk.b`B.>Y.e9o.Os.5...Kx..Xa.............+............'...).s...... .a.............Q..@.30....`..2..Z..h.;:.&.&&./>........ ...8..............hv.#......8.u.F.c.n..................w..}...a..m.X..3.....|.1....u...Oe..~..i.}..l..|.h]A.g..n.m.t..u1ezK..U4...s)L.7...Y....%.J...*/Ycl.,}.K}...R.Ks...rv..*...B...O....fYZYP......NoUk..A.QP...>......U.o.+.)........?.b......[m.........?.A...$..........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Sun\is-OMM3P.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17620
                                          Entropy (8bit):4.8937888171124
                                          Encrypted:false
                                          SSDEEP:384:4cNJikLJyHWILPkLJyHWILUHNJQkLJyHWILhkLJyHWIL7kLJyHWILw1CjqwI1Cjr:fN8r0Nq9fkZbW
                                          MD5:AA2733F9FD17EA1ABDA9F59146EA4140
                                          SHA1:6A17D4E13A9933586A6AC7A6686D9665A0F6F156
                                          SHA-256:FD4082BF248346AC87666606845FEF2A3A3DE3415990D9CD48BB9D3F49E549D1
                                          SHA-512:7C3376C3E0A3D00870D40FA19BAAB1663BC4F95DFC15EBF111D1517355AC336E4B03127C1509A0343BD9B9AD642527C7AE927AFE91E1F0A96C394C18932052F3
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Sun" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="5013431" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.........<PenPro

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Traveling around the World\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17637
                                          Entropy (8bit):4.8935882124409575
                                          Encrypted:false
                                          SSDEEP:384:NFcNJikLJyqWILPkLJyqWILUHNJQkLJyqWILhkLJyqWIL7kLJyqWILw1CjqwI1CP:wN8ITNqAe1ZbW
                                          MD5:4E5D974A265B5C7C4E16D158DDD34B04
                                          SHA1:13A6A0FD40477786F6D13A7856BF3C4814ED52EA
                                          SHA-256:D64C31606F1B1709AEBE906C9CB40D58043D3636AA69C5C21398813884C83186
                                          SHA-512:06523A484CA5E09C56B8D7C6D2EC2F6F1596271C2AE11EDBBF1B29F444C135AA07838B00CE75A3D27AAFF797E6D319B2F4B7940A87FC7A4B41DE5DCE4A6DFE7D
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Traveling around the World" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="201137" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 =

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Traveling around the World\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):718268
                                          Entropy (8bit):7.987991945766967
                                          Encrypted:false
                                          SSDEEP:12288:kJfeQv+h2knrd5TrpgwUTmogA4PP9GLvn68xCuVLlZMXksyZOSudtMxogWfUzg17:VQmJn/VmjaILv69uVLo0xZNu3Mzw
                                          MD5:ABC782A5B5EB500CCB2A6C1D299A7DC4
                                          SHA1:31AF4D3B01E1A802F7B0F1494755856CC7ED1ADC
                                          SHA-256:363083EAE78051DFECA22735B6AFAC4C90F11B3B57C9D24F3C20B8A4B7F1D876
                                          SHA-512:ACCDA7B414CCBB27BA2C04C69862F580FFC755399FB3776460C4CB21898F0EE84699E477D3EF55F4A4B2682CB95332D7B477E51EDBC17F500AA98075B0AE811B
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............=@..............................................................#"""#''''''''''..................................................!! !!''''''''''......8...."......................................................................................!...1". A2.0#$@B34%.5PC&`.......................!1..AQ".aq2.B#.....R...br3 ..C$..S4.0...cs..@.D%5..Tdt.P......................!.1 A.0Qaq.@....."...2..P.`BRb.r..#....................!1AQaq......... .0@...............t..J.D.).~....:n...2. GP<.)..s.......nT...o.oLH....F..2.....e....r..o..t..Y^=..-E.. .Wb.0.v2...b....J.:....!...T=.V..Y...l*l.....S9[...<G.H.XU...`.!LD.$.b..:..g..'-..G...).c.C.\....b...........#._.T.;..b..T1Z..."...Z..]...3.V.Py.4).....,.Z.Q[..LG.Y.j.0..cP..S...F.6.ji..6...#@6nw;.gE..Q.".Y<.Rk.aR......+.\s.K...X.I.....-...>4Y..:....q...q..\..:..:Q.......2 ....SuM..+WE...3...|..`}b.:......2.D6..kB..12..vz...X...........].}_......]d....oS..x;mv....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Traveling around the World\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3944
                                          Entropy (8bit):7.841370213572643
                                          Encrypted:false
                                          SSDEEP:96:IXiZ7xiJjIQBxmdNY3MNo6b5S1/P7BnRuC:4M7zQfwNssTlanuC
                                          MD5:EDAE6D0C86D7DD264D5EDF0EEB6A0647
                                          SHA1:582D93A76553824B5AA0CBA9E5DDD558E9E46C59
                                          SHA-256:83DEFB9B8456D9C2F0728E562AB7498D932F7384D9CC307150AEFB7294A4C884
                                          SHA-512:DC5691EA2F88CC1CE828D19F5CD4A87BFC8E4D839A2CEAF1AE6EF2D7F04228EFED306D5D239557E321A3485DC4E5FCC502DA3537D9BF78EFAE737F8C58FFC5A8
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................R...f......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."....................................................................................!... 1A2.....................!...1A"..Qaq2B#....3......Rr...b$.....................!.1AQa.q.. ...2....................!1AQaq......................h..*...H...~W..tS.....a.z..N>$U.CI.96..[.R....8.......|.h.....Z7.}QQ...-(.b(..P>L-.1...u..D...U..p.....@.w-...eJ.,J.....T.l...y..S.............L.O....<..X^0...7.s...pN#s$z...9...G..................C.f.7....!..oY.'7.8....Q....1...x{..3.x..._..........Z.!..f.}.+x+..Yr.%...YX...Z.Z.A..%%.RS..kW1.....R5..=e....v.tNu....H&F.VJ.Hyz..NL......h.c..........+.M#.....l...I*=.[.....;Zw.z.\.].]_y.$.....W.l.%.i..Z(.....x..6..e..p.W..{..$.<.pX....O..;.?nY.".:{/d|}.....jui.l2.K...-...z..er.f........4.C.[..-...)P.....*........y{.r..W

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Traveling around the World\Resources\is-I1RS3.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):718268
                                          Entropy (8bit):7.987991945766967
                                          Encrypted:false
                                          SSDEEP:12288:kJfeQv+h2knrd5TrpgwUTmogA4PP9GLvn68xCuVLlZMXksyZOSudtMxogWfUzg17:VQmJn/VmjaILv69uVLo0xZNu3Mzw
                                          MD5:ABC782A5B5EB500CCB2A6C1D299A7DC4
                                          SHA1:31AF4D3B01E1A802F7B0F1494755856CC7ED1ADC
                                          SHA-256:363083EAE78051DFECA22735B6AFAC4C90F11B3B57C9D24F3C20B8A4B7F1D876
                                          SHA-512:ACCDA7B414CCBB27BA2C04C69862F580FFC755399FB3776460C4CB21898F0EE84699E477D3EF55F4A4B2682CB95332D7B477E51EDBC17F500AA98075B0AE811B
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............=@..............................................................#"""#''''''''''..................................................!! !!''''''''''......8...."......................................................................................!...1". A2.0#$@B34%.5PC&`.......................!1..AQ".aq2.B#.....R...br3 ..C$..S4.0...cs..@.D%5..Tdt.P......................!.1 A.0Qaq.@....."...2..P.`BRb.r..#....................!1AQaq......... .0@...............t..J.D.).~....:n...2. GP<.)..s.......nT...o.oLH....F..2.....e....r..o..t..Y^=..-E.. .Wb.0.v2...b....J.:....!...T=.V..Y...l*l.....S9[...<G.H.XU...`.!LD.$.b..:..g..'-..G...).c.C.\....b...........#._.T.;..b..T1Z..."...Z..]...3.V.Py.4).....,.Z.Q[..LG.Y.j.0..cP..S...F.6.ji..6...#@6nw;.gE..Q.".Y<.Rk.aR......+.\s.K...X.I.....-...>4Y..:....q...q..\..:..:Q.......2 ....SuM..+WE...3...|..`}b.:......2.D6..kB..12..vz...X...........].}_......]d....oS..x;mv....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Traveling around the World\Resources\is-IBHC4.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3944
                                          Entropy (8bit):7.841370213572643
                                          Encrypted:false
                                          SSDEEP:96:IXiZ7xiJjIQBxmdNY3MNo6b5S1/P7BnRuC:4M7zQfwNssTlanuC
                                          MD5:EDAE6D0C86D7DD264D5EDF0EEB6A0647
                                          SHA1:582D93A76553824B5AA0CBA9E5DDD558E9E46C59
                                          SHA-256:83DEFB9B8456D9C2F0728E562AB7498D932F7384D9CC307150AEFB7294A4C884
                                          SHA-512:DC5691EA2F88CC1CE828D19F5CD4A87BFC8E4D839A2CEAF1AE6EF2D7F04228EFED306D5D239557E321A3485DC4E5FCC502DA3537D9BF78EFAE737F8C58FFC5A8
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................R...f......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."....................................................................................!... 1A2.....................!...1A"..Qaq2B#....3......Rr...b$.....................!.1AQa.q.. ...2....................!1AQaq......................h..*...H...~W..tS.....a.z..N>$U.CI.96..[.R....8.......|.h.....Z7.}QQ...-(.b(..P>L-.1...u..D...U..p.....@.w-...eJ.,J.....T.l...y..S.............L.O....<..X^0...7.s...pN#s$z...9...G..................C.f.7....!..oY.'7.8....Q....1...x{..3.x..._..........Z.!..f.}.+x+..Yr.%...YX...Z.Z.A..%%.RS..kW1.....R5..=e....v.tNu....H&F.VJ.Hyz..NL......h.c..........+.M#.....l...I*=.[.....;Zw.z.\.].]_y.$.....W.l.%.i..Z(.....x..6..e..p.W..{..$.<.pX....O..;.?nY.".:{/d|}.....jui.l2.K...-...z..er.f........4.C.[..-...)P.....*........y{.r..W

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Traveling around the World\is-9JHLB.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17637
                                          Entropy (8bit):4.8935882124409575
                                          Encrypted:false
                                          SSDEEP:384:NFcNJikLJyqWILPkLJyqWILUHNJQkLJyqWILhkLJyqWIL7kLJyqWILw1CjqwI1CP:wN8ITNqAe1ZbW
                                          MD5:4E5D974A265B5C7C4E16D158DDD34B04
                                          SHA1:13A6A0FD40477786F6D13A7856BF3C4814ED52EA
                                          SHA-256:D64C31606F1B1709AEBE906C9CB40D58043D3636AA69C5C21398813884C83186
                                          SHA-512:06523A484CA5E09C56B8D7C6D2EC2F6F1596271C2AE11EDBBF1B29F444C135AA07838B00CE75A3D27AAFF797E6D319B2F4B7940A87FC7A4B41DE5DCE4A6DFE7D
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Traveling around the World" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="201137" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 =

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Wedding\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17624
                                          Entropy (8bit):4.898667179173268
                                          Encrypted:false
                                          SSDEEP:384:0cNJikLJyJWILPkLJyJWILUHNJQkLJyJWILhkLJyJWIL7kLJyJWILw1CjqwI1Cjr:TN8xyNqrtaZbW
                                          MD5:3F33AA603B7D9F56BFBEAEEC916BCE12
                                          SHA1:05B1AAAE081218E6BA3A1371E953245F6BFA45C2
                                          SHA-256:676CC6DFB45F733CAE056A0E9EB5A9B2149C2FF2653BD1C94E4E698B66671B8A
                                          SHA-512:3C6C64CA1B7BBA945E4C8B3AC4D962C940045071483ADE95C38D3482A05DB1990BB27ADF1CE197B09E459F395CF6ABC4C589A9335B559984AE64D5D00C9AEF56
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Wedding" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="8773879" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.........<Pe

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Wedding\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):113556
                                          Entropy (8bit):7.974643905066326
                                          Encrypted:false
                                          SSDEEP:3072:X9NkQpSwGvU55o3aHzFnfTflwt/Cko6DhOrWJ+AuBHh:DkQYZ83Fnf7quWJNuBHh
                                          MD5:8966AD89B55EE1E41EAA9DC9E1BE627E
                                          SHA1:9696136472149003344D02D3FAD54F4D65E7ACB4
                                          SHA-256:31F997ED2141592412E3D08A6E3C8F9606B0B2DF4E8B7A2D9504AD5A81D53D23
                                          SHA-512:5F22E702EA8A8F5124D7D405304DF90FA820181EC4F7D4494A403F9700B07FE2AFD99EC72E3D85E555126FA31DD4EF8D3B31C06A0C25C3BC4DC23E2B66E398FB
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................\..........................................................#"""#''''''''''..................................................!! !!''''''''''......8...."...................................................................................!.. 01..@`AP"2.#.3.pB4$%.5.......................!.1A..Qaq ...."2.0@p..B...Rbr#..3P....CScs4...$..Td....................!1.0` Q.Aaq...p.."@...2....................!1.AQ aq0......@.P`..................ju..."..sR.4H..@.g.%.K.Ky.(.%..C.R.......[.C...0...C...F..Bf.T.F...r!..`.!.......N..%...4.n\.+BD..B...i...N..BF..U.!y.@*.!.`.Z..........*CL..MT..2.%9@L..,)..C@.8.@.M..!.I..L....a.nh.B.AF.........e.X..B.W;...>..k..r....-s..-g.6-0....5qre8-.zgVm|.y..L..Bd..-B.......XX*Q*.p.R..sH.4...N...p.....0.C..Ch.Bi..TVvP.T..j...!.....!......@iG"0j....$.N...j....4.^Z..%....,0K.Q0...KHd...,LCFlV..r..J...s....E..N...@.4...P..sB.,N/..3-1..m+..X......a^f.q,+2.....y.\.Ky...-8T....I.o.e.zk;.9.^z

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Wedding\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2384
                                          Entropy (8bit):7.626830328596624
                                          Encrypted:false
                                          SSDEEP:48:mAsLBcTKc3MJBvqGLK1czX6JQhXlKIoVKo5rC06Gih:psLBcTjAXHXAVb5Whh
                                          MD5:E27D58D695B1C54A560FB55BF1600259
                                          SHA1:E8B3F1378867448DF6332C9B0BCBB0B0F7758957
                                          SHA-256:3D54DFF0BE3C7143575FC1E0761F60F454CC6322045001322A6A24ABF611126D
                                          SHA-512:1A61607F71F8E5E4B4C52F7EDD9CEBC01E1305A7DB5DA61063BD7DD16F381671DB2401E046F970A56985EE539728A58063B0B74F3F117C84F650801B9015D4C2
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............Z...7...N......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."................................................................................. ....0.!1#4........................!1Aa.Q..". q..Br.....2R#3.b................... .!0.A...Q..."...................!.1AQa.q.. ...................fv.S....u.9...$..?-t.4nK.eO}.)..Z.3\6.j2..$mC/|{n...c-...../a.WO..v......rM.Tbd&...XGB.I.$c.;g...m:T...UI.QI."J..m*...............O\..y##.......6..8........................g_...........dk#.b.s..q.s.u.....8.g..j;n.\.V..wB............f&.D....=.x.........i..0<...jE.u.q.,In$x....s.c.X...h...d..]u...-...Z......,..|.....WU.N...[Q....X........$.)[.pZ.d:E..d.c...l%.8WkU.vi+.mcFIWa..Z........uI^^W...k@...........?...NO.....uTr............?..#....I?........?..........r4Ouq.:o.X..rh[......l.N_...k...H.O.....=.....)+..bA..."<G.I....(....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Wedding\Resources\is-4H1GB.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2384
                                          Entropy (8bit):7.626830328596624
                                          Encrypted:false
                                          SSDEEP:48:mAsLBcTKc3MJBvqGLK1czX6JQhXlKIoVKo5rC06Gih:psLBcTjAXHXAVb5Whh
                                          MD5:E27D58D695B1C54A560FB55BF1600259
                                          SHA1:E8B3F1378867448DF6332C9B0BCBB0B0F7758957
                                          SHA-256:3D54DFF0BE3C7143575FC1E0761F60F454CC6322045001322A6A24ABF611126D
                                          SHA-512:1A61607F71F8E5E4B4C52F7EDD9CEBC01E1305A7DB5DA61063BD7DD16F381671DB2401E046F970A56985EE539728A58063B0B74F3F117C84F650801B9015D4C2
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............Z...7...N......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."................................................................................. ....0.!1#4........................!1Aa.Q..". q..Br.....2R#3.b................... .!0.A...Q..."...................!.1AQa.q.. ...................fv.S....u.9...$..?-t.4nK.eO}.)..Z.3\6.j2..$mC/|{n...c-...../a.WO..v......rM.Tbd&...XGB.I.$c.;g...m:T...UI.QI."J..m*...............O\..y##.......6..8........................g_...........dk#.b.s..q.s.u.....8.g..j;n.\.V..wB............f&.D....=.x.........i..0<...jE.u.q.,In$x....s.c.X...h...d..]u...-...Z......,..|.....WU.N...[Q....X........$.)[.pZ.d:E..d.c...l%.8WkU.vi+.mcFIWa..Z........uI^^W...k@...........?...NO.....uTr............?..#....I?........?..........r4Ouq.:o.X..rh[......l.N_...k...H.O.....=.....)+..bA..."<G.I....(....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Wedding\Resources\is-C3SSP.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):113556
                                          Entropy (8bit):7.974643905066326
                                          Encrypted:false
                                          SSDEEP:3072:X9NkQpSwGvU55o3aHzFnfTflwt/Cko6DhOrWJ+AuBHh:DkQYZ83Fnf7quWJNuBHh
                                          MD5:8966AD89B55EE1E41EAA9DC9E1BE627E
                                          SHA1:9696136472149003344D02D3FAD54F4D65E7ACB4
                                          SHA-256:31F997ED2141592412E3D08A6E3C8F9606B0B2DF4E8B7A2D9504AD5A81D53D23
                                          SHA-512:5F22E702EA8A8F5124D7D405304DF90FA820181EC4F7D4494A403F9700B07FE2AFD99EC72E3D85E555126FA31DD4EF8D3B31C06A0C25C3BC4DC23E2B66E398FB
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................\..........................................................#"""#''''''''''..................................................!! !!''''''''''......8...."...................................................................................!.. 01..@`AP"2.#.3.pB4$%.5.......................!.1A..Qaq ...."2.0@p..B...Rbr#..3P....CScs4...$..Td....................!1.0` Q.Aaq...p.."@...2....................!1.AQ aq0......@.P`..................ju..."..sR.4H..@.g.%.K.Ky.(.%..C.R.......[.C...0...C...F..Bf.T.F...r!..`.!.......N..%...4.n\.+BD..B...i...N..BF..U.!y.@*.!.`.Z..........*CL..MT..2.%9@L..,)..C@.8.@.M..!.I..L....a.nh.B.AF.........e.X..B.W;...>..k..r....-s..-g.6-0....5qre8-.zgVm|.y..L..Bd..-B.......XX*Q*.p.R..sH.4...N...p.....0.C..Ch.Bi..TVvP.T..j...!.....!......@iG"0j....$.N...j....4.^Z..%....,0K.Q0...KHd...,LCFlV..r..J...s....E..N...@.4...P..sB.,N/..3-1..m+..X......a^f.q,+2.....y.\.Ky...-8T....I.o.e.zk;.9.^z

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Wedding\is-MSH3H.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17624
                                          Entropy (8bit):4.898667179173268
                                          Encrypted:false
                                          SSDEEP:384:0cNJikLJyJWILPkLJyJWILUHNJQkLJyJWILhkLJyJWIL7kLJyJWILw1CjqwI1Cjr:TN8xyNqrtaZbW
                                          MD5:3F33AA603B7D9F56BFBEAEEC916BCE12
                                          SHA1:05B1AAAE081218E6BA3A1371E953245F6BFA45C2
                                          SHA-256:676CC6DFB45F733CAE056A0E9EB5A9B2149C2FF2653BD1C94E4E698B66671B8A
                                          SHA-512:3C6C64CA1B7BBA945E4C8B3AC4D962C940045071483ADE95C38D3482A05DB1990BB27ADF1CE197B09E459F395CF6ABC4C589A9335B559984AE64D5D00C9AEF56
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Wedding" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="8773879" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="150" y1="216" x2="510" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.........<Pe

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Winter Ice\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17634
                                          Entropy (8bit):4.897434912182962
                                          Encrypted:false
                                          SSDEEP:384:/cNJDkLJy2WILTkLJy2WILUHNJQkLJy2WILhkLJy2WIL7kLJy2WILw1CjqwI1Cjr:kNNc7NqYmtZbW
                                          MD5:71F59DBCF6FA1BB8CCD3FD56FD833C7F
                                          SHA1:59C05641A603634496A7BA64AFFE9727690027CE
                                          SHA-256:13DCD7E48DDC0A0DE7B6F61C6E0CFAE6BDF25F2CB70656B2C09E6C7C3A3FB086
                                          SHA-512:6FAB8EE864B80D6904BF927F6A998E6DE657C69ED8207D124666A040CDFDDC18597428B3D462604971F614D0B56F873B7EFAA4DBC7C7C3CE4245208CFC7AACAE
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Winter Ice" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="9671571" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Winter Ice\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):136880
                                          Entropy (8bit):7.965629639889824
                                          Encrypted:false
                                          SSDEEP:3072:F1/At4d3d4pn46YD11ZZ3LYB0FNS3spWk/7gZDzgheHkJ0j:3ZdSn/Yh1zEB63pWk/7zB0j
                                          MD5:A722230F9ADD64802EAF8261E06CE1C0
                                          SHA1:55A35C4ABAF355B8E6577EE7DFB511B806EC3969
                                          SHA-256:90E66AFD7D83AD36480006E23D7BE3C8C81C5A28B9768CD867090B328AEE0C9A
                                          SHA-512:EEB0960608DA5FD078F6A63FF56D4110517BA401BF80C3A4D6E332FED986469169EF2F1A6A719C6C5B69A7C18CBA31EE1027C4B6DCAD729F7E7439B3C8A4919F
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.................!A..........................................................#"""#''''''''''..................................................!! !!''''''''''......8...."...................................................................................!.. 1.0`"A2..@#P.pB3.$4.....................!1. A.0Qa"2.q..@...`p...BR3.P.b..#..r...CS$4....................!. 10`Q@..PapAq.."............................!1AQ.aq ......0`@..P.................}....|....\.{}.Z~t.K._...[?2..{.Oc.....y7..:.lyyWg'7..t....:q..2..={..u....N..do...]../.>n'../9..Y......z"r...........=....?.g5e.x..n^w_...e.wrgZ.....uf...^.ii9if.a..csN.?....Y..Z...+..).5....'Uy.L...r..i.eS.0.~..;....k.....Ad...,e..../%......L.I........ ..... ..@.. ..@..................|V.g.s.U...K._......|...w..w.?5......^.9.'G?^+.f.y..].w...O4.......:.A..o....T.u.p.=,."OK...4..kjgX..Ji>....>..v.u..8zS...0.8....._..&.9.r...?.........m..\..t.^+...g...F..9kR.P...g....SZ

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Winter Ice\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x74, components 3
                                          Category:dropped
                                          Size (bytes):2698
                                          Entropy (8bit):7.679630238437979
                                          Encrypted:false
                                          SSDEEP:48:2AIKAqqWNPy1JlXvXywuLpEmMZb/UKS/+v1y74FAuKOW6h83smSJyvnF:5ItpXlywZmMZYKS/q1X6OW6hIt
                                          MD5:73893948338CBA84F04EEEE58F64ED84
                                          SHA1:B3ABBF90EE289DCFC5AF5D534347B920E3DA3170
                                          SHA-256:ADB441DDA6C7A22EB84AAA186330EFF5B5F6C576B1604D78AA99D971FADD610D
                                          SHA-512:F1299903C667622BA0388BA5FCE155093CC74AF05FA22C69DD4F87E25DA745A34111F840D4F49D1E88A059089C4C3D94E2762C74F2B7928AE5E4FC633517FBC4
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............X..............................................................#"""#''''''''''..................................................!! !!''''''''''......J.`.."..................................................................................... 0!1"3#.2BCD.....................!.A.1Qa"q2. ....B#.Rr.....b.....................! 1.0Q....................!.1AQaq... .....................ug.K..k.]...w!.0.0!.g>...r .9.i,D...>..%....-<.R.~.+..r)n.....d...zW.<.g*...e....C&.\#.vfiU.....h....D@..................br,.....a.h.U...._^.............3.......h..:...l.9.?..........k.*9X.(%....m2fL.0+,6P..u.N.X.....@O.......+..3.Lx.ab.H....G.....).q...k<N.P!...".B/...nV....(p...V.2..R.........5...V.C;......<....W..YV...D.^@..84X.F...1,]a.X."..Y.l..({X.........]p5........f.......?...............?..B.8,!.P...........?..rGG./O........?..I'...k..G*/&H...... ...^u>...?8..Ks.j..}.\...]..v..53.P!.X .nK.,..y..C...`....Wi.X....~g.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Winter Ice\Resources\is-7NVC1.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):136880
                                          Entropy (8bit):7.965629639889824
                                          Encrypted:false
                                          SSDEEP:3072:F1/At4d3d4pn46YD11ZZ3LYB0FNS3spWk/7gZDzgheHkJ0j:3ZdSn/Yh1zEB63pWk/7zB0j
                                          MD5:A722230F9ADD64802EAF8261E06CE1C0
                                          SHA1:55A35C4ABAF355B8E6577EE7DFB511B806EC3969
                                          SHA-256:90E66AFD7D83AD36480006E23D7BE3C8C81C5A28B9768CD867090B328AEE0C9A
                                          SHA-512:EEB0960608DA5FD078F6A63FF56D4110517BA401BF80C3A4D6E332FED986469169EF2F1A6A719C6C5B69A7C18CBA31EE1027C4B6DCAD729F7E7439B3C8A4919F
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.................!A..........................................................#"""#''''''''''..................................................!! !!''''''''''......8...."...................................................................................!.. 1.0`"A2..@#P.pB3.$4.....................!1. A.0Qa"2.q..@...`p...BR3.P.b..#..r...CS$4....................!. 10`Q@..PapAq.."............................!1AQ.aq ......0`@..P.................}....|....\.{}.Z~t.K._...[?2..{.Oc.....y7..:.lyyWg'7..t....:q..2..={..u....N..do...]../.>n'../9..Y......z"r...........=....?.g5e.x..n^w_...e.wrgZ.....uf...^.ii9if.a..csN.?....Y..Z...+..).5....'Uy.L...r..i.eS.0.~..;....k.....Ad...,e..../%......L.I........ ..... ..@.. ..@..................|V.g.s.U...K._......|...w..w.?5......^.9.'G?^+.f.y..].w...O4.......:.A..o....T.u.p.=,."OK...4..kjgX..Ji>....>..v.u..8zS...0.8....._..&.9.r...?.........m..\..t.^+...g...F..9kR.P...g....SZ

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Winter Ice\Resources\is-BFNQC.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x74, components 3
                                          Category:dropped
                                          Size (bytes):2698
                                          Entropy (8bit):7.679630238437979
                                          Encrypted:false
                                          SSDEEP:48:2AIKAqqWNPy1JlXvXywuLpEmMZb/UKS/+v1y74FAuKOW6h83smSJyvnF:5ItpXlywZmMZYKS/q1X6OW6hIt
                                          MD5:73893948338CBA84F04EEEE58F64ED84
                                          SHA1:B3ABBF90EE289DCFC5AF5D534347B920E3DA3170
                                          SHA-256:ADB441DDA6C7A22EB84AAA186330EFF5B5F6C576B1604D78AA99D971FADD610D
                                          SHA-512:F1299903C667622BA0388BA5FCE155093CC74AF05FA22C69DD4F87E25DA745A34111F840D4F49D1E88A059089C4C3D94E2762C74F2B7928AE5E4FC633517FBC4
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............X..............................................................#"""#''''''''''..................................................!! !!''''''''''......J.`.."..................................................................................... 0!1"3#.2BCD.....................!.A.1Qa"q2. ....B#.Rr.....b.....................! 1.0Q....................!.1AQaq... .....................ug.K..k.]...w!.0.0!.g>...r .9.i,D...>..%....-<.R.~.+..r)n.....d...zW.<.g*...e....C&.\#.vfiU.....h....D@..................br,.....a.h.U...._^.............3.......h..:...l.9.?..........k.*9X.(%....m2fL.0+,6P..u.N.X.....@O.......+..3.Lx.ab.H....G.....).q...k<N.P!...".B/...nV....(p...V.2..R.........5...V.C;......<....W..YV...D.^@..84X.F...1,]a.X."..Y.l..({X.........]p5........f.......?...............?..B.8,!.P...........?..rGG./O........?..I'...k..G*/&H...... ...^u>...?8..Ks.j..}.\...]..v..53.P!.X .nK.,..y..C...`....Wi.X....~g.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Winter Ice\is-OPGSD.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17634
                                          Entropy (8bit):4.897434912182962
                                          Encrypted:false
                                          SSDEEP:384:/cNJDkLJy2WILTkLJy2WILUHNJQkLJy2WILhkLJy2WIL7kLJy2WILw1CjqwI1Cjr:kNNc7NqYmtZbW
                                          MD5:71F59DBCF6FA1BB8CCD3FD56FD833C7F
                                          SHA1:59C05641A603634496A7BA64AFFE9727690027CE
                                          SHA-256:13DCD7E48DDC0A0DE7B6F61C6E0CFAE6BDF25F2CB70656B2C09E6C7C3A3FB086
                                          SHA-512:6FAB8EE864B80D6904BF927F6A998E6DE657C69ED8207D124666A040CDFDDC18597428B3D462604971F614D0B56F873B7EFAA4DBC7C7C3CE4245208CFC7AACAE
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Winter Ice" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="9671571" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Winter Lake\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17635
                                          Entropy (8bit):4.896744996038542
                                          Encrypted:false
                                          SSDEEP:384:NcNJDkLJyAWILTkLJyAWILUHNJQkLJyAWILhkLJyAWIL7kLJyAWILw1CjqwI1Cjr:uNNutNqSYvZbW
                                          MD5:9E2E76A44A44695BCE04FF80028E2343
                                          SHA1:A3196E780792DE570B2B8809BE347A8AE648ED4C
                                          SHA-256:61B5992D37CB39CF7ADE381FD239C0694F190E1E81AE5EBDEB141370EE82D50F
                                          SHA-512:01551AEB6ED2D8B91FF8BC14E122D4EADC179D9D68040A61F7AD47CCA4F244791DB2918950F0F568F994A350F7FD924F783BD3E9F5318FB55B7D38541B7DC469
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Winter Lake" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="6831910" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Winter Lake\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):473148
                                          Entropy (8bit):7.981310898815924
                                          Encrypted:false
                                          SSDEEP:12288:uGgSFcSzCbVjfCmV8WINkXScEtFbjPHAXMLgkFR:BFcSzS+mV8WfE/bjPHZLgkn
                                          MD5:E0B380B3393DCA59D1C66A9A8B7AB0BD
                                          SHA1:ACE5F3025FD4B60668A1C52B054AD1430CAB2C4C
                                          SHA-256:19EB6ADC3392F974C171410F787E4EADBB1E89EBE4FC21CE0C90966A5E6213AE
                                          SHA-512:3B9C58434AB72F65EAA58397EEE4C4ADF8F77954E79293FCDA6C0FC12EBA7E9A3D7338C9155C819BFB5155FEF0020B65D0B074089CC00309E3B7D01D3BF060DD
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............E..h...8:......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."......................................................................................!. 1.0"#.@AP`2$.pB34%........................!1..AQ".aq2..B#.....R..b3 .r.C$..0`..S4.@pcP.D..s%...T.5.....................! 01@`QPAqa.......p..."......................!1AQaq..... ...0.@P.`p.................`:dP.T..T.@.....@T ......R...T.U.U.U.:.@.Q.D..@.....(........P.................P....DQ.D...@T...E............E..........P...A..Q.P.^TP .T...(...Q@.@.........P.E.@T.T.@......Q@.@.....8.P.......!.S.A..P.@.@E@..B.E..E..P.AUy..;8QW..@Q.D......P.@Q.DPT.....P.A@@P............@T.....@T.D....P..Q.@...Q......D.......@.@..T.....Q.Q...E..^UT@Q.@.....JT@..T!D.@.JT.....@....P..Q@.......DP...Q.D...E......@P.@P...DAUQ:A...E........D..U.`.A..AD)DP^TQ.Q.W..E.E.A@. .........Q..JQ.D..Q.D.P.E..PE.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Winter Lake\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x74, components 3
                                          Category:dropped
                                          Size (bytes):3325
                                          Entropy (8bit):7.7772059849087665
                                          Encrypted:false
                                          SSDEEP:48:XApvNWaQlJhRq2rrMGvO7SN09jpQS+hDNKu8fFA3yTMehJNFy4SqonxAulrMWtSU:wp5QrhMx7h9Uh8moVSZmMrPMgEXG
                                          MD5:8EF66B37FD1750AB7B3FA725CE845176
                                          SHA1:00C006E8DE4D2822FFFC3B8CB84BDC4CD401C954
                                          SHA-256:08DE848C2F525F82DBB3F5D3C144414A58D560AAD68F06CEBAE768D797CF26E5
                                          SHA-512:BEFB8B4A11AFB7D38A65BE6B440D146800AC38CC039309566C987ECDC9F29FB951A42005A0CB482E90D0A6CA5B04E6A04F24745BA1614AFBE192C0F851721E2E
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......J.`.."....................................................................................!3.4"2 1A#......................!1.AQ"2..aq3.B#......Rb.4.s. @.r...cD.................0@.Q....................!1AQa..q........................W...6^......!........Z.._$.]s+p+..?....v..H|.';..d.\..JX..E^t.,)*..A#..K....h<D.KV2.L@.3p.&.Xb.C...F.f..>q&...f.q..g..................0....,.6.d....h.e.=W.S............-.VVr..}V2...e....u.}..D............YYY.9YY..a..rwj..2...3Z...n...l.YRL......@.'au!X./!3...[.,...q+...^6!.g ..!..l.M(.K.4g....Y....OO.NB.j..^.KZw1.i..JF..).,.%..m........2.....38<.....T..bf.......Z...$T:.....H.Q..U....<.d...D...^nW.Y6a...k|......NL...d...k...%&?!.....w.C.bS...(.J.B=a3.Vz.c.d.z.......I..M4..[.{or..?...,{.......^.........?...o........?........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Winter Lake\Resources\is-615M8.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1920x1080, components 3
                                          Category:dropped
                                          Size (bytes):473148
                                          Entropy (8bit):7.981310898815924
                                          Encrypted:false
                                          SSDEEP:12288:uGgSFcSzCbVjfCmV8WINkXScEtFbjPHAXMLgkFR:BFcSzS+mV8WfE/bjPHZLgkn
                                          MD5:E0B380B3393DCA59D1C66A9A8B7AB0BD
                                          SHA1:ACE5F3025FD4B60668A1C52B054AD1430CAB2C4C
                                          SHA-256:19EB6ADC3392F974C171410F787E4EADBB1E89EBE4FC21CE0C90966A5E6213AE
                                          SHA-512:3B9C58434AB72F65EAA58397EEE4C4ADF8F77954E79293FCDA6C0FC12EBA7E9A3D7338C9155C819BFB5155FEF0020B65D0B074089CC00309E3B7D01D3BF060DD
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............E..h...8:......................................................#"""#''''''''''..................................................!! !!''''''''''......8...."......................................................................................!. 1.0"#.@AP`2$.pB34%........................!1..AQ".aq2..B#.....R..b3 .r.C$..0`..S4.@pcP.D..s%...T.5.....................! 01@`QPAqa.......p..."......................!1AQaq..... ...0.@P.`p.................`:dP.T..T.@.....@T ......R...T.U.U.U.:.@.Q.D..@.....(........P.................P....DQ.D...@T...E............E..........P...A..Q.P.^TP .T...(...Q@.@.........P.E.@T.T.@......Q@.@.....8.P.......!.S.A..P.@.@E@..B.E..E..P.AUy..;8QW..@Q.D......P.@Q.DPT.....P.A@@P............@T.....@T.D....P..Q.@...Q......D.......@.@..T.....Q.Q...E..^UT@Q.@.....JT@..T!D.@.JT.....@....P..Q@.......DP...Q.D...E......@P.@P...DAUQ:A...E........D..U.`.A..AD)DP^TQ.Q.W..E.E.A@. .........Q..JQ.D..Q.D.P.E..PE.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Winter Lake\Resources\is-HLOK4.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x74, components 3
                                          Category:dropped
                                          Size (bytes):3325
                                          Entropy (8bit):7.7772059849087665
                                          Encrypted:false
                                          SSDEEP:48:XApvNWaQlJhRq2rrMGvO7SN09jpQS+hDNKu8fFA3yTMehJNFy4SqonxAulrMWtSU:wp5QrhMx7h9Uh8moVSZmMrPMgEXG
                                          MD5:8EF66B37FD1750AB7B3FA725CE845176
                                          SHA1:00C006E8DE4D2822FFFC3B8CB84BDC4CD401C954
                                          SHA-256:08DE848C2F525F82DBB3F5D3C144414A58D560AAD68F06CEBAE768D797CF26E5
                                          SHA-512:BEFB8B4A11AFB7D38A65BE6B440D146800AC38CC039309566C987ECDC9F29FB951A42005A0CB482E90D0A6CA5B04E6A04F24745BA1614AFBE192C0F851721E2E
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......J.`.."....................................................................................!3.4"2 1A#......................!1.AQ"2..aq3.B#......Rb.4.s. @.r...cD.................0@.Q....................!1AQa..q........................W...6^......!........Z.._$.]s+p+..?....v..H|.';..d.\..JX..E^t.,)*..A#..K....h<D.KV2.L@.3p.&.Xb.C...F.f..>q&...f.q..g..................0....,.6.d....h.e.=W.S............-.VVr..}V2...e....u.}..D............YYY.9YY..a..rwj..2...3Z...n...l.YRL......@.'au!X./!3...[.,...q+...^6!.g ..!..l.M(.K.4g....Y....OO.NB.j..^.KZw1.i..JF..).,.%..m........2.....38<.....T..bf.......Z...$T:.....H.Q..U....<.d...D...^nW.Y6a...k|......NL...d...k...%&?!.....w.C.bS...(.J.B=a3.Vz.c.d.z.......I..M4..[.{or..?...,{.......^.........?...o........?........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\BluRayMenuStyles\Winter Lake\is-FCA3A.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17635
                                          Entropy (8bit):4.896744996038542
                                          Encrypted:false
                                          SSDEEP:384:NcNJDkLJyAWILTkLJyAWILUHNJQkLJyAWILhkLJyAWIL7kLJyAWILw1CjqwI1Cjr:uNNutNqSYvZbW
                                          MD5:9E2E76A44A44695BCE04FF80028E2343
                                          SHA1:A3196E780792DE570B2B8809BE347A8AE648ED4C
                                          SHA-256:61B5992D37CB39CF7ADE381FD239C0694F190E1E81AE5EBDEB141370EE82D50F
                                          SHA-512:01551AEB6ED2D8B91FF8BC14E122D4EADC179D9D68040A61F7AD47CCA4F244791DB2918950F0F568F994A350F7FD924F783BD3E9F5318FB55B7D38541B7DC469
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Winter Lake" menuwidth="1280" menuheight="720" chaptermasksize="20" chaptermaskcolor="6831910" chaptermaskalpha="255">...<SimpleMenu.MainPage>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="1280" y2="720"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="460" y1="216" x2="820" y2="350"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>.......<Over typeid="#80B">........<DrawObject typeid = "#0400" metric="3">.........<Rect typeid = "#0200" x1 ="0" y1 ="0" x2 = "1" y2 ="1" />.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Autumn\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9138
                                          Entropy (8bit):5.021006953760257
                                          Encrypted:false
                                          SSDEEP:192:yONJ+skLFkLrLNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:yONJFkLFkLrLNJhkLpkL7kLuvyCjqw6N
                                          MD5:13EE929D8122467265B1E0BFCFD2BDE3
                                          SHA1:BB0C82A43D4B6D90A652F3FCB94DC3C9880F180E
                                          SHA-256:9733D86B13394208FF3D946B2DE246A05D164B2D006E26B903ADCD2B37F9FDF1
                                          SHA-512:80E8328D4FF11CE7269597B92DB0BF6FA6797E1BB2E34857A9996A1A1A759D21E906A38A36CF9A6929BDA72276B0C54B3AB750D0EB90F7BFF00C59AF24282440
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Autumn" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="4704" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<Defau

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Autumn\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):81829
                                          Entropy (8bit):7.9806419246002935
                                          Encrypted:false
                                          SSDEEP:1536:QnEO/82DJJCFOHSwggEbPLNXbi1k86DeuxcWNYqYSo6AuHYrsfe8kZzl2k:QEK803+BwggGPLce86DZdYSpACfuzlT
                                          MD5:FC34A1F0C4591BCF8CAEDFA53CC87F6B
                                          SHA1:C5BB065937391206E99F0E7F8221B9ACA86C853E
                                          SHA-256:EB1BD87971D53ED612524E0E4836D2A29619B22F380AB5A44FBBF3088FC5DFD2
                                          SHA-512:B6E29C4439B52FF4B8BC0164C6473EF8F3D697AB99720CCFCFE9F24346396A4DB5C58595C287EC75118B960C727144C1A46381EB741676976CEF6AC61566E71B
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............^N......?.......................................................#"""#''''''''''..................................................!! !!''''''''''...........".......................................................................................!..1" .A2#.3.0B$4.....................!.1AQ..a" q..2B.....R#...0br.3..@...CS..$.s.......................!.. 1Q0Aaq."....@..2...#.Rb.B.Pr.....................!1AQaq.......... ..............7O..A[...f....b.c.'&...YQ(..=..}.d3o..cY...3$....O..,...1.X.9.J._<Ks...U.r...?..+..~B..fz..xh(L~.@.O...s=.=.....M/....M..:.,.....A...l.....vm......P..lUI.JF.a`..{..V>....l.......lU...V.{....y4-.:)..>....$...m..f....C..0...P....\.V...1&.EW..C,.............s..].TWY!]x.............z3.a0..aGD%7*m.....7l...m...d..aE.\.....W......P..c..^....b\..}qH^m..yh....XM..kx......q.]..St.I.ez.-...+s..<k.x....O..........@..o....oH.q..M..).+..Ei..[Bv.8...e...nh].[.U=.=..a..3..u.U.W.KoO..d.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Autumn\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):4011
                                          Entropy (8bit):7.832724998502113
                                          Encrypted:false
                                          SSDEEP:96:iPpv0A5wqIYAcnawa6ojIQH3zzFG3hyUnGmUOf:Q0A508a6RqdGBzUI
                                          MD5:BCB616D4E2FEBFB96545834245704D84
                                          SHA1:F352BB237620A50E11375E08174F1B5CB92F3F97
                                          SHA-256:D484BFEC366D4B1C37D7DDFD31F36F36DF0D22FE8D8366A2D3238596490B7D76
                                          SHA-512:7C489B556DC3993338D435FC5ED42555ECCCF5857D8E9766AAB0247F234232C509297D54EABBDCEADBC451DE4B0D05BD49B77D8C610ACB334A0238848B751629
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............n...D..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................"...!2B#3C.....................!.1.AQ".aq2..BR#..br...3..........................!1..AQa"q..2.......BR.b....................!1AQaq......................X.?.{.V....te.H%5....w.z.B.=..F..>B'..%n...F..4.....f.]...l...;..g...7......S.&o... n.u.3....K=..".........5.V.$.f.>..)...E.....%,....H.'.I=.............Y4LR..PT..l...VA.[O.\&,....1Q...#a..#,n........[..0...N..).31=.]z...|.3...9..............`..-.i....,Y.,XxrK.^.=..fP.(3....o...Ep....O.D3.=...0.....gL.:.O............k..k&.....u.~.<.)....A.X^..U........}.:V..SNZ........:k..N..}...V.1.]q.]a..v......aL/.......@.h.W.....]....Z.Z[...Ym..<.}."<._..s...Y.X5.X......?L.,.<...)K-1....Y..U..j..C.~.z...i..*j.....$....$.-..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Autumn\Resources\is-F3INK.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):4011
                                          Entropy (8bit):7.832724998502113
                                          Encrypted:false
                                          SSDEEP:96:iPpv0A5wqIYAcnawa6ojIQH3zzFG3hyUnGmUOf:Q0A508a6RqdGBzUI
                                          MD5:BCB616D4E2FEBFB96545834245704D84
                                          SHA1:F352BB237620A50E11375E08174F1B5CB92F3F97
                                          SHA-256:D484BFEC366D4B1C37D7DDFD31F36F36DF0D22FE8D8366A2D3238596490B7D76
                                          SHA-512:7C489B556DC3993338D435FC5ED42555ECCCF5857D8E9766AAB0247F234232C509297D54EABBDCEADBC451DE4B0D05BD49B77D8C610ACB334A0238848B751629
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............n...D..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................"...!2B#3C.....................!.1.AQ".aq2..BR#..br...3..........................!1..AQa"q..2.......BR.b....................!1AQaq......................X.?.{.V....te.H%5....w.z.B.=..F..>B'..%n...F..4.....f.]...l...;..g...7......S.&o... n.u.3....K=..".........5.V.$.f.>..)...E.....%,....H.'.I=.............Y4LR..PT..l...VA.[O.\&,....1Q...#a..#,n........[..0...N..).31=.]z...|.3...9..............`..-.i....,Y.,XxrK.^.=..fP.(3....o...Ep....O.D3.=...0.....gL.:.O............k..k&.....u.~.<.)....A.X^..U........}.:V..SNZ........:k..N..}...V.1.]q.]a..v......aL/.......@.h.W.....]....Z.Z[...Ym..<.}."<._..s...Y.X5.X......?L.,.<...)K-1....Y..U..j..C.~.z...i..*j.....$....$.-..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Autumn\Resources\is-UKP0H.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):81829
                                          Entropy (8bit):7.9806419246002935
                                          Encrypted:false
                                          SSDEEP:1536:QnEO/82DJJCFOHSwggEbPLNXbi1k86DeuxcWNYqYSo6AuHYrsfe8kZzl2k:QEK803+BwggGPLce86DZdYSpACfuzlT
                                          MD5:FC34A1F0C4591BCF8CAEDFA53CC87F6B
                                          SHA1:C5BB065937391206E99F0E7F8221B9ACA86C853E
                                          SHA-256:EB1BD87971D53ED612524E0E4836D2A29619B22F380AB5A44FBBF3088FC5DFD2
                                          SHA-512:B6E29C4439B52FF4B8BC0164C6473EF8F3D697AB99720CCFCFE9F24346396A4DB5C58595C287EC75118B960C727144C1A46381EB741676976CEF6AC61566E71B
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............^N......?.......................................................#"""#''''''''''..................................................!! !!''''''''''...........".......................................................................................!..1" .A2#.3.0B$4.....................!.1AQ..a" q..2B.....R#...0br.3..@...CS..$.s.......................!.. 1Q0Aaq."....@..2...#.Rb.B.Pr.....................!1AQaq.......... ..............7O..A[...f....b.c.'&...YQ(..=..}.d3o..cY...3$....O..,...1.X.9.J._<Ks...U.r...?..+..~B..fz..xh(L~.@.O...s=.=.....M/....M..:.,.....A...l.....vm......P..lUI.JF.a`..{..V>....l.......lU...V.{....y4-.:)..>....$...m..f....C..0...P....\.V...1&.EW..C,.............s..].TWY!]x.............z3.a0..aGD%7*m.....7l...m...d..aE.\.....W......P..c..^....b\..}qH^m..yh....XM..kx......q.]..St.I.ez.-...+s..<k.x....O..........@..o....oH.q..M..).+..Ei..[Bv.8...e...nh].[.U=.=..a..3..u.U.W.KoO..d.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Autumn\is-3CI25.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9138
                                          Entropy (8bit):5.021006953760257
                                          Encrypted:false
                                          SSDEEP:192:yONJ+skLFkLrLNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:yONJFkLFkLrLNJhkLpkL7kLuvyCjqw6N
                                          MD5:13EE929D8122467265B1E0BFCFD2BDE3
                                          SHA1:BB0C82A43D4B6D90A652F3FCB94DC3C9880F180E
                                          SHA-256:9733D86B13394208FF3D946B2DE246A05D164B2D006E26B903ADCD2B37F9FDF1
                                          SHA-512:80E8328D4FF11CE7269597B92DB0BF6FA6797E1BB2E34857A9996A1A1A759D21E906A38A36CF9A6929BDA72276B0C54B3AB750D0EB90F7BFF00C59AF24282440
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Autumn" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="4704" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<Defau

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Baby\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9144
                                          Entropy (8bit):5.021596305217467
                                          Encrypted:false
                                          SSDEEP:192:sCNJ+skLFkLrzNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:sCNJFkLFkLrzNJhkLpkL7kLuvyCjqw6N
                                          MD5:EA1DEC11B7DEA878A82A9704BD5847DF
                                          SHA1:B3ECFA2946A8AFB92F426BAA0FBF3BAD652B76A3
                                          SHA-256:B30C6525D5FADDD8A288CC44D04FFA871AC03BB334A15DE9C39FAD148166C081
                                          SHA-512:43CEE049FC6D18567C9C40A15C05CC1079A52CCB49363BB3D370DDE8DBE32E403D179FB5E8BEC6F9D7A1B274C78F4D17D36FE2B15040E86D97067F4C1EBBB2B4
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Baby" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="11706352" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<Def

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Baby\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):47596
                                          Entropy (8bit):7.981298135493615
                                          Encrypted:false
                                          SSDEEP:768:NwsPl4nf0j8JR2VFQV90Mk5l1KHowLZPsaZ9RSz7ltzFsNNgAEguUmDkBgjv9MA5:ua+nMj24+90Xl1KH9LZPsanRSzfZskxn
                                          MD5:841CEFB292EF3CED7D912383AADA1D91
                                          SHA1:9B12830B3175DAD44FF0C77AC47ACA8836A40EE4
                                          SHA-256:33CC6E42EB506314AE7E6F869C3E2FB99A2D18D1882426D74870964CCDC75CE1
                                          SHA-512:828E13EA658E51FDC68A69F6AE7134748EF11366C29F20B18090C486BBCAA80D434B18D9FB370617A7C39E0984A3B1307E12DFB78240B0CDD7D71E3209B53B54
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............2T..R...........................................................#"""#''''''''''..................................................!! !!''''''''''...........".....................................................................................!1.. 0A."2..@P#34.`$.p.BCE....................!1..AQ.. 0aq"....2....@.BRbr#P.3..s....S.$4......................!1A..Qaq..".@.2. P....Br.0`.3Rb.#sp...4....................!1AQaq..... ...0..@P...............z.|~.:\'J........Y.$..r.I...c.Sy..5...s.>ZT.sw".J.f.....A.).eM*L.]^.Z..,....Z.x3....\.^mc.r..E..})N.s..........y....*..|z..\{'R..Ck-..RK.K.|},.'r..MR*"v..z...*...\..Ww.C.m.LL@..TZ...i....s...*I4.CT......(RZr<v...N.....Xh.A..p..{>>.Z..gy...Z...,.hK...:.5...ws.1(n..{..r...(*#..a...%.`.....wVCiR.C.(..c.K=.d..Li.2.e.l...[\V...._4...G..J.........%.....) .......v&.%@..LE$`.'D..).#=e..HR..4.VH.P.JJ.i%3#D.C$l.....Q..R..P+.H.js..b..a.9#.d...m....S];qv\.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Baby\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2446
                                          Entropy (8bit):7.67862355050513
                                          Encrypted:false
                                          SSDEEP:48:qAaJdST6/B8RW1NvT5l8TtGKbrkdI3tiPSaoFPDUIVWO0mX9:9ATeG38VkdIIPSaoFb/0s9
                                          MD5:E258D0BFFD408E0E89CC9695A809FC71
                                          SHA1:FF419BB5EE0D4E959D2A892D1CE5864A17461F2A
                                          SHA-256:A10F1F50D27B214F249C33E19A5CD668FB9E22860579A09AAA716E566222A570
                                          SHA-512:FB24A898079A04937686733967A2AAAD5C986D28FB7525B82BC8845CBC789A8D6F56B325A1A4266E1415DE90F5A565A74E78EFAAD1C9CBEF88C1833575C39C37
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............Z...=..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".................................................................................!..A...1.#.@"B.....................!.1.AQ..a."2.#q...BR r.......................!1Qa...A.@q.."B.....R....................!1AQa.q........................Nf.....h.a.TmD.`.L.T+.....{-.....+I$.9YP.JtO..M..c.m.6.D..6....",.W:9.M..7...a..6..{]Q..K..t..aHNGJUl.U.WRm...........$D.`l.....7....,...........t.?...y<w'C.L..`....C.7.v,..../...........N..t.f......H. ...%7....2..# .....='......*..8....B....a..?'..>G"Q<.BS....d....?.HY.j&..5....d./...2....$..w.$.....d...+l [.k...Os_z.q.Q9..w...=..-]...q..6...m.....~4.._8......:.Z...G_]]..D..WJ?..Qu^.R..........?..**S.&..1C...`+..+....*..bh.j+.;t../.wM..........?...H..u...SW.Y....f..K.%u.T.p+..p%.K..........?.3..-^..U.mB..xP.5..7..+.....}..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Baby\Resources\is-AE62R.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):47596
                                          Entropy (8bit):7.981298135493615
                                          Encrypted:false
                                          SSDEEP:768:NwsPl4nf0j8JR2VFQV90Mk5l1KHowLZPsaZ9RSz7ltzFsNNgAEguUmDkBgjv9MA5:ua+nMj24+90Xl1KH9LZPsanRSzfZskxn
                                          MD5:841CEFB292EF3CED7D912383AADA1D91
                                          SHA1:9B12830B3175DAD44FF0C77AC47ACA8836A40EE4
                                          SHA-256:33CC6E42EB506314AE7E6F869C3E2FB99A2D18D1882426D74870964CCDC75CE1
                                          SHA-512:828E13EA658E51FDC68A69F6AE7134748EF11366C29F20B18090C486BBCAA80D434B18D9FB370617A7C39E0984A3B1307E12DFB78240B0CDD7D71E3209B53B54
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............2T..R...........................................................#"""#''''''''''..................................................!! !!''''''''''...........".....................................................................................!1.. 0A."2..@P#34.`$.p.BCE....................!1..AQ.. 0aq"....2....@.BRbr#P.3..s....S.$4......................!1A..Qaq..".@.2. P....Br.0`.3Rb.#sp...4....................!1AQaq..... ...0..@P...............z.|~.:\'J........Y.$..r.I...c.Sy..5...s.>ZT.sw".J.f.....A.).eM*L.]^.Z..,....Z.x3....\.^mc.r..E..})N.s..........y....*..|z..\{'R..Ck-..RK.K.|},.'r..MR*"v..z...*...\..Ww.C.m.LL@..TZ...i....s...*I4.CT......(RZr<v...N.....Xh.A..p..{>>.Z..gy...Z...,.hK...:.5...ws.1(n..{..r...(*#..a...%.`.....wVCiR.C.(..c.K=.d..Li.2.e.l...[\V...._4...G..J.........%.....) .......v&.%@..LE$`.'D..).#=e..HR..4.VH.P.JJ.i%3#D.C$l.....Q..R..P+.H.js..b..a.9#.d...m....S];qv\.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Baby\Resources\is-D8DES.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2446
                                          Entropy (8bit):7.67862355050513
                                          Encrypted:false
                                          SSDEEP:48:qAaJdST6/B8RW1NvT5l8TtGKbrkdI3tiPSaoFPDUIVWO0mX9:9ATeG38VkdIIPSaoFb/0s9
                                          MD5:E258D0BFFD408E0E89CC9695A809FC71
                                          SHA1:FF419BB5EE0D4E959D2A892D1CE5864A17461F2A
                                          SHA-256:A10F1F50D27B214F249C33E19A5CD668FB9E22860579A09AAA716E566222A570
                                          SHA-512:FB24A898079A04937686733967A2AAAD5C986D28FB7525B82BC8845CBC789A8D6F56B325A1A4266E1415DE90F5A565A74E78EFAAD1C9CBEF88C1833575C39C37
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............Z...=..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".................................................................................!..A...1.#.@"B.....................!.1.AQ..a."2.#q...BR r.......................!1Qa...A.@q.."B.....R....................!1AQa.q........................Nf.....h.a.TmD.`.L.T+.....{-.....+I$.9YP.JtO..M..c.m.6.D..6....",.W:9.M..7...a..6..{]Q..K..t..aHNGJUl.U.WRm...........$D.`l.....7....,...........t.?...y<w'C.L..`....C.7.v,..../...........N..t.f......H. ...%7....2..# .....='......*..8....B....a..?'..>G"Q<.BS....d....?.HY.j&..5....d./...2....$..w.$.....d...+l [.k...Os_z.q.Q9..w...=..-]...q..6...m.....~4.._8......:.Z...G_]]..D..WJ?..Qu^.R..........?..**S.&..1C...`+..+....*..bh.j+.;t../.wM..........?...H..u...SW.Y....f..K.%u.T.p+..p%.K..........?.3..-^..U.mB..xP.5..7..+.....}..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Baby\is-KHE79.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9144
                                          Entropy (8bit):5.021596305217467
                                          Encrypted:false
                                          SSDEEP:192:sCNJ+skLFkLrzNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:sCNJFkLFkLrzNJhkLpkL7kLuvyCjqw6N
                                          MD5:EA1DEC11B7DEA878A82A9704BD5847DF
                                          SHA1:B3ECFA2946A8AFB92F426BAA0FBF3BAD652B76A3
                                          SHA-256:B30C6525D5FADDD8A288CC44D04FFA871AC03BB334A15DE9C39FAD148166C081
                                          SHA-512:43CEE049FC6D18567C9C40A15C05CC1079A52CCB49363BB3D370DDE8DBE32E403D179FB5E8BEC6F9D7A1B274C78F4D17D36FE2B15040E86D97067F4C1EBBB2B4
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Baby" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="11706352" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<Def

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Bahamas\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9147
                                          Entropy (8bit):5.0205987091251885
                                          Encrypted:false
                                          SSDEEP:192:jTNJ+skLFkLreNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:jTNJFkLFkLreNJhkLpkL7kLuvyCjqw6N
                                          MD5:527DE3E0D88C3698E50C2AF580D635C7
                                          SHA1:410EF78C32CCCD98D9B91BC2A5F09EC9924C7C35
                                          SHA-256:6841C2842CEB936A9DF1F3DE043A06BF6B0C33E008A03D134828D09F878329E8
                                          SHA-512:787791531FD5006100914992F5BC6BEE827AD2032B368D9BCA3FD361CF27A561E3241404399375F8E6DE9999A2526CDE9DB69B4AFEF8F2ED97790E92FEED1571
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Bahamas" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="12223802" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Bahamas\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):64260
                                          Entropy (8bit):7.983877675564901
                                          Encrypted:false
                                          SSDEEP:1536:H5QjLbCXRe+QhPmDabxVGpGiA8u8JE88mqmu:HK3CXRXQlmDZpGiYkE8y
                                          MD5:20C31C70250E3BBC5376A53A419B6D0E
                                          SHA1:F7968CB99594A493CCE932AAE5B424449B9AD469
                                          SHA-256:9888C52197732A469112B3C37025795BDBD2BF3BA13795F2BDAF015E296C1D02
                                          SHA-512:127317C43D0CCCD8B6A2487C2A4030D416F29D3A519EC4670215E2377599EADDE9E3702464ED8A6209F828C2D78F4F080A89B608B4E5937C30FA3088C0240058
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............Ja..............................................................#"""#''''''''''..................................................!! !!''''''''''..........."......................................................................................!...1. "0@A2#3P..$B`C4%......................!1A...Qaq."...2.. ...BR#0P.br3...@C...Sc`..$.s4....................!1..AQ. @Paq".0....2......BR#br.....................!1AQa.q.... ....0@.P.................~e$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$..@.@P@P@SP8..M.z...6.e...J....w..9..Z.....K.}.Y7{..G>.y.c..%.......J>..>..O...}./g.y.K.y............................I.H.A.A.M@..95!.$.....W`.*A;..<\...jZO.......)..w..8z...+0...x.A.US.z(..^......-z7.M..=_;....e.H.0...n....-y..y.._.:_?.p..]..I.I.H..........."...+5..6..QyP....4.p.!...,....A..X.Ln..GT..;.....eTr6....nj.>...j.-....3.+......a..g....:.w...Ro+.../M(tp7e...W..}.P..x.G._....k>..=-.."`...@..s...~j...dG.s2.0.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Bahamas\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3367
                                          Entropy (8bit):7.778540708648554
                                          Encrypted:false
                                          SSDEEP:48:yAMUlKjRO4S2Um6uF0vLMRAosa1negc12AuIhbqLCWT8mvLbllT8GJTUx2raj1d8:lmjfSmhFbnq12jWbqL5PLbr4UA6c1tQ
                                          MD5:9FD7F5AC29FC6AE8D716AD4E76D4815D
                                          SHA1:914F1E050422ABD60F3B3A0D24AD31E8D2A51174
                                          SHA-256:8C5CF867860DC1D77DDBC13F598A416FF789F8DD6A93AFE8966BAF7ECDB1D34F
                                          SHA-512:8EB72AF3AAEF2A9C93FDB80EF1D128E5B968E8F1D964E18849A129E509083767FB196B7EC81BABFEF83BAE119D5049319340F56637B997AB7A89E3744E109BA2
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................%......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!.1"2#.$.....................!..1A"..Qaq.....2B.Rb#.r..3....C.4.....................A.. !1Qa..q."2...BR#....................!1AQaq..........................=....zFS46t2..u.JEO...q..3......E.x?D....Yn._.`.\g6...._t-...<.........D..... 9%i..#..M.5..F..r.K../.`[q.GxGu&..P...%.>.#UOR...I..$K.............;..s..&Z_.T.....e.Py@.......:W&.Y.#....Y.....>..OoF~?...........8....Phi,.P.../.1...*X0........@...Z....}..e.._...............oMJz..4.g.s.>VX8y[.0.<mai0A/.Z...`.X..t...u;.9..n.M.5.....z.VWJ.w>...8.eH..T.]+Q.^..5.d.v.oH.%T.E.....8q......E[".j.I.O...eI..UA....+#...W<..]X5..}.....K4.9..h.....[<....Q.L.i.Ui%.-...Tj...n......b......f..{..c..-k.%...-7............cu.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Bahamas\Resources\is-40UJL.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):64260
                                          Entropy (8bit):7.983877675564901
                                          Encrypted:false
                                          SSDEEP:1536:H5QjLbCXRe+QhPmDabxVGpGiA8u8JE88mqmu:HK3CXRXQlmDZpGiYkE8y
                                          MD5:20C31C70250E3BBC5376A53A419B6D0E
                                          SHA1:F7968CB99594A493CCE932AAE5B424449B9AD469
                                          SHA-256:9888C52197732A469112B3C37025795BDBD2BF3BA13795F2BDAF015E296C1D02
                                          SHA-512:127317C43D0CCCD8B6A2487C2A4030D416F29D3A519EC4670215E2377599EADDE9E3702464ED8A6209F828C2D78F4F080A89B608B4E5937C30FA3088C0240058
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............Ja..............................................................#"""#''''''''''..................................................!! !!''''''''''..........."......................................................................................!...1. "0@A2#3P..$B`C4%......................!1A...Qaq."...2.. ...BR#0P.br3...@C...Sc`..$.s4....................!1..AQ. @Paq".0....2......BR#br.....................!1AQa.q.... ....0@.P.................~e$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$..@.@P@P@SP8..M.z...6.e...J....w..9..Z.....K.}.Y7{..G>.y.c..%.......J>..>..O...}./g.y.K.y............................I.H.A.A.M@..95!.$.....W`.*A;..<\...jZO.......)..w..8z...+0...x.A.US.z(..^......-z7.M..=_;....e.H.0...n....-y..y.._.:_?.p..]..I.I.H..........."...+5..6..QyP....4.p.!...,....A..X.Ln..GT..;.....eTr6....nj.>...j.-....3.+......a..g....:.w...Ro+.../M(tp7e...W..}.P..x.G._....k>..=-.."`...@..s...~j...dG.s2.0.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Bahamas\Resources\is-MJIVN.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3367
                                          Entropy (8bit):7.778540708648554
                                          Encrypted:false
                                          SSDEEP:48:yAMUlKjRO4S2Um6uF0vLMRAosa1negc12AuIhbqLCWT8mvLbllT8GJTUx2raj1d8:lmjfSmhFbnq12jWbqL5PLbr4UA6c1tQ
                                          MD5:9FD7F5AC29FC6AE8D716AD4E76D4815D
                                          SHA1:914F1E050422ABD60F3B3A0D24AD31E8D2A51174
                                          SHA-256:8C5CF867860DC1D77DDBC13F598A416FF789F8DD6A93AFE8966BAF7ECDB1D34F
                                          SHA-512:8EB72AF3AAEF2A9C93FDB80EF1D128E5B968E8F1D964E18849A129E509083767FB196B7EC81BABFEF83BAE119D5049319340F56637B997AB7A89E3744E109BA2
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................%......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!.1"2#.$.....................!..1A"..Qaq.....2B.Rb#.r..3....C.4.....................A.. !1Qa..q."2...BR#....................!1AQaq..........................=....zFS46t2..u.JEO...q..3......E.x?D....Yn._.`.\g6...._t-...<.........D..... 9%i..#..M.5..F..r.K../.`[q.GxGu&..P...%.>.#UOR...I..$K.............;..s..&Z_.T.....e.Py@.......:W&.Y.#....Y.....>..OoF~?...........8....Phi,.P.../.1...*X0........@...Z....}..e.._...............oMJz..4.g.s.>VX8y[.0.<mai0A/.Z...`.X..t...u;.9..n.M.5.....z.VWJ.w>...8.eH..T.]+Q.^..5.d.v.oH.%T.E.....8q......E[".j.I.O...eI..UA....+#...W<..]X5..}.....K4.9..h.....[<....Q.L.i.Ui%.-...Tj...n......b......f..{..c..-k.%...-7............cu.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Bahamas\is-SAAM9.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9147
                                          Entropy (8bit):5.0205987091251885
                                          Encrypted:false
                                          SSDEEP:192:jTNJ+skLFkLreNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:jTNJFkLFkLreNJhkLpkL7kLuvyCjqw6N
                                          MD5:527DE3E0D88C3698E50C2AF580D635C7
                                          SHA1:410EF78C32CCCD98D9B91BC2A5F09EC9924C7C35
                                          SHA-256:6841C2842CEB936A9DF1F3DE043A06BF6B0C33E008A03D134828D09F878329E8
                                          SHA-512:787791531FD5006100914992F5BC6BEE827AD2032B368D9BCA3FD361CF27A561E3241404399375F8E6DE9999A2526CDE9DB69B4AFEF8F2ED97790E92FEED1571
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Bahamas" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="12223802" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\COMMON\Chapters.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 361 x 134, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):9121
                                          Entropy (8bit):7.941062362254899
                                          Encrypted:false
                                          SSDEEP:192:+SDS0tKg9E05T2bZ03eKmm/qkjFCbUxkHCG5aA/yug93THvkd:hJXE05ytuw9Uxox5Z/LgZTPkd
                                          MD5:32D4E861945001DDA8AA08726DAE99EE
                                          SHA1:057E0F5A114BB4392D96A8EDEB16A8C1614E4A6C
                                          SHA-256:1B4246F62B32D24C99B12D7193D8BC39FB532E1DB015BF0D88FA242D3BF9E150
                                          SHA-512:0E448EDC21F7F3D0D9BE12C7803FAC4A8E3CB1E67FA4EABD76A7499F6897FEB9570C9B93C3D09E0A516876D4FFA15A6361A6D17C98F533BFDDF6ACC7A41D3D2D
                                          Malicious:false
                                          Preview:.PNG........IHDR...i...........{.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\COMMON\Home.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 214 x 226, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):5813
                                          Entropy (8bit):7.90567752451454
                                          Encrypted:false
                                          SSDEEP:96:pSDZ/I09Da01l+gmkyTt6Hk8nTxC4PHrRS5NjtOtlNnffqDsux/OsWBUxPz:pSDS0tKg9E05TQGHrY5l2lXesKUUxPz
                                          MD5:F47421BE538726BF3B6D8BF93420E411
                                          SHA1:323CF22A7AE805C118442BC7408A3AE5CA5E87D4
                                          SHA-256:7CA1FBC6BDC8E5341D1632B94AED3B8D8EC8FA1E51C4EA0FA2ACEC18131E5301
                                          SHA-512:7C9EF0AE9DCDEE1E7EF1A7930ACBC98D18BBB6AA4A540D9B7743E16573BCE40381720A77AB24AFB39CC79E345445632A0A1619834B1598F02C98A19908609948
                                          Malicious:false
                                          Preview:.PNG........IHDR.............2.9.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\COMMON\Play Center.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 361 x 134, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6539
                                          Entropy (8bit):7.911630290113042
                                          Encrypted:false
                                          SSDEEP:192:+SDS0tKg9E05TfksL+BW7Pl9hrViJdrLMMzKk:hJXE05INQx9hrViL+k
                                          MD5:1C7F2D9D2B358C1E21BB2CA6168F38DF
                                          SHA1:3E0B988ABE29F7903366DCE505E145D4C4212ADD
                                          SHA-256:C7E13A42BAF9947952E3455B02D2C48394512C16E9C28812C6A88630897568C3
                                          SHA-512:8594F20E79C65B2D64AE82B6D0806D374C263C3F2DB55DF7C7D6D6E4DF1176D0E91DC1DCE19B4680895659E70272E5E72F8EE2B1A98611E597C3FA8E920D1426
                                          Malicious:false
                                          Preview:.PNG........IHDR...i...........{.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\COMMON\Play.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 361 x 134, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6559
                                          Entropy (8bit):7.901175654621792
                                          Encrypted:false
                                          SSDEEP:192:+SDS0tKg9E05TTiswRVgmquMJZ0BCf5Tzq9:hJXE05fisxj0BCfhzq9
                                          MD5:956DD3C3D0876480F653A735B41E2F95
                                          SHA1:8B9D575FA355680B15E2F9A8F68B501AE0B6FF06
                                          SHA-256:3F641B377351274964350929CE404F8B38F114FB9B5A9102587ABF50FB9F52E0
                                          SHA-512:EF53617B61A60627A6B5D773D9B7747993BBD641673E4A670EE20E2F76D16650831DBEAE421A960DDA8790B7D089F92FA6A497AD1E396720D2D0FBF28B31C214
                                          Malicious:false
                                          Preview:.PNG........IHDR...i...........{.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\COMMON\arrowLeft.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 250 x 205, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6150
                                          Entropy (8bit):7.924492786660738
                                          Encrypted:false
                                          SSDEEP:96:zSDZ/I09Da01l+gmkyTt6Hk8nTDBcXcIGaq2Iz22mVt4JmESXVIeCM9hG93SM5H:zSDS0tKg9E05TDqUJR2ht4a40uD
                                          MD5:D020305905BB24C7969143981EE6CB44
                                          SHA1:B96D46E82815E3B39243AD4F83550A4985BE7906
                                          SHA-256:BFB4F4BFF23403998FE1F8AEB8D8961000311D405BFB535D6C1291B04BF88FCE
                                          SHA-512:ED06CB736431B51FF5AF021DC96BF5AA701CE0CC4F3E625CF6907D2F5B8232BC2846C0ED58E63CFE7ADC8356D31C4BDF18D3860A480E3449A6C28183A28E51DE
                                          Malicious:false
                                          Preview:.PNG........IHDR...............m(....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\COMMON\arrowRight.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 250 x 205, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6200
                                          Entropy (8bit):7.92476656706805
                                          Encrypted:false
                                          SSDEEP:192:zSDS0tKg9E05T4l2s7CqCyPupCNVs5d4cl4Q:mJXE05yOBfCvs5dLlf
                                          MD5:452E0D800269C01EC1412DC8A8C8E0A6
                                          SHA1:1B58D5D7283A33A842025F8F23946076C5ED136B
                                          SHA-256:CF5FBE1E5F5249DB02FFD980F8E9324A38BB7D6A85E1F6288DBD0A659B914561
                                          SHA-512:FBDD11B1F3D10653F807CDF6B22E4574DC126AB2FE35E8265152AD704013CDCF20715992E8D7049D01B6D0318A0E9ABC4694D483539F880CEFBD898A57BFBFC8
                                          Malicious:false
                                          Preview:.PNG........IHDR...............m(....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\COMMON\is-3AHM1.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 250 x 205, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6200
                                          Entropy (8bit):7.92476656706805
                                          Encrypted:false
                                          SSDEEP:192:zSDS0tKg9E05T4l2s7CqCyPupCNVs5d4cl4Q:mJXE05yOBfCvs5dLlf
                                          MD5:452E0D800269C01EC1412DC8A8C8E0A6
                                          SHA1:1B58D5D7283A33A842025F8F23946076C5ED136B
                                          SHA-256:CF5FBE1E5F5249DB02FFD980F8E9324A38BB7D6A85E1F6288DBD0A659B914561
                                          SHA-512:FBDD11B1F3D10653F807CDF6B22E4574DC126AB2FE35E8265152AD704013CDCF20715992E8D7049D01B6D0318A0E9ABC4694D483539F880CEFBD898A57BFBFC8
                                          Malicious:false
                                          Preview:.PNG........IHDR...............m(....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\COMMON\is-4MENK.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 361 x 134, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6559
                                          Entropy (8bit):7.901175654621792
                                          Encrypted:false
                                          SSDEEP:192:+SDS0tKg9E05TTiswRVgmquMJZ0BCf5Tzq9:hJXE05fisxj0BCfhzq9
                                          MD5:956DD3C3D0876480F653A735B41E2F95
                                          SHA1:8B9D575FA355680B15E2F9A8F68B501AE0B6FF06
                                          SHA-256:3F641B377351274964350929CE404F8B38F114FB9B5A9102587ABF50FB9F52E0
                                          SHA-512:EF53617B61A60627A6B5D773D9B7747993BBD641673E4A670EE20E2F76D16650831DBEAE421A960DDA8790B7D089F92FA6A497AD1E396720D2D0FBF28B31C214
                                          Malicious:false
                                          Preview:.PNG........IHDR...i...........{.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\COMMON\is-DPKQ7.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 250 x 205, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6150
                                          Entropy (8bit):7.924492786660738
                                          Encrypted:false
                                          SSDEEP:96:zSDZ/I09Da01l+gmkyTt6Hk8nTDBcXcIGaq2Iz22mVt4JmESXVIeCM9hG93SM5H:zSDS0tKg9E05TDqUJR2ht4a40uD
                                          MD5:D020305905BB24C7969143981EE6CB44
                                          SHA1:B96D46E82815E3B39243AD4F83550A4985BE7906
                                          SHA-256:BFB4F4BFF23403998FE1F8AEB8D8961000311D405BFB535D6C1291B04BF88FCE
                                          SHA-512:ED06CB736431B51FF5AF021DC96BF5AA701CE0CC4F3E625CF6907D2F5B8232BC2846C0ED58E63CFE7ADC8356D31C4BDF18D3860A480E3449A6C28183A28E51DE
                                          Malicious:false
                                          Preview:.PNG........IHDR...............m(....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\COMMON\is-IEUSB.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 361 x 134, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):6539
                                          Entropy (8bit):7.911630290113042
                                          Encrypted:false
                                          SSDEEP:192:+SDS0tKg9E05TfksL+BW7Pl9hrViJdrLMMzKk:hJXE05INQx9hrViL+k
                                          MD5:1C7F2D9D2B358C1E21BB2CA6168F38DF
                                          SHA1:3E0B988ABE29F7903366DCE505E145D4C4212ADD
                                          SHA-256:C7E13A42BAF9947952E3455B02D2C48394512C16E9C28812C6A88630897568C3
                                          SHA-512:8594F20E79C65B2D64AE82B6D0806D374C263C3F2DB55DF7C7D6D6E4DF1176D0E91DC1DCE19B4680895659E70272E5E72F8EE2B1A98611E597C3FA8E920D1426
                                          Malicious:false
                                          Preview:.PNG........IHDR...i...........{.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\COMMON\is-LRCLD.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 361 x 134, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):9121
                                          Entropy (8bit):7.941062362254899
                                          Encrypted:false
                                          SSDEEP:192:+SDS0tKg9E05T2bZ03eKmm/qkjFCbUxkHCG5aA/yug93THvkd:hJXE05ytuw9Uxox5Z/LgZTPkd
                                          MD5:32D4E861945001DDA8AA08726DAE99EE
                                          SHA1:057E0F5A114BB4392D96A8EDEB16A8C1614E4A6C
                                          SHA-256:1B4246F62B32D24C99B12D7193D8BC39FB532E1DB015BF0D88FA242D3BF9E150
                                          SHA-512:0E448EDC21F7F3D0D9BE12C7803FAC4A8E3CB1E67FA4EABD76A7499F6897FEB9570C9B93C3D09E0A516876D4FFA15A6361A6D17C98F533BFDDF6ACC7A41D3D2D
                                          Malicious:false
                                          Preview:.PNG........IHDR...i...........{.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\COMMON\is-NPGNH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 214 x 226, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):5813
                                          Entropy (8bit):7.90567752451454
                                          Encrypted:false
                                          SSDEEP:96:pSDZ/I09Da01l+gmkyTt6Hk8nTxC4PHrRS5NjtOtlNnffqDsux/OsWBUxPz:pSDS0tKg9E05TQGHrY5l2lXesKUUxPz
                                          MD5:F47421BE538726BF3B6D8BF93420E411
                                          SHA1:323CF22A7AE805C118442BC7408A3AE5CA5E87D4
                                          SHA-256:7CA1FBC6BDC8E5341D1632B94AED3B8D8EC8FA1E51C4EA0FA2ACEC18131E5301
                                          SHA-512:7C9EF0AE9DCDEE1E7EF1A7930ACBC98D18BBB6AA4A540D9B7743E16573BCE40381720A77AB24AFB39CC79E345445632A0A1619834B1598F02C98A19908609948
                                          Malicious:false
                                          Preview:.PNG........IHDR.............2.9.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Crystal Snow\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9152
                                          Entropy (8bit):5.022667407397848
                                          Encrypted:false
                                          SSDEEP:192:xpNJ+skLFkLrUNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:xpNJFkLFkLrUNJhkLpkL7kLuvyCjqw6N
                                          MD5:04F34D3243033C2D774744E9AF9F93A1
                                          SHA1:83962F22324B3482D4CFD49294A52C8C6CE36CF4
                                          SHA-256:392DE4455490406CD7E97C2D57978DF85E44F684E14D5E51ACCBA1671E18B821
                                          SHA-512:0E2F78B3790B3424C07FDE8A642FF72939149B8D17B1A9912552138CA9A7684E7BDA1468D03A74AD7F5BFD5D0A80621888EC9BEDC0AE17C20577E73A944036CF
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Crystal Snow" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="11238740" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Crystal Snow\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):149339
                                          Entropy (8bit):7.979589926596627
                                          Encrypted:false
                                          SSDEEP:3072:o5Y5hmdgvSGFadE0OXkdBQPgJGj8Ay0yLQ1WO4eTWSm59Tw:EY5hYLJEfavnQ4eyDLM
                                          MD5:9C43B506BED2E9D805AC0FFD50F8D21C
                                          SHA1:F8240DFB319F4EAF7B427F390ECC146D252F39EF
                                          SHA-256:F8117E91615B3F5056E61E7A98C7447585367BE08D095A2A044A84938C4A25A8
                                          SHA-512:F159E23EFD8D7916D14CFE3B83977009CC2212383615E2106FCF238264482F7DED3CFF0C3362C538C425D6D14771A98EAC6F9F435ED7A3EAFF27067323EC1740
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......^.....&Adobe.d.......................V...GY............................................................................................................................................................................................................................................ !0.1"@..#A2P3.$%.....................!.1A..Qa". q.2.0..B..Rb#3.@...r...4.C$.P..S...cD.5....................!.1. 0`.P@pAa."B..Q.2b....................!1AQ.aq... ......0@..............._.......L .0-(uZ.!6....YG......,..m...43.V..XGa....:`|.D,..s\s.u_...7.Sn\._/..|~q.y..T..a*..K..EY.n....f2.G.y..*..\..s.L......A3..|36...[\..d*.3y..+QUaa..f..~.~E..._.u.....i.a...5...@.b.....LL=.J.a..).r..eG..JW.iy...C....Ck...;x>..o.1...U.B.&A...qA.h..0.h...M.(......J.._.. 9.:...Cp".....kh".*...R..:...D.c5....~O.}gW-e._U..*+k(..6.d...7.U..-.............f....Z.]..l..m.]..@.9..s.O.#"l.4.........HR#....`.9..7J...|.'..F"?..Au:...4)...l..$.....D{..g2:....#..E@0.Z.".B.....y..={..JzS.z|.]

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Crystal Snow\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2450
                                          Entropy (8bit):7.660920616795537
                                          Encrypted:false
                                          SSDEEP:48:gAmC6pq/fAwXs1v8XlPqDFm00z40B+AN0deUwou3lRhIPUSFyAA:zmC6pUAwcuw5m00z4Hq0de1oMMPnA
                                          MD5:38E82972B54716336F8AB1BEAACCA268
                                          SHA1:75D2D76F7D628B5962663A14FA7F0B914791587A
                                          SHA-256:25A3363381559A89A70152293E9C22BD542B4AE2394B521D6649FF67758516FE
                                          SHA-512:F0F835A9DF03180FC5B734E1D139346599785E4463B7BC141BFACFE06CD2A0785FB296FC874A4AFBE6C47C45CE2B0BB7C13FDB84E19EEF3FA9E164CE7E0A725F
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............n..............................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."..................................................................................!...". .1#3.....................!1..AQaq"2..... ...Br#3..R.................... 0!A.1.Q....................!1AQaq............................%.Eu..:.DH.e.E....d.G...4..y.T...W.\o..J.M..._....E..0.|..!.A...o.....>....l.4..7S/T6sW..`...GI.M...S..7pHW..........^1./.M..|dL....'.x....L..................~.......x..........8.0rs.............r.h...$.)P.)....7nQ....4.I"p..x..Y.)X7#.Ow.FqzI....0.1Ia.........dm....=r..#..F&.d.2F........[.XVI".F...mz.g..{..J.u...[S.Q\..(3.9_.......u...1T......(.8&.Sq......D.._Y/...>.d.)%.&..Y.s..+{Yr..m...%....I..{.'...l>.g........?.b0x.f.GO........?.ck.l.p........?.7..jB.7.Yv..f..i......~7...0..<.x....0h...2x..J.5:l0....G.r.&.....$..4.s

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Crystal Snow\Resources\is-LE1IV.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2450
                                          Entropy (8bit):7.660920616795537
                                          Encrypted:false
                                          SSDEEP:48:gAmC6pq/fAwXs1v8XlPqDFm00z40B+AN0deUwou3lRhIPUSFyAA:zmC6pUAwcuw5m00z4Hq0de1oMMPnA
                                          MD5:38E82972B54716336F8AB1BEAACCA268
                                          SHA1:75D2D76F7D628B5962663A14FA7F0B914791587A
                                          SHA-256:25A3363381559A89A70152293E9C22BD542B4AE2394B521D6649FF67758516FE
                                          SHA-512:F0F835A9DF03180FC5B734E1D139346599785E4463B7BC141BFACFE06CD2A0785FB296FC874A4AFBE6C47C45CE2B0BB7C13FDB84E19EEF3FA9E164CE7E0A725F
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............n..............................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."..................................................................................!...". .1#3.....................!1..AQaq"2..... ...Br#3..R.................... 0!A.1.Q....................!1AQaq............................%.Eu..:.DH.e.E....d.G...4..y.T...W.\o..J.M..._....E..0.|..!.A...o.....>....l.4..7S/T6sW..`...GI.M...S..7pHW..........^1./.M..|dL....'.x....L..................~.......x..........8.0rs.............r.h...$.)P.)....7nQ....4.I"p..x..Y.)X7#.Ow.FqzI....0.1Ia.........dm....=r..#..F&.d.2F........[.XVI".F...mz.g..{..J.u...[S.Q\..(3.9_.......u...1T......(.8&.Sq......D.._Y/...>.d.)%.&..Y.s..+{Yr..m...%....I..{.'...l>.g........?.b0x.f.GO........?.ck.l.p........?.7..jB.7.Yv..f..i......~7...0..<.x....0h...2x..J.5:l0....G.r.&.....$..4.s

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Crystal Snow\Resources\is-PUUT2.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):149339
                                          Entropy (8bit):7.979589926596627
                                          Encrypted:false
                                          SSDEEP:3072:o5Y5hmdgvSGFadE0OXkdBQPgJGj8Ay0yLQ1WO4eTWSm59Tw:EY5hYLJEfavnQ4eyDLM
                                          MD5:9C43B506BED2E9D805AC0FFD50F8D21C
                                          SHA1:F8240DFB319F4EAF7B427F390ECC146D252F39EF
                                          SHA-256:F8117E91615B3F5056E61E7A98C7447585367BE08D095A2A044A84938C4A25A8
                                          SHA-512:F159E23EFD8D7916D14CFE3B83977009CC2212383615E2106FCF238264482F7DED3CFF0C3362C538C425D6D14771A98EAC6F9F435ED7A3EAFF27067323EC1740
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......^.....&Adobe.d.......................V...GY............................................................................................................................................................................................................................................ !0.1"@..#A2P3.$%.....................!.1A..Qa". q.2.0..B..Rb#3.@...r...4.C$.P..S...cD.5....................!.1. 0`.P@pAa."B..Q.2b....................!1AQ.aq... ......0@..............._.......L .0-(uZ.!6....YG......,..m...43.V..XGa....:`|.D,..s\s.u_...7.Sn\._/..|~q.y..T..a*..K..EY.n....f2.G.y..*..\..s.L......A3..|36...[\..d*.3y..+QUaa..f..~.~E..._.u.....i.a...5...@.b.....LL=.J.a..).r..eG..JW.iy...C....Ck...;x>..o.1...U.B.&A...qA.h..0.h...M.(......J.._.. 9.:...Cp".....kh".*...R..:...D.c5....~O.}gW-e._U..*+k(..6.d...7.U..-.............f....Z.]..l..m.]..@.9..s.O.#"l.4.........HR#....`.9..7J...|.'..F"?..Au:...4)...l..$.....D{..g2:....#..E@0.Z.".B.....y..={..JzS.z|.]

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Crystal Snow\is-0KJGA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9152
                                          Entropy (8bit):5.022667407397848
                                          Encrypted:false
                                          SSDEEP:192:xpNJ+skLFkLrUNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:xpNJFkLFkLrUNJhkLpkL7kLuvyCjqw6N
                                          MD5:04F34D3243033C2D774744E9AF9F93A1
                                          SHA1:83962F22324B3482D4CFD49294A52C8C6CE36CF4
                                          SHA-256:392DE4455490406CD7E97C2D57978DF85E44F684E14D5E51ACCBA1671E18B821
                                          SHA-512:0E2F78B3790B3424C07FDE8A642FF72939149B8D17B1A9912552138CA9A7684E7BDA1468D03A74AD7F5BFD5D0A80621888EC9BEDC0AE17C20577E73A944036CF
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Crystal Snow" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="11238740" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Daffodils\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9147
                                          Entropy (8bit):5.024394502687006
                                          Encrypted:false
                                          SSDEEP:192:EENJ+skLFkLrjNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:EENJFkLFkLrjNJhkLpkL7kLuvyCjqw6N
                                          MD5:B8915C5107A891560743E8CE1655D10E
                                          SHA1:3327EC526174F708238D0B75FEFA8C8744FB09DC
                                          SHA-256:D5A3CEAFF4773E7231547BDCCFF155A51FBF4A6E9678F9FEF4C9740370135871
                                          SHA-512:AFF8F46E2D11DB5C2B4BF456CEA4720428D165E76AA38F19B664BA5E22CAE0CB493B1EDAED3BDE6FCA3A8203706077AC8DEE0765572C5DE7FD77A7BC3D79CC05
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Daffodils" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="1992846" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Daffodils\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):131823
                                          Entropy (8bit):7.96947375962498
                                          Encrypted:false
                                          SSDEEP:3072:R0PeMPkD39yS79zP2iFm9lmJFNcpS+FHZad8nj+rj6:R0PeMP8tyoaOFNabFHZu8nj7
                                          MD5:12EA48F8AD7589553A09E997F2ED94DE
                                          SHA1:38A4E4452FE6CEFB772148BEC0CCB090F3E3C49E
                                          SHA-256:31412879CAEF1271C9C814CA73A18DA461DC3C787BF6E42F9D948E011A1AC0A0
                                          SHA-512:7D3AC54DF460F97E016E058CD61A686D8621083741BEF7A586F0DDA00C960629278AF2DD08F3D25C6089DAFF17E7A40D36932182BE5D8CE0335E5DAA3A20A036
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......].....&Adobe.d...............s....A..7.................................................................................................................................................................2................................................................................ !1..0"2#..`A34$.B65.CP%&@pD.7.....................!..1..AQaq" ...2....r#0.BRb......`...3CScs.....t.uv...$.eT..4Dd%U.5E...................... 0!1q..AQ".a.....2r....B#.b3@`..R..P...C....................!1AQ.aq... ...0..`@P.................?............@..]..].z..V....w^...v.p...9....M:*./.....V.p.sa.k...^....j..R............Zl.)Ob..(..z.7.5....-t..$6....j......jX..........T)}..Yo...8U...Z.f..v.jR..I.e^...^.2Pr{v.T9.]v...V.......]~.l[{...fT.......X.n....u.kO^5{.......N.....&.M.l.n@../x.].}..1.M*.....8.M.E.mG...o.....(...(..V......7WYP.{x.....w.kk*>Kn.R.5....45..j7.u....&.G.m[.kbf.{b..9..6s..". b.".,....>Kj...Z........d..<....,.L1.....i.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Daffodils\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2340
                                          Entropy (8bit):7.641354580101787
                                          Encrypted:false
                                          SSDEEP:48:DAvO+Glf8GaLxv2pixenHa6s+0FpB/+cpjWSxujF5I:cvy7awKCHf0F/+chWSmF5I
                                          MD5:353E27C7CD35DFABD833FA97978D1D4D
                                          SHA1:FBD5A8234CCBD5E546A7315AEEDEB52D9CF3EB8E
                                          SHA-256:17C235994063826E4BE1F7DA5D942E1947A8E09BB454A65140D40E78856F00D6
                                          SHA-512:00A8A64EBB2D2F79357B6F9F04CF113022FF7F4260C1B5623DB9FCF34459E0230C38D7DFA7BBC2C27B3EAFE8EC6C1ADF4241E8888478767CAE25C7A325D02BA3
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............:......."......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."....................................................................................... !.1A".....................!.1.AQ"2a. 0...BC...3....q.b#......................!1AQ. 0aq..."....B....................!1AQa.q....... ...............e..].B.C...0M.....]s8.4..?t8g...;+3...8.'..2hK...j-o/.+j....Rh..+g.k.\.jQW.....}o......d^.%@.................U.../.9.....L..S...+k.S...aa..z...............w"+....s.. `F...f.C............."...L@& ...................1....v/,R..04.Y.B.N.LE....,...2.._\..T.....]g).o^.....6.Y.9.*...#...[g-.}3...q[..u.dE.....^...JT....+C.. liB.r0..P...Y.g#...~'..,...C9.;.rg........?........C.I...J.I.X.]....;d.MUI.,~.l....q^W.Bb..b.&^.+.1...Bq..@H.A.$b..........?..P:.j...X.....!Q..........?..>.Y...~:O..z[......cJb..^.S...........$xI$VGk.!T.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Daffodils\Resources\is-59QN1.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2340
                                          Entropy (8bit):7.641354580101787
                                          Encrypted:false
                                          SSDEEP:48:DAvO+Glf8GaLxv2pixenHa6s+0FpB/+cpjWSxujF5I:cvy7awKCHf0F/+chWSmF5I
                                          MD5:353E27C7CD35DFABD833FA97978D1D4D
                                          SHA1:FBD5A8234CCBD5E546A7315AEEDEB52D9CF3EB8E
                                          SHA-256:17C235994063826E4BE1F7DA5D942E1947A8E09BB454A65140D40E78856F00D6
                                          SHA-512:00A8A64EBB2D2F79357B6F9F04CF113022FF7F4260C1B5623DB9FCF34459E0230C38D7DFA7BBC2C27B3EAFE8EC6C1ADF4241E8888478767CAE25C7A325D02BA3
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............:......."......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."....................................................................................... !.1A".....................!.1.AQ"2a. 0...BC...3....q.b#......................!1AQ. 0aq..."....B....................!1AQa.q....... ...............e..].B.C...0M.....]s8.4..?t8g...;+3...8.'..2hK...j-o/.+j....Rh..+g.k.\.jQW.....}o......d^.%@.................U.../.9.....L..S...+k.S...aa..z...............w"+....s.. `F...f.C............."...L@& ...................1....v/,R..04.Y.B.N.LE....,...2.._\..T.....]g).o^.....6.Y.9.*...#...[g-.}3...q[..u.dE.....^...JT....+C.. liB.r0..P...Y.g#...~'..,...C9.;.rg........?........C.I...J.I.X.]....;d.MUI.,~.l....q^W.Bb..b.&^.+.1...Bq..@H.A.$b..........?..P:.j...X.....!Q..........?..>.Y...~:O..z[......cJb..^.S...........$xI$VGk.!T.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Daffodils\Resources\is-7K7C4.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):131823
                                          Entropy (8bit):7.96947375962498
                                          Encrypted:false
                                          SSDEEP:3072:R0PeMPkD39yS79zP2iFm9lmJFNcpS+FHZad8nj+rj6:R0PeMP8tyoaOFNabFHZu8nj7
                                          MD5:12EA48F8AD7589553A09E997F2ED94DE
                                          SHA1:38A4E4452FE6CEFB772148BEC0CCB090F3E3C49E
                                          SHA-256:31412879CAEF1271C9C814CA73A18DA461DC3C787BF6E42F9D948E011A1AC0A0
                                          SHA-512:7D3AC54DF460F97E016E058CD61A686D8621083741BEF7A586F0DDA00C960629278AF2DD08F3D25C6089DAFF17E7A40D36932182BE5D8CE0335E5DAA3A20A036
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......].....&Adobe.d...............s....A..7.................................................................................................................................................................2................................................................................ !1..0"2#..`A34$.B65.CP%&@pD.7.....................!..1..AQaq" ...2....r#0.BRb......`...3CScs.....t.uv...$.eT..4Dd%U.5E...................... 0!1q..AQ".a.....2r....B#.b3@`..R..P...C....................!1AQ.aq... ...0..`@P.................?............@..]..].z..V....w^...v.p...9....M:*./.....V.p.sa.k...^....j..R............Zl.)Ob..(..z.7.5....-t..$6....j......jX..........T)}..Yo...8U...Z.f..v.jR..I.e^...^.2Pr{v.T9.]v...V.......]~.l[{...fT.......X.n....u.kO^5{.......N.....&.M.l.n@../x.].}..1.M*.....8.M.E.mG...o.....(...(..V......7WYP.{x.....w.kk*>Kn.R.5....45..j7.u....&.G.m[.kbf.{b..9..6s..". b.".,....>Kj...Z........d..<....,.L1.....i.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Daffodils\is-J07FP.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9147
                                          Entropy (8bit):5.024394502687006
                                          Encrypted:false
                                          SSDEEP:192:EENJ+skLFkLrjNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:EENJFkLFkLrjNJhkLpkL7kLuvyCjqw6N
                                          MD5:B8915C5107A891560743E8CE1655D10E
                                          SHA1:3327EC526174F708238D0B75FEFA8C8744FB09DC
                                          SHA-256:D5A3CEAFF4773E7231547BDCCFF155A51FBF4A6E9678F9FEF4C9740370135871
                                          SHA-512:AFF8F46E2D11DB5C2B4BF456CEA4720428D165E76AA38F19B664BA5E22CAE0CB493B1EDAED3BDE6FCA3A8203706077AC8DEE0765572C5DE7FD77A7BC3D79CC05
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Daffodils" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="1992846" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\ETs\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9134
                                          Entropy (8bit):5.0216583589134265
                                          Encrypted:false
                                          SSDEEP:192:IKNJZkLkkLrlNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:IKNJZkLkkLrlNJhkLpkL7kLuvyCjqw6N
                                          MD5:CE1445CD65F9D9575B2189B0C71DE47D
                                          SHA1:D4D40A3DB918760888456182CD4C16304EF60E82
                                          SHA-256:4490DA9E5261350C912286C78AB93332CB3196093224A75390EA6A7067EF1D21
                                          SHA-512:A4BEFF899DDD0A5A070383DA92F72F541461A43B34BE3D50AD792181EE7D02E07F739E6D8FA9D7486CAA8C6F0C485C987AAE9260D42A2190B61BC0F5E47D8469
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="ETs" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="7202460" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="380" y1="130" x2="650" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="380" y1="250" x2="650" y2="350"/>......<States>.......<Default type

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\ETs\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):118641
                                          Entropy (8bit):7.984482732447735
                                          Encrypted:false
                                          SSDEEP:3072:uQX6Azq3h1P988Std6+1ZO5E4VbFWl1MxFOmfplIde88m+Spl:uQPzq3h1P9bSlObvWl1oOmfpE7L
                                          MD5:5D401EB52AC3876D275714CACF69ED61
                                          SHA1:167DD9C648A9DE157804367F34DC4BC8BC62B2C6
                                          SHA-256:3A72307F7C8D319F2AFA5D86A37FDAEBBF04873894406E9F1F50C669495E8D51
                                          SHA-512:AC24A93DD0C3257DE97943540669B64530D3B7A6C966F43FC010E5E91D31FA65856D7C4CBBA3376F80D735D25AF624AC667922CF31EF20767822FBC84736ABAB
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............^........o......................................................#"""#''''''''''..................................................!! !!''''''''''...........".........................................................................................!" .0@P1#.2$A3B.`4C%5.....................!1..AQa".q..2...BR#....b..r3 .C$.0S...4.@.cs..%5....................P!1..AQ. aq.....`.."b..2.#....................!1AQaq..... .....0@..................rC5.. ..k.S. .jK.z].aQ.Yf9....)...U.Q...].L.{.b..pFvu{|....25...,T..he..JN_H[..C.#M....ct.....kM.....k.LcF.-`..,2.>..f. ...>.1*..vT.y........Pj..8.....:...|S.|.[R....k.X....h4.J.B.XRW.zY.iE.3ZI....=..K...[H.....L..f....X...M.]d.f.O...Z.../7.-$.t....2.y..p...?..n.l../2...N=1..e!yl.I.P.......:RAfB..oW.).+..r=..;]..$.\.....U*..[..5.}...`.r.n..iz...*..+6..U......7.......gV...)d.b!..y..-.L.x_.lco]..^...{z.k2.W.(.@.."h..u.z.+...]G...j......*...*../:..5.q..,M..8..v5.i.9"D@

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\ETs\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3626
                                          Entropy (8bit):7.788501643631946
                                          Encrypted:false
                                          SSDEEP:96:OLdQ3oYrtNVD8cS5q0oCwx9i2ZsP6gTEFIrIO5:MuYYBNVDK5GCwx9i2ZE6gTxrd5
                                          MD5:2048F0020F32B6A67ED7571F3B20DD32
                                          SHA1:B57101A64652CF021D755B53007DF689BC281CF9
                                          SHA-256:32288CD37E5618E3FB10413ADC2F80C1AD3335F471EF1D9C51D85F86DEE0E432
                                          SHA-512:AFFE37305AA79428074CD3C138C9DB7F9FA2E1BCF188B0B59D5402758AAC8477B8497D55A852AAC3E7CCD7F5463B82F9E0BC99E7E6109036D693404B94029665
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................z...(......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."..................................................................................... 0.@!1A"23....................!...1AQa".q2..B...#.Rb.3..................... .!.10@.aA....."....................!1AQaq... .................@v..Fd..Ur.X...S`X=..$`.m....Fm.J8.[mh....7M.6.....q...v..,qB..l=NY.j....oX....Yd..*[..9..\X.P~....)<.gE......./..r.?............Q.'....}pz|................................MWL.k....1...#.}R....5.*..T0...*..%.8..LW..D.69.....x...v.[+s..q.{;.A.1Y^.-..!.4&2h2.)...b...".....h..z.y~.`e'Z.mZ...9..w.Z...j.u.Q....T.f....K.". .<.=..G..y...[.Y+6=.|I.:.{J{...^%p.[.^)..M.!fO.>C,..f.vL}.TV5.2U%keq..........&...]..E)..g..#(.....g.....io....L=..d...JO..d.......H $...p.E...0..X.,..d.q`2..............?...#...D.${;..j...S........?...M.7W....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\ETs\Resources\is-IF679.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):118641
                                          Entropy (8bit):7.984482732447735
                                          Encrypted:false
                                          SSDEEP:3072:uQX6Azq3h1P988Std6+1ZO5E4VbFWl1MxFOmfplIde88m+Spl:uQPzq3h1P9bSlObvWl1oOmfpE7L
                                          MD5:5D401EB52AC3876D275714CACF69ED61
                                          SHA1:167DD9C648A9DE157804367F34DC4BC8BC62B2C6
                                          SHA-256:3A72307F7C8D319F2AFA5D86A37FDAEBBF04873894406E9F1F50C669495E8D51
                                          SHA-512:AC24A93DD0C3257DE97943540669B64530D3B7A6C966F43FC010E5E91D31FA65856D7C4CBBA3376F80D735D25AF624AC667922CF31EF20767822FBC84736ABAB
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............^........o......................................................#"""#''''''''''..................................................!! !!''''''''''...........".........................................................................................!" .0@P1#.2$A3B.`4C%5.....................!1..AQa".q..2...BR#....b..r3 .C$.0S...4.@.cs..%5....................P!1..AQ. aq.....`.."b..2.#....................!1AQaq..... .....0@..................rC5.. ..k.S. .jK.z].aQ.Yf9....)...U.Q...].L.{.b..pFvu{|....25...,T..he..JN_H[..C.#M....ct.....kM.....k.LcF.-`..,2.>..f. ...>.1*..vT.y........Pj..8.....:...|S.|.[R....k.X....h4.J.B.XRW.zY.iE.3ZI....=..K...[H.....L..f....X...M.]d.f.O...Z.../7.-$.t....2.y..p...?..n.l../2...N=1..e!yl.I.P.......:RAfB..oW.).+..r=..;]..$.\.....U*..[..5.}...`.r.n..iz...*..+6..U......7.......gV...)d.b!..y..-.L.x_.lco]..^...{z.k2.W.(.@.."h..u.z.+...]G...j......*...*../:..5.q..,M..8..v5.i.9"D@

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\ETs\Resources\is-UVJKI.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3626
                                          Entropy (8bit):7.788501643631946
                                          Encrypted:false
                                          SSDEEP:96:OLdQ3oYrtNVD8cS5q0oCwx9i2ZsP6gTEFIrIO5:MuYYBNVDK5GCwx9i2ZE6gTxrd5
                                          MD5:2048F0020F32B6A67ED7571F3B20DD32
                                          SHA1:B57101A64652CF021D755B53007DF689BC281CF9
                                          SHA-256:32288CD37E5618E3FB10413ADC2F80C1AD3335F471EF1D9C51D85F86DEE0E432
                                          SHA-512:AFFE37305AA79428074CD3C138C9DB7F9FA2E1BCF188B0B59D5402758AAC8477B8497D55A852AAC3E7CCD7F5463B82F9E0BC99E7E6109036D693404B94029665
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................z...(......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."..................................................................................... 0.@!1A"23....................!...1AQa".q2..B...#.Rb.3..................... .!.10@.aA....."....................!1AQaq... .................@v..Fd..Ur.X...S`X=..$`.m....Fm.J8.[mh....7M.6.....q...v..,qB..l=NY.j....oX....Yd..*[..9..\X.P~....)<.gE......./..r.?............Q.'....}pz|................................MWL.k....1...#.}R....5.*..T0...*..%.8..LW..D.69.....x...v.[+s..q.{;.A.1Y^.-..!.4&2h2.)...b...".....h..z.y~.`e'Z.mZ...9..w.Z...j.u.Q....T.f....K.". .<.=..G..y...[.Y+6=.|I.:.{J{...^%p.[.^)..M.!fO.>C,..f.vL}.TV5.2U%keq..........&...]..E)..g..#(.....g.....io....L=..d...JO..d.......H $...p.E...0..X.,..d.q`2..............?...#...D.${;..j...S........?...M.7W....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\ETs\is-FJ6VS.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9134
                                          Entropy (8bit):5.0216583589134265
                                          Encrypted:false
                                          SSDEEP:192:IKNJZkLkkLrlNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:IKNJZkLkkLrlNJhkLpkL7kLuvyCjqw6N
                                          MD5:CE1445CD65F9D9575B2189B0C71DE47D
                                          SHA1:D4D40A3DB918760888456182CD4C16304EF60E82
                                          SHA-256:4490DA9E5261350C912286C78AB93332CB3196093224A75390EA6A7067EF1D21
                                          SHA-512:A4BEFF899DDD0A5A070383DA92F72F541461A43B34BE3D50AD792181EE7D02E07F739E6D8FA9D7486CAA8C6F0C485C987AAE9260D42A2190B61BC0F5E47D8469
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="ETs" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="7202460" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="380" y1="130" x2="650" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="380" y1="250" x2="650" y2="350"/>......<States>.......<Default type

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Golden Fall\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9149
                                          Entropy (8bit):5.02546964789118
                                          Encrypted:false
                                          SSDEEP:192:qrwNJ+skLFkLrvNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:kwNJFkLFkLrvNJhkLpkL7kLuvyCjqw6N
                                          MD5:78FEAD39ADB5C7FD682190A8864E813D
                                          SHA1:477CE52D413D3DEFDDA8563A9A480433CBE4CBB5
                                          SHA-256:DB29312459C3F496684A460AB09149F50C49A7C6A4CE7A8A935A1F0031F296A9
                                          SHA-512:6CDF79705071C0154FD16AC024C3D197A9971074B6DA3316596FFEE925654C6C5713EAAD669F614FB4CE1AD983DDCC0C8CA54406E2D6DA435A245823FA6535C0
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Golden Fall" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="7846891" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Golden Fall\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):152706
                                          Entropy (8bit):7.97758487982235
                                          Encrypted:false
                                          SSDEEP:3072:0VbobCK9byiGlUfpyABY/9qRuhE+08I5eS5wbr3obcIgvinD+YK:cobkNlayAK/Uu+F5mooenD+z
                                          MD5:5D63660257AAB0CE1CCC37913260F909
                                          SHA1:42C94491586369729E54B4275ADEBE5B3DB5E8D6
                                          SHA-256:963726759520963B9A562A0350D795F4CAE2609D3F72926DB3272CA355DD0ADE
                                          SHA-512:1BB41553FC06C843E525EB6E655D2CBF7120E66E2E664290D62F6C94C63EA6CE3FB72E66052AE69AB148BA985A67B5632454F3C198F9FBF59E41CD5B41354A50
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......K.....&Adobe.d....................o..s...T.......................................................................................................................................................................................................................................... !.01"..A#2.@$3.B4.%D.....................!..1A.Q".aq2. .B#...R..b30.r$..CS@.....................!0@P`... p.1.......................!1AQ.aq... ......0................_..$X3u%#.5..X...H........74..7..s.:.>...nxY.p...TY..p..1.9.m*$s..:.+3..u+2.+.).~.l..,.1'.v.^.X..$w.@...?#.........Tn.....VXoc\..4..L.*.E0y..].V..!s.>.@R@hY.....A.....b.0\....f..t.k...v.v..30....fOBF3.<X.jN..K6...|.......Aw.}...E......i.....uMi..A%...-(8...o...kC.......<.....S.w^....II`.D.Y..e.gY.....G........{.t..n. t.....x...]5.(0.kBwL......w.=.D.....Z|....e.NNz....5#..xL...+.a.jpb.F..x..a..3u..{..R.q.W...a...0p.....Y...Y.qc.I...]..8..C../Jv......S^.+... r..D.(vLG.y-.D.kG..:...7.{ICn

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Golden Fall\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):4170
                                          Entropy (8bit):7.838555215935248
                                          Encrypted:false
                                          SSDEEP:96:pDtApqrqa6D/VqWLviS/3DTOxaimm4SmqtK7PrhvM0p9BQgV:peaAqCKS/uxv4SmqedU09lV
                                          MD5:B885F46F4E43182934188AB20F50E5CE
                                          SHA1:F3188D65FBCF56A0E8BE31F8F6D6243CEBD0B3BF
                                          SHA-256:23CEDA333F44ED288E75525C7038351A7BE3F7FF81BC5244F10BA0396ECD31D4
                                          SHA-512:49D15AF2FA054D696FF5DB6414F1E4FF062E6DE02C8065F9FBADAE67C3D6220CAE5FFA38B58486AF016939A5124A29EBB255A88902E1D5D27FBFE7BBB6B503DA
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............N.......H......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."....................................................................................!..1"#%.......................!1.A"..Qa2Bq.#...Rb.r.3S...C......................!1AaqQ...........................!1AQaq.....................]<....Q0.\}..U~AU._..1..2....z..;e........]..6...+ay:...2(y.J2..N.,..W...VOL.>...ijz@mY...6.<f.......Y..$._..'.[e....A.2.... ....em...J.}.E<...................E..2..Dnfw...$jg.....k......18Q20..3.............#?.............s[..ao..?.3.q....`.oz.tFE..s.....q...../Z..g.d.Y............q].b.*q:L.r. ..T..Vy.e.K.r...X.c..G..?[.j..l......R.U..,.g5=&.6.@.u.. .....~eq-. ..T&.7.RF.....(s.m..J..aw..a."..m.g;.Z..Xc.USW.W...B.-|....c.S%. {......H_U.K.r....[.R.$..J..me..f..y([D?c...s=....M..z..4..>.&i.lb..*.....]|.C....,.U..g6.V*...~m.".4l.@*.?

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Golden Fall\Resources\is-G9R8P.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):152706
                                          Entropy (8bit):7.97758487982235
                                          Encrypted:false
                                          SSDEEP:3072:0VbobCK9byiGlUfpyABY/9qRuhE+08I5eS5wbr3obcIgvinD+YK:cobkNlayAK/Uu+F5mooenD+z
                                          MD5:5D63660257AAB0CE1CCC37913260F909
                                          SHA1:42C94491586369729E54B4275ADEBE5B3DB5E8D6
                                          SHA-256:963726759520963B9A562A0350D795F4CAE2609D3F72926DB3272CA355DD0ADE
                                          SHA-512:1BB41553FC06C843E525EB6E655D2CBF7120E66E2E664290D62F6C94C63EA6CE3FB72E66052AE69AB148BA985A67B5632454F3C198F9FBF59E41CD5B41354A50
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......K.....&Adobe.d....................o..s...T.......................................................................................................................................................................................................................................... !.01"..A#2.@$3.B4.%D.....................!..1A.Q".aq2. .B#...R..b30.r$..CS@.....................!0@P`... p.1.......................!1AQ.aq... ......0................_..$X3u%#.5..X...H........74..7..s.:.>...nxY.p...TY..p..1.9.m*$s..:.+3..u+2.+.).~.l..,.1'.v.^.X..$w.@...?#.........Tn.....VXoc\..4..L.*.E0y..].V..!s.>.@R@hY.....A.....b.0\....f..t.k...v.v..30....fOBF3.<X.jN..K6...|.......Aw.}...E......i.....uMi..A%...-(8...o...kC.......<.....S.w^....II`.D.Y..e.gY.....G........{.t..n. t.....x...]5.(0.kBwL......w.=.D.....Z|....e.NNz....5#..xL...+.a.jpb.F..x..a..3u..{..R.q.W...a...0p.....Y...Y.qc.I...]..8..C../Jv......S^.+... r..D.(vLG.y-.D.kG..:...7.{ICn

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Golden Fall\Resources\is-TPVQR.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):4170
                                          Entropy (8bit):7.838555215935248
                                          Encrypted:false
                                          SSDEEP:96:pDtApqrqa6D/VqWLviS/3DTOxaimm4SmqtK7PrhvM0p9BQgV:peaAqCKS/uxv4SmqedU09lV
                                          MD5:B885F46F4E43182934188AB20F50E5CE
                                          SHA1:F3188D65FBCF56A0E8BE31F8F6D6243CEBD0B3BF
                                          SHA-256:23CEDA333F44ED288E75525C7038351A7BE3F7FF81BC5244F10BA0396ECD31D4
                                          SHA-512:49D15AF2FA054D696FF5DB6414F1E4FF062E6DE02C8065F9FBADAE67C3D6220CAE5FFA38B58486AF016939A5124A29EBB255A88902E1D5D27FBFE7BBB6B503DA
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............N.......H......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."....................................................................................!..1"#%.......................!1.A"..Qa2Bq.#...Rb.r.3S...C......................!1AaqQ...........................!1AQaq.....................]<....Q0.\}..U~AU._..1..2....z..;e........]..6...+ay:...2(y.J2..N.,..W...VOL.>...ijz@mY...6.<f.......Y..$._..'.[e....A.2.... ....em...J.}.E<...................E..2..Dnfw...$jg.....k......18Q20..3.............#?.............s[..ao..?.3.q....`.oz.tFE..s.....q...../Z..g.d.Y............q].b.*q:L.r. ..T..Vy.e.K.r...X.c..G..?[.j..l......R.U..,.g5=&.6.@.u.. .....~eq-. ..T&.7.RF.....(s.m..J..aw..a."..m.g;.Z..Xc.USW.W...B.-|....c.S%. {......H_U.K.r....[.R.$..J..me..f..y([D?c...s=....M..z..4..>.&i.lb..*.....]|.C....,.U..g6.V*...~m.".4l.@*.?

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Golden Fall\is-HOL07.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9149
                                          Entropy (8bit):5.02546964789118
                                          Encrypted:false
                                          SSDEEP:192:qrwNJ+skLFkLrvNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:kwNJFkLFkLrvNJhkLpkL7kLuvyCjqw6N
                                          MD5:78FEAD39ADB5C7FD682190A8864E813D
                                          SHA1:477CE52D413D3DEFDDA8563A9A480433CBE4CBB5
                                          SHA-256:DB29312459C3F496684A460AB09149F50C49A7C6A4CE7A8A935A1F0031F296A9
                                          SHA-512:6CDF79705071C0154FD16AC024C3D197A9971074B6DA3316596FFEE925654C6C5713EAAD669F614FB4CE1AD983DDCC0C8CA54406E2D6DA435A245823FA6535C0
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Golden Fall" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="7846891" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Halloween\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9145
                                          Entropy (8bit):5.0229615271129635
                                          Encrypted:false
                                          SSDEEP:192:l9NJ+skLFkLrsNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:l9NJFkLFkLrsNJhkLpkL7kLuvyCjqw6N
                                          MD5:5159B495389A4B391913AAD6F6371368
                                          SHA1:375507516D3B81819BD862B021F90286A446C81B
                                          SHA-256:C3CE1ABA1B984BBE63C5AD92A7E1578674A22F4D597D9497346D5D6315AF2876
                                          SHA-512:3A69C68746C3F062AD2693BF5F215C4DC515E71D16ADF06D22B129A15B9B63C9D9EA9276E212BE0B9C87C66A11E1A45380F7490A9DFB66FA3377102CDA2A5B18
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Halloween" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="419583" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Halloween\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2008:03:31 12:59:29], progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):64203
                                          Entropy (8bit):7.706403831232239
                                          Encrypted:false
                                          SSDEEP:1536:l2CI2CjXXzwGcDsdtZUWdD7z382z8G/tcJQD5:lbIbrD7cDsdt/z38PG6JQV
                                          MD5:AA5C170B0827D05689755DF086BFFF9A
                                          SHA1:DC517EE9763CFBB340124C7D2A34353AC16FE912
                                          SHA-256:E7EE0A4C4577BA6A9E7DA8F98297E342A3246BA31764FAD2F161543DE4F36F1E
                                          SHA-512:47668AB1524A73A21454DEB1106341F1F2050D5070C2FE8A6E65D3A3B8C1FE84B051AB6F4F40E670D205DE9ADF161DDA98B1B2BC2769D82F3C8920416F61AD71
                                          Malicious:false
                                          Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS3 Windows.2008:03:31 12:59:29...................................................................................&.(.................................l.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................x...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...V......Q....-......R.v.I\}x..-O....z.........%IA!%g.u.1....T..n...]...!...9*SQ%b.+[.......HB...[....).H.c.......'.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Halloween\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2512
                                          Entropy (8bit):7.698331144340993
                                          Encrypted:false
                                          SSDEEP:48:zKA3FkebkFG5dIOFXI1Wc7vJPgcNJl1fMzQHpgp8ltxiS0q0VAbesn8:51dkF1OsWCPgcNjOODgSZ0V08
                                          MD5:40ECCADE31A4BA1A47BAF5D6CD3C461F
                                          SHA1:249AB3A3F838AA28538C0B0AFF5FCEDBAF0B1308
                                          SHA-256:F53166D94A0F35B037C93E1744447AC9C3B3B9C8730E2FDFC627162941595BFD
                                          SHA-512:D088F51A1C1C816B8E67EF3F41462A89BA1B41F8D5A46AA99F647F5B52943BB48D21086F96CA2521F667F65FE8647F36551BBB5915F628F6154422DD5572563B
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............z..............................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................... !..0"#$.......................!1..AQ.aq."2....#3. ...0.BRr........................!Q. 1.0Aaq.".b....................!1AQa.q..... 0.....................s.l...C.gL...F.<......4.R....g..;{.9.W..H ....X.IQn..E...\..Uv.QsR.w..<>....m..Z.{<..]6.Z.am..:N7K;..;....................-..5..DV...#1m~I.r..#]..Z...,..>..d?.............._.k....@.M.d....2*..f...o.S............p]8^5V ..7V .3T...`Y..+.NV..<.q]1;........x-....H.n.l>_.!.....7....2r.A.o.qo....RL....L|.J(...>A...Qm....t...3....:.j.-2.1(......Zm...........U._N/.gE..W..X.......3,.....\.O......[&......\x.......n.q.k...~.........?..QK.u.k......../..V...2.*...g.eo.T....2.7.z..........?....'.qm ......}...../...............?..|

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Halloween\Resources\is-PLQNF.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2512
                                          Entropy (8bit):7.698331144340993
                                          Encrypted:false
                                          SSDEEP:48:zKA3FkebkFG5dIOFXI1Wc7vJPgcNJl1fMzQHpgp8ltxiS0q0VAbesn8:51dkF1OsWCPgcNjOODgSZ0V08
                                          MD5:40ECCADE31A4BA1A47BAF5D6CD3C461F
                                          SHA1:249AB3A3F838AA28538C0B0AFF5FCEDBAF0B1308
                                          SHA-256:F53166D94A0F35B037C93E1744447AC9C3B3B9C8730E2FDFC627162941595BFD
                                          SHA-512:D088F51A1C1C816B8E67EF3F41462A89BA1B41F8D5A46AA99F647F5B52943BB48D21086F96CA2521F667F65FE8647F36551BBB5915F628F6154422DD5572563B
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............z..............................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................... !..0"#$.......................!1..AQ.aq."2....#3. ...0.BRr........................!Q. 1.0Aaq.".b....................!1AQa.q..... 0.....................s.l...C.gL...F.<......4.R....g..;{.9.W..H ....X.IQn..E...\..Uv.QsR.w..<>....m..Z.{<..]6.Z.am..:N7K;..;....................-..5..DV...#1m~I.r..#]..Z...,..>..d?.............._.k....@.M.d....2*..f...o.S............p]8^5V ..7V .3T...`Y..+.NV..<.q]1;........x-....H.n.l>_.!.....7....2r.A.o.qo....RL....L|.J(...>A...Qm....t...3....:.j.-2.1(......Zm...........U._N/.gE..W..X.......3,.....\.O......[&......\x.......n.q.k...~.........?..QK.u.k......../..V...2.*...g.eo.T....2.7.z..........?....'.qm ......}...../...............?..|

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Halloween\Resources\is-RH87B.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2008:03:31 12:59:29], progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):64203
                                          Entropy (8bit):7.706403831232239
                                          Encrypted:false
                                          SSDEEP:1536:l2CI2CjXXzwGcDsdtZUWdD7z382z8G/tcJQD5:lbIbrD7cDsdt/z38PG6JQV
                                          MD5:AA5C170B0827D05689755DF086BFFF9A
                                          SHA1:DC517EE9763CFBB340124C7D2A34353AC16FE912
                                          SHA-256:E7EE0A4C4577BA6A9E7DA8F98297E342A3246BA31764FAD2F161543DE4F36F1E
                                          SHA-512:47668AB1524A73A21454DEB1106341F1F2050D5070C2FE8A6E65D3A3B8C1FE84B051AB6F4F40E670D205DE9ADF161DDA98B1B2BC2769D82F3C8920416F61AD71
                                          Malicious:false
                                          Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS3 Windows.2008:03:31 12:59:29...................................................................................&.(.................................l.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................x...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...V......Q....-......R.v.I\}x..-O....z.........%IA!%g.u.1....T..n...]...!...9*SQ%b.+[.......HB...[....).H.c.......'.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Halloween\is-9SOPC.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9145
                                          Entropy (8bit):5.0229615271129635
                                          Encrypted:false
                                          SSDEEP:192:l9NJ+skLFkLrsNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:l9NJFkLFkLrsNJhkLpkL7kLuvyCjqw6N
                                          MD5:5159B495389A4B391913AAD6F6371368
                                          SHA1:375507516D3B81819BD862B021F90286A446C81B
                                          SHA-256:C3CE1ABA1B984BBE63C5AD92A7E1578674A22F4D597D9497346D5D6315AF2876
                                          SHA-512:3A69C68746C3F062AD2693BF5F215C4DC515E71D16ADF06D22B129A15B9B63C9D9EA9276E212BE0B9C87C66A11E1A45380F7490A9DFB66FA3377102CDA2A5B18
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Halloween" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="419583" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Blue\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9150
                                          Entropy (8bit):5.021994450870676
                                          Encrypted:false
                                          SSDEEP:192:ThNJHkLIkLroNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:ThNJHkLIkLroNJhkLpkL7kLuvyCjqw6N
                                          MD5:6C936EDA3A79650A86FF542B1C0601BB
                                          SHA1:067EFB667B5A1FC96B8C3CEABA71DD0DA781B5AF
                                          SHA-256:97543A878B6CDEBE01F482DA882420705240018EF5644DB12FAED47404D18197
                                          SHA-512:CBDDF8B6C83CE12EC6EC55551F2BB190259721AC5DD0CB34BC9E016696464A9BF0ADB5722E8515E30BF398D7A14B1181EC5167364392C78845E86B2951F14F97
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy Birthday Blue" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="11170068" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Blue\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):49207
                                          Entropy (8bit):7.976398445829948
                                          Encrypted:false
                                          SSDEEP:1536:hqjHGMQO2cGJs0nmZ7nrzhqbRRwYj/8ZrPHa6J:0DRF3YbEZPp
                                          MD5:DFE948656839CE9AB3429314BC9D8C18
                                          SHA1:7285E5A7D0F845F24BB6D7107C183F6A7A21F17F
                                          SHA-256:35FFCCF7ABA8960C410DC153FD01869AB81871BA8154904D7F9A12201E5A538A
                                          SHA-512:C8EDCEBA0097D9A28B7082D1FB1FC15B03577839CE397B49669B506CD61A9CE50273BCA65EC93C643A77304C334062B957E7B46CFBD728C3913462529EF7CE87
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............;...YZ...5......................................................#"""#''''''''''..................................................!! !!''''''''''..........."..................................................................................!1....A". 2.0@PB.#..3$.....................!. 1AQa..q.."2..0...B@.Rbr#3....C..c$....................... P!@1Q.0Aq."`p....a....................!1AQaq...... ...0................j....."r.c%..#.1..V.gRt.U..3h.Sp.j.j.1...V.L.U.&..KF....A..P."......+U8.i..* ./^F........cd-./#.[.....y.?.Y..l(..n....S......E..Kp..b....:.0..K.C.}2.^B..r..l.:Q.Y..hy.r7..+s...1.f....3+.....UMLh......+.qf`...UN......J]6.Y..-eK6T...Ha.*..Q5M.[Rk.h..??....>.....z\.G.BC.....t."..cC.>.G.[.m%.[..|.....Q.).Z.:.Ntk..h.&...u.{g.[...F...)&...Q.!aU...r..MVz.P.1,.Y#Il.Tm$n.......m.R.#tc~t..i.E.0.B.~...CVO...........r.n....HI..U....0...z8R.....z.z>'o..P.....P..gI^..A3..#.t.&.R]... .h....~}..;&.fmI4....ud.GJ

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Blue\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2637
                                          Entropy (8bit):7.692082108952725
                                          Encrypted:false
                                          SSDEEP:48:bmA1paTgSkd9XSaGgs2sRAvFNtJNKo93LHMhLrenvYClRFx+pT2EXC+RyAJiqjr8:bp1iBkdoapDWCT93LshnenJf8PX37JSX
                                          MD5:A9806FEDF6B054304FE463B268EDF07F
                                          SHA1:4F6FD4E42703658C0E2008D9797E26A6379A8455
                                          SHA-256:1655079EF9D6A5A584EC54C133F85F600051B9119BDEF972E0196624CD2E573C
                                          SHA-512:C32103B6FE5DD4CB829378ABF680155F43AEEAFE9385207C989870ED777BDD5BC1AF92D1CAF0C778A5E3833B55126EA420CA38F5CF754340EBC5FE46D38EC56F
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................H...K......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................!.A. 1.."2$4......................!..1QAaq".2.......BR3..b#.$................... ..!a..1A.Qq.....................!1AQaq............................|.x.acm.J\.D.-(....f...z.R....\\...c.v.5|/T>....:5..t...9...R.:.|._n.b.\........G.9pX!Z...W......N...Jjt.)h'E&...K............@:?...I..f2..T..0....?.C.....r\.;............L.....1n..B..Q.....].....M..m..\(..............y .t..7...vH..!U...QC.9L...KpHS}.O.[..v...8\....y[u.V..J.1.....c.b..!.._EW......XBD......s;>........+..Wn....!T......2>S........ol..N.ep.i...U..J............]j..je..,d9. .e.....^......).@.......\aD6j.^...aG...[.5.........?.f6Yzm._8..yqnRCAqn.........?.aAUn..7.aH.....j.........?.s..?..h:.......^.k...N.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Blue\Resources\is-9UAEB.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):49207
                                          Entropy (8bit):7.976398445829948
                                          Encrypted:false
                                          SSDEEP:1536:hqjHGMQO2cGJs0nmZ7nrzhqbRRwYj/8ZrPHa6J:0DRF3YbEZPp
                                          MD5:DFE948656839CE9AB3429314BC9D8C18
                                          SHA1:7285E5A7D0F845F24BB6D7107C183F6A7A21F17F
                                          SHA-256:35FFCCF7ABA8960C410DC153FD01869AB81871BA8154904D7F9A12201E5A538A
                                          SHA-512:C8EDCEBA0097D9A28B7082D1FB1FC15B03577839CE397B49669B506CD61A9CE50273BCA65EC93C643A77304C334062B957E7B46CFBD728C3913462529EF7CE87
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............;...YZ...5......................................................#"""#''''''''''..................................................!! !!''''''''''..........."..................................................................................!1....A". 2.0@PB.#..3$.....................!. 1AQa..q.."2..0...B@.Rbr#3....C..c$....................... P!@1Q.0Aq."`p....a....................!1AQaq...... ...0................j....."r.c%..#.1..V.gRt.U..3h.Sp.j.j.1...V.L.U.&..KF....A..P."......+U8.i..* ./^F........cd-./#.[.....y.?.Y..l(..n....S......E..Kp..b....:.0..K.C.}2.^B..r..l.:Q.Y..hy.r7..+s...1.f....3+.....UMLh......+.qf`...UN......J]6.Y..-eK6T...Ha.*..Q5M.[Rk.h..??....>.....z\.G.BC.....t."..cC.>.G.[.m%.[..|.....Q.).Z.:.Ntk..h.&...u.{g.[...F...)&...Q.!aU...r..MVz.P.1,.Y#Il.Tm$n.......m.R.#tc~t..i.E.0.B.~...CVO...........r.n....HI..U....0...z8R.....z.z>'o..P.....P..gI^..A3..#.t.&.R]... .h....~}..;&.fmI4....ud.GJ

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Blue\Resources\is-DSEF6.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2637
                                          Entropy (8bit):7.692082108952725
                                          Encrypted:false
                                          SSDEEP:48:bmA1paTgSkd9XSaGgs2sRAvFNtJNKo93LHMhLrenvYClRFx+pT2EXC+RyAJiqjr8:bp1iBkdoapDWCT93LshnenJf8PX37JSX
                                          MD5:A9806FEDF6B054304FE463B268EDF07F
                                          SHA1:4F6FD4E42703658C0E2008D9797E26A6379A8455
                                          SHA-256:1655079EF9D6A5A584EC54C133F85F600051B9119BDEF972E0196624CD2E573C
                                          SHA-512:C32103B6FE5DD4CB829378ABF680155F43AEEAFE9385207C989870ED777BDD5BC1AF92D1CAF0C778A5E3833B55126EA420CA38F5CF754340EBC5FE46D38EC56F
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................H...K......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................!.A. 1.."2$4......................!..1QAaq".2.......BR3..b#.$................... ..!a..1A.Qq.....................!1AQaq............................|.x.acm.J\.D.-(....f...z.R....\\...c.v.5|/T>....:5..t...9...R.:.|._n.b.\........G.9pX!Z...W......N...Jjt.)h'E&...K............@:?...I..f2..T..0....?.C.....r\.;............L.....1n..B..Q.....].....M..m..\(..............y .t..7...vH..!U...QC.9L...KpHS}.O.[..v...8\....y[u.V..J.1.....c.b..!.._EW......XBD......s;>........+..Wn....!T......2>S........ol..N.ep.i...U..J............]j..je..,d9. .e.....^......).@.......\aD6j.^...aG...[.5.........?.f6Yzm._8..yqnRCAqn.........?.aAUn..7.aH.....j.........?.s..?..h:.......^.k...N.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Blue\is-1LPR7.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9150
                                          Entropy (8bit):5.021994450870676
                                          Encrypted:false
                                          SSDEEP:192:ThNJHkLIkLroNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:ThNJHkLIkLroNJhkLpkL7kLuvyCjqw6N
                                          MD5:6C936EDA3A79650A86FF542B1C0601BB
                                          SHA1:067EFB667B5A1FC96B8C3CEABA71DD0DA781B5AF
                                          SHA-256:97543A878B6CDEBE01F482DA882420705240018EF5644DB12FAED47404D18197
                                          SHA-512:CBDDF8B6C83CE12EC6EC55551F2BB190259721AC5DD0CB34BC9E016696464A9BF0ADB5722E8515E30BF398D7A14B1181EC5167364392C78845E86B2951F14F97
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy Birthday Blue" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="11170068" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Lilac\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9151
                                          Entropy (8bit):5.025382264606286
                                          Encrypted:false
                                          SSDEEP:192:u6NJZkLkkLr1NJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:u6NJZkLkkLr1NJhkLpkL7kLuvyCjqw6N
                                          MD5:125558E2344D770CEA13B5C9EF161FD6
                                          SHA1:D8DC40C5CD57BD97CE3D00B206DA4234066EBCD9
                                          SHA-256:C79E75EBEDD00A695FA6492ACF30F19F4D511FA8BA480C5215A85E27EFC84FEB
                                          SHA-512:09041AC73A4A0B0262B6F191A675A773984DF0A06581C4ABAC3A9340D68A9FD045B39096E92512CBA55B17C92ACAC970948552AB822E9432955C5022A2EE82B8
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy Birthday Lilac" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="5791649" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="380" y1="130" x2="650" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="380" y1="250" x2="650" y2="350"/>......<States>...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Lilac\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):23447
                                          Entropy (8bit):7.966940707683644
                                          Encrypted:false
                                          SSDEEP:384:xYtR5IrcKQiSTsJRcgN1x5vLUv7Ls2OLfN1aPdU0H++IOGt/01CmDTxWK8fZW5Vz:xYtRqr2RTsJRvxvLUv7A2kiP60H++5Qq
                                          MD5:0CBFAC34F3EABE1AFD10AA86BCAFB754
                                          SHA1:0D1E23F73490B11214B053F375FF137D906F181F
                                          SHA-256:0312FAF426C357412990A942DD6FBD9651F771AAA7A5700D848D52B7FC4E7607
                                          SHA-512:A1FD9A0EAEFA3B64F75C34D3CC19940756C509761D9378AF9CF9E0DA40DAF92796A23864DF3A589DD0EE02D3A6B6589F60F69F4EFB3A8A43A057F37528A690D3
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............%...2...[.......................................................#"""#''''''''''..................................................!! !!''''''''''...........".................................................................................... !1..P".A2.0@#.B3`C$.4......................!. 1Q.0PAaq.."....2B.@..Rbr..#....3.C.....................P!1 .`.AQaq..0@.."p....2....................!1A.Qa q.@...0.P....................=k.kZk;...}ye.5.l.JW.\z..5...lv..<Z.S.z.:evm...s....[\...(J"-b..is.sJ........j..;.M1.-/2dX..R".-..m...J,.ID..Ui..VKR,.Z.\..*..".nqxt..:k...:i.y.}>....Xr..V..5.z.K.!.yz..j.M.^......1$&.p.9i..DLZ..@.....[...IU....@.kg"....4 ..5.X.H.O.|q3$E..^...]..i'^...#..8tk...k.z....9i...y.z...G.o..}....Gf.<.-[....5.9..DL.....0.....0!@.......Qj..l.P..h....^...9s...a...7..:.....:..w...W7>..v...+...<._..../.s.x.g85..LH!Z.a...5.L...0...(L.P.....$.^..[g1.j.9.D./V<9W...c-./'._/.gy..a.]..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Lilac\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2159
                                          Entropy (8bit):7.616575044210714
                                          Encrypted:false
                                          SSDEEP:24:pMWAOxBU/l32TuIvMdpULw1uB8to0JvtmNa8eG3CZPzicKgK+c8rpTkJuP47pSz3:3A1/MCIKpPM82gvtnZLTEtmpN32PQ
                                          MD5:B1BDEDC1112337E7B2136D4084FA950E
                                          SHA1:F1DDADF54CAC92AF1A0F572E5823509807F2DA5B
                                          SHA-256:0A0450C728E350B13927B0A1EB1B4749076EA122BC37DBC0926ED51A20062194
                                          SHA-512:7D5419ED5B46CE315811DF7A4C287D302C098A23E7EFE260C27AF4F7261DF95C680EFDBCA0E6A9CBE5F58170AB1A9D04F2545E1B70584FBB97F8FE763D96AA6E
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............\.......m......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."..................................................................................... !".1.#.A2$.....................!.1A.Q"aq...B. 0.2C.....Rr.#3S.................... .!.01qAQ.".....................!1AQaq... ....................j.y....jh-. ..[.(N.P.....8-....k....G^.DH...SG/..mR.Mq.....".._^|.Sg...rY{.....Z...=a0(D.TT8T.W....-+4..d..J_........../.t..}H......I.....................Z.....:/V...TfV..o.w...........aJ..).U..W..:^..zb,l).d.f......e+..P..!q.2 de.z3..........1.Q..K...*k..j..r..)......W..UE.C..Q._..k##....b..<.......2Z?`r>.....F...N$.8..+sV.....VnX.....g\y#..`..b.n.^.......6h=G......4Q..imo_........?.pqP-.a$.BTe..c.H..G..T.........?....a[}6*.........?..q.c.E|.9..A........O..h>..I.&.....G.z......k[....u:.<7..Dii.t.l/.J..7..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Lilac\Resources\is-8AGD7.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):23447
                                          Entropy (8bit):7.966940707683644
                                          Encrypted:false
                                          SSDEEP:384:xYtR5IrcKQiSTsJRcgN1x5vLUv7Ls2OLfN1aPdU0H++IOGt/01CmDTxWK8fZW5Vz:xYtRqr2RTsJRvxvLUv7A2kiP60H++5Qq
                                          MD5:0CBFAC34F3EABE1AFD10AA86BCAFB754
                                          SHA1:0D1E23F73490B11214B053F375FF137D906F181F
                                          SHA-256:0312FAF426C357412990A942DD6FBD9651F771AAA7A5700D848D52B7FC4E7607
                                          SHA-512:A1FD9A0EAEFA3B64F75C34D3CC19940756C509761D9378AF9CF9E0DA40DAF92796A23864DF3A589DD0EE02D3A6B6589F60F69F4EFB3A8A43A057F37528A690D3
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............%...2...[.......................................................#"""#''''''''''..................................................!! !!''''''''''...........".................................................................................... !1..P".A2.0@#.B3`C$.4......................!. 1Q.0PAaq.."....2B.@..Rbr..#....3.C.....................P!1 .`.AQaq..0@.."p....2....................!1A.Qa q.@...0.P....................=k.kZk;...}ye.5.l.JW.\z..5...lv..<Z.S.z.:evm...s....[\...(J"-b..is.sJ........j..;.M1.-/2dX..R".-..m...J,.ID..Ui..VKR,.Z.\..*..".nqxt..:k...:i.y.}>....Xr..V..5.z.K.!.yz..j.M.^......1$&.p.9i..DLZ..@.....[...IU....@.kg"....4 ..5.X.H.O.|q3$E..^...]..i'^...#..8tk...k.z....9i...y.z...G.o..}....Gf.<.-[....5.9..DL.....0.....0!@.......Qj..l.P..h....^...9s...a...7..:.....:..w...W7>..v...+...<._..../.s.x.g85..LH!Z.a...5.L...0...(L.P.....$.^..[g1.j.9.D./V<9W...c-./'._/.gy..a.]..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Lilac\Resources\is-V8DB7.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2159
                                          Entropy (8bit):7.616575044210714
                                          Encrypted:false
                                          SSDEEP:24:pMWAOxBU/l32TuIvMdpULw1uB8to0JvtmNa8eG3CZPzicKgK+c8rpTkJuP47pSz3:3A1/MCIKpPM82gvtnZLTEtmpN32PQ
                                          MD5:B1BDEDC1112337E7B2136D4084FA950E
                                          SHA1:F1DDADF54CAC92AF1A0F572E5823509807F2DA5B
                                          SHA-256:0A0450C728E350B13927B0A1EB1B4749076EA122BC37DBC0926ED51A20062194
                                          SHA-512:7D5419ED5B46CE315811DF7A4C287D302C098A23E7EFE260C27AF4F7261DF95C680EFDBCA0E6A9CBE5F58170AB1A9D04F2545E1B70584FBB97F8FE763D96AA6E
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............\.......m......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."..................................................................................... !".1.#.A2$.....................!.1A.Q"aq...B. 0.2C.....Rr.#3S.................... .!.01qAQ.".....................!1AQaq... ....................j.y....jh-. ..[.(N.P.....8-....k....G^.DH...SG/..mR.Mq.....".._^|.Sg...rY{.....Z...=a0(D.TT8T.W....-+4..d..J_........../.t..}H......I.....................Z.....:/V...TfV..o.w...........aJ..).U..W..:^..zb,l).d.f......e+..P..!q.2 de.z3..........1.Q..K...*k..j..r..)......W..UE.C..Q._..k##....b..<.......2Z?`r>.....F...N$.8..+sV.....VnX.....g\y#..`..b.n.^.......6h=G......4Q..imo_........?.pqP-.a$.BTe..c.H..G..T.........?....a[}6*.........?..q.c.E|.9..A........O..h>..I.&.....G.z......k[....u:.<7..Dii.t.l/.J..7..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Lilac\is-CTVPL.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9151
                                          Entropy (8bit):5.025382264606286
                                          Encrypted:false
                                          SSDEEP:192:u6NJZkLkkLr1NJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:u6NJZkLkkLr1NJhkLpkL7kLuvyCjqw6N
                                          MD5:125558E2344D770CEA13B5C9EF161FD6
                                          SHA1:D8DC40C5CD57BD97CE3D00B206DA4234066EBCD9
                                          SHA-256:C79E75EBEDD00A695FA6492ACF30F19F4D511FA8BA480C5215A85E27EFC84FEB
                                          SHA-512:09041AC73A4A0B0262B6F191A675A773984DF0A06581C4ABAC3A9340D68A9FD045B39096E92512CBA55B17C92ACAC970948552AB822E9432955C5022A2EE82B8
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy Birthday Lilac" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="5791649" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="380" y1="130" x2="650" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="380" y1="250" x2="650" y2="350"/>......<States>...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Peach\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9149
                                          Entropy (8bit):5.02280429381858
                                          Encrypted:false
                                          SSDEEP:192:WwbNJHkLIkLrXbNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:WwbNJHkLIkLrXbNJhkLpkL7kLuvyCjqb
                                          MD5:86BA851856BACA182F2B70F7D7A3A762
                                          SHA1:CA48A75BA1F74CC24A77A75F0E4F0E46EE0C9B81
                                          SHA-256:2C58AD095116093AE7E4AF57F935C13601679187847D41779FAF682F6FDD8E9A
                                          SHA-512:46FF417853932AAA76CFD7C5FB0CF726E50868304C3C64FACC814E2192685B3D6C2D591AC1B5215C56E7945393D2BF0668E281A361FCA254F569A954F8D2D065
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy Birthday Peach" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="3124193" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Peach\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):53849
                                          Entropy (8bit):7.967247502494473
                                          Encrypted:false
                                          SSDEEP:768:El03gXlJhpAQsDxHJGRc42cmueeRw0ZV9RMf4zjVHyj9bnGDLeVNQnC+VbPhidvo:jgXnhpA/plOrMuMNj9bwL8vupYYF+Pg
                                          MD5:026B14CC0268B525852390AA72FF5866
                                          SHA1:9D0C5EA58B23BC4EE1342FD71BDF1C20EE56DF48
                                          SHA-256:0ECBABEF1711F7BBB587478766B01486E2738D8F24EF73B585E1D46939D65C30
                                          SHA-512:26DD538E3E59AB1E315B13D314AF042A2D51D3694827F727C4E9F47AF712D6B36875BF6086BA135311804350677692C19C45892F742EB02FE03330BEB6E875E0
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............?...k'...W......................................................#"""#''''''''''..................................................!! !!''''''''''..........."......................................................................................!1.. A.0".2#..@$PB3C%.4.....................!.. 1..0AQa".q..2.B#@..R....br3.CP.S4.$c.......................!1AQ.. 0aq.@P...."2...BRb..r...3`p.#Ss....................!1AQaq......... .................1.v.b..KY....r.Y.i..;.....)7.'.M.-..8a df-'......tS.g....T...B.C.i..&*..M.g.D..lKJ..4.U..;dw.C*.&jK.,v.C7P.-.UW..#V[..G.."GT...8|.V.C.F...J.....\.2.6(.K.x.e.SI....#m..UKM.....J..$..5M.349...'F@......j.T.%...efE......GW.J...&.tZ.e..T.7$.l....\%..g.Y.w...\..*..R.O2..eSU....IV..(Ul..|t...F.a..H!.W\.D..*..-.!.D....6k#.@.gP.e9Hi..q..n...]t...c0.F...HAV..M.B'l\.2.L.9VLIG.....C....7.6.rU...i.#7$.......,...M..,..QH.J.aB..R[4."..p.vV.......a.JYF.,.2y..)iU..'..N.y..#A....&.=.s.B...3

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Peach\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2619
                                          Entropy (8bit):7.674871739396109
                                          Encrypted:false
                                          SSDEEP:48:HAwUaQK/YREF3tl4JLHTIcsVcTFmv9x7dsYMh/QMfodeH990kWZ/DTlhKwNUEZkH:gwUabF0dzucTFWaQMtd90kWlDKwNUcol
                                          MD5:4D406E54B93F8ED9B637DBF8C0595197
                                          SHA1:CE36DDF4E3A5B608355BD689F7C5D9D4D9D23C97
                                          SHA-256:A3A065B72C12DE5636D11E0B49BD2BB7FC19A3CB4EA0B249DE5D321415472D08
                                          SHA-512:F9F9FFA923270D05C71F7D1522DD613EA27F5BF7613FCC50EC3E82C1F28086BE45474DFD696846F67BA619219B5547BB363E57EA0B362ED8E7CDD98A81CEB49E
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................9......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".....................................................................................!.... 1".A....................!...1A"...Qa2 q.0...r#..BRb3.$..................... A!1Qq..a...".B.....................!.1AQa.q....... ...............T.."`..(..L.(s....BOO.&WJu.....,.%`....8|.....u^...#ls..<....x~.....=5.......s..=.iNG......Z.0...l...]a4..W.+L..`............CR...#...[.)j..,.+.-.x[3)E,O.:....G%.G............F..Z.......M.Vuc..q...v......6[-...........X.,"...,e.......>.W.zj5?.z.....2..\.!.......j;.,..D.f.v..e.-Q... .....4v.;.\.V.H.s..7.h.......r7.TY.....1..l...E.MN.....#.....q...[...F.c......=.l..F.X.......o@...hJ+.k..K$....$U.u..(@.VQr.erNr...K,&k {3.4.9.q........?..Jc....]...8}.!.^..).Y....D......:.@.O.+/;.0.E~.=._........?..@fP....m.....3.H,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Peach\Resources\is-MRS9G.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2619
                                          Entropy (8bit):7.674871739396109
                                          Encrypted:false
                                          SSDEEP:48:HAwUaQK/YREF3tl4JLHTIcsVcTFmv9x7dsYMh/QMfodeH990kWZ/DTlhKwNUEZkH:gwUabF0dzucTFWaQMtd90kWlDKwNUcol
                                          MD5:4D406E54B93F8ED9B637DBF8C0595197
                                          SHA1:CE36DDF4E3A5B608355BD689F7C5D9D4D9D23C97
                                          SHA-256:A3A065B72C12DE5636D11E0B49BD2BB7FC19A3CB4EA0B249DE5D321415472D08
                                          SHA-512:F9F9FFA923270D05C71F7D1522DD613EA27F5BF7613FCC50EC3E82C1F28086BE45474DFD696846F67BA619219B5547BB363E57EA0B362ED8E7CDD98A81CEB49E
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................9......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".....................................................................................!.... 1".A....................!...1A"...Qa2 q.0...r#..BRb3.$..................... A!1Qq..a...".B.....................!.1AQa.q....... ...............T.."`..(..L.(s....BOO.&WJu.....,.%`....8|.....u^...#ls..<....x~.....=5.......s..=.iNG......Z.0...l...]a4..W.+L..`............CR...#...[.)j..,.+.-.x[3)E,O.:....G%.G............F..Z.......M.Vuc..q...v......6[-...........X.,"...,e.......>.W.zj5?.z.....2..\.!.......j;.,..D.f.v..e.-Q... .....4v.;.\.V.H.s..7.h.......r7.TY.....1..l...E.MN.....#.....q...[...F.c......=.l..F.X.......o@...hJ+.k..K$....$U.u..(@.VQr.erNr...K,&k {3.4.9.q........?..Jc....]...8}.!.^..).Y....D......:.@.O.+/;.0.E~.=._........?..@fP....m.....3.H,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Peach\Resources\is-Q7H14.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):53849
                                          Entropy (8bit):7.967247502494473
                                          Encrypted:false
                                          SSDEEP:768:El03gXlJhpAQsDxHJGRc42cmueeRw0ZV9RMf4zjVHyj9bnGDLeVNQnC+VbPhidvo:jgXnhpA/plOrMuMNj9bwL8vupYYF+Pg
                                          MD5:026B14CC0268B525852390AA72FF5866
                                          SHA1:9D0C5EA58B23BC4EE1342FD71BDF1C20EE56DF48
                                          SHA-256:0ECBABEF1711F7BBB587478766B01486E2738D8F24EF73B585E1D46939D65C30
                                          SHA-512:26DD538E3E59AB1E315B13D314AF042A2D51D3694827F727C4E9F47AF712D6B36875BF6086BA135311804350677692C19C45892F742EB02FE03330BEB6E875E0
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............?...k'...W......................................................#"""#''''''''''..................................................!! !!''''''''''..........."......................................................................................!1.. A.0".2#..@$PB3C%.4.....................!.. 1..0AQa".q..2.B#@..R....br3.CP.S4.$c.......................!1AQ.. 0aq.@P...."2...BRb..r...3`p.#Ss....................!1AQaq......... .................1.v.b..KY....r.Y.i..;.....)7.'.M.-..8a df-'......tS.g....T...B.C.i..&*..M.g.D..lKJ..4.U..;dw.C*.&jK.,v.C7P.-.UW..#V[..G.."GT...8|.V.C.F...J.....\.2.6(.K.x.e.SI....#m..UKM.....J..$..5M.349...'F@......j.T.%...efE......GW.J...&.tZ.e..T.7$.l....\%..g.Y.w...\..*..R.O2..eSU....IV..(Ul..|t...F.a..H!.W\.D..*..-.!.D....6k#.@.gP.e9Hi..q..n...]t...c0.F...HAV..M.B'l\.2.L.9VLIG.....C....7.6.rU...i.#7$.......,...M..,..QH.J.aB..R[4."..p.vV.......a.JYF.,.2y..)iU..'..N.y..#A....&.=.s.B...3

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy Birthday Peach\is-1UNEG.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9149
                                          Entropy (8bit):5.02280429381858
                                          Encrypted:false
                                          SSDEEP:192:WwbNJHkLIkLrXbNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:WwbNJHkLIkLrXbNJhkLpkL7kLuvyCjqb
                                          MD5:86BA851856BACA182F2B70F7D7A3A762
                                          SHA1:CA48A75BA1F74CC24A77A75F0E4F0E46EE0C9B81
                                          SHA-256:2C58AD095116093AE7E4AF57F935C13601679187847D41779FAF682F6FDD8E9A
                                          SHA-512:46FF417853932AAA76CFD7C5FB0CF726E50868304C3C64FACC814E2192685B3D6C2D591AC1B5215C56E7945393D2BF0668E281A361FCA254F569A954F8D2D065
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy Birthday Peach" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="3124193" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy New Year\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9143
                                          Entropy (8bit):5.02248083988759
                                          Encrypted:false
                                          SSDEEP:192:ZgNJHkLIkLrrNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:ZgNJHkLIkLrrNJhkLpkL7kLuvyCjqw6N
                                          MD5:7856F309E73FDBA2E0683C1FD4A41EC3
                                          SHA1:8CC67FDAA0693DBF5C87A97580797D2F61D5747A
                                          SHA-256:65185D6F83FEEE91DB7395C2DB9998C1837BAA1F4DC70019FE194810D6264686
                                          SHA-512:0A11E106EAA38D001B4D49593E1486D4AF5323E83316B62699E737DDB1BAC73A1BA77D7444A48411D5710E60B99939225B3A0F1A6748B996ECD177E54D6B4ED5
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy New Year" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="5667050" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......<Def

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy New Year\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2008:04:22 16:33:52], baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):136445
                                          Entropy (8bit):7.953685928529464
                                          Encrypted:false
                                          SSDEEP:3072:qFjE/2FjE/ZXmp1/37IEQvhH8IaUcvYmHG7ol56jFnjZujBm:Sg2gxmpF07EWVulm
                                          MD5:A825F92C6D36BB5993E24B9D43BCDFE7
                                          SHA1:0E465D7FFD2903D25A48E140D8CFE44336876D62
                                          SHA-256:2EED95EDA2E6D7C7922EB86B6FED804ACA134760FFF5AC9878277D213CB835A9
                                          SHA-512:F60F7C84461A9ABEFD06699B35BBB1E2FB8E9DACEEDBD0E5B97771534D993716E7822292DB1218AD45040A4A2BCB6F239917FB33EB96293E6F68E45451192FD8
                                          Malicious:false
                                          Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS3 Windows.2008:04:22 16:33:52...................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................x...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..q.k..;p...\a.....g..Z[.hU..^..2.....EQ..WF1"6]0..J.1-.... .J....[......G."....i:....(.E.K..Z....52.7....:.....t

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy New Year\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3777
                                          Entropy (8bit):7.823264641465962
                                          Encrypted:false
                                          SSDEEP:96:lF+rwbijvrOQgGEA4pATxfq8vy3pJYSnZf4N:O8bbQ6A4pABlsqop4N
                                          MD5:96ADAD2D9B9DB8D794F92E46D8D73D62
                                          SHA1:25A2D2778D1A8A49BD0F27D22518F78C273A15F1
                                          SHA-256:8C51782CB0DD2BC9122C4E7AE710B939A75EB56F239A4050EB6A518171E545AB
                                          SHA-512:2630D446971B1FF3D7749F038C1201AA31D921DF213E1D39BDA05018AC4CF89D7CC778A0415AB406BD7DC82BFCC41FE02C4677992F42A315A563CF248C5CB457
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............r..............................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."........................................................................................."#.!12B$.......................!1.A".a2QqB#........b...R.....................!1Aa..."2Qq..........B......................!1AQaq.........................:.".N->..X....9l51mUi.........O...n.9..<.o..NiU3...9...g.ei0h.{...EY._d.....=.?....5.-3`...;.[.1A........W..*.t.....Mo9.RE;erM.B.-..Ar..Aw..........(.......y....(..x..).y..1...%.g...3...=E......q..g..O....=.>./...............y.L).f....l.Kq.@>g1<J\\.......8._2,.[.m\.!"O............z..G.:.............`g"BsY..p....3..6...0.anM.;'F|......GU*.<...7...<._jp...W6..U|.....FH~....*.!.m...@x.u...L.-...]..f...18....6...n......mmy...........&.K.(d.....@-;....^.......V....mjv..(..P...2O..D....].N......T......=....l

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy New Year\Resources\is-FIF3J.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3777
                                          Entropy (8bit):7.823264641465962
                                          Encrypted:false
                                          SSDEEP:96:lF+rwbijvrOQgGEA4pATxfq8vy3pJYSnZf4N:O8bbQ6A4pABlsqop4N
                                          MD5:96ADAD2D9B9DB8D794F92E46D8D73D62
                                          SHA1:25A2D2778D1A8A49BD0F27D22518F78C273A15F1
                                          SHA-256:8C51782CB0DD2BC9122C4E7AE710B939A75EB56F239A4050EB6A518171E545AB
                                          SHA-512:2630D446971B1FF3D7749F038C1201AA31D921DF213E1D39BDA05018AC4CF89D7CC778A0415AB406BD7DC82BFCC41FE02C4677992F42A315A563CF248C5CB457
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............r..............................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."........................................................................................."#.!12B$.......................!1.A".a2QqB#........b...R.....................!1Aa..."2Qq..........B......................!1AQaq.........................:.".N->..X....9l51mUi.........O...n.9..<.o..NiU3...9...g.ei0h.{...EY._d.....=.?....5.-3`...;.[.1A........W..*.t.....Mo9.RE;erM.B.-..Ar..Aw..........(.......y....(..x..).y..1...%.g...3...=E......q..g..O....=.>./...............y.L).f....l.Kq.@>g1<J\\.......8._2,.[.m\.!"O............z..G.:.............`g"BsY..p....3..6...0.anM.;'F|......GU*.<...7...<._jp...W6..U|.....FH~....*.!.m...@x.u...L.-...]..f...18....6...n......mmy...........&.K.(d.....@-;....^.......V....mjv..(..P...2O..D....].N......T......=....l

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy New Year\Resources\is-MTUFV.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2008:04:22 16:33:52], baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):136445
                                          Entropy (8bit):7.953685928529464
                                          Encrypted:false
                                          SSDEEP:3072:qFjE/2FjE/ZXmp1/37IEQvhH8IaUcvYmHG7ol56jFnjZujBm:Sg2gxmpF07EWVulm
                                          MD5:A825F92C6D36BB5993E24B9D43BCDFE7
                                          SHA1:0E465D7FFD2903D25A48E140D8CFE44336876D62
                                          SHA-256:2EED95EDA2E6D7C7922EB86B6FED804ACA134760FFF5AC9878277D213CB835A9
                                          SHA-512:F60F7C84461A9ABEFD06699B35BBB1E2FB8E9DACEEDBD0E5B97771534D993716E7822292DB1218AD45040A4A2BCB6F239917FB33EB96293E6F68E45451192FD8
                                          Malicious:false
                                          Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS3 Windows.2008:04:22 16:33:52...................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................x...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..q.k..;p...\a.....g..Z[.hU..^..2.....EQ..WF1"6]0..J.1-.... .J....[......G."....i:....(.E.K..Z....52.7....:.....t

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Happy New Year\is-0ULBN.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9143
                                          Entropy (8bit):5.02248083988759
                                          Encrypted:false
                                          SSDEEP:192:ZgNJHkLIkLrrNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:ZgNJHkLIkLrrNJhkLpkL7kLuvyCjqw6N
                                          MD5:7856F309E73FDBA2E0683C1FD4A41EC3
                                          SHA1:8CC67FDAA0693DBF5C87A97580797D2F61D5747A
                                          SHA-256:65185D6F83FEEE91DB7395C2DB9998C1837BAA1F4DC70019FE194810D6264686
                                          SHA-512:0A11E106EAA38D001B4D49593E1486D4AF5323E83316B62699E737DDB1BAC73A1BA77D7444A48411D5710E60B99939225B3A0F1A6748B996ECD177E54D6B4ED5
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Happy New Year" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="5667050" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......<Def

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Heading North\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9142
                                          Entropy (8bit):5.0223225481462395
                                          Encrypted:false
                                          SSDEEP:192:ztNJHkLIkLrqNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:ztNJHkLIkLrqNJhkLpkL7kLuvyCjqw6N
                                          MD5:EC9009066A696C48EFE588F29432B33D
                                          SHA1:D3D516817DE86C7ED088BE3F8F4DB1B25665D335
                                          SHA-256:0F5BA9E300897D4C07076E9258D8811CDDBDCC13F65DD6AA7D66C7580FF87588
                                          SHA-512:97F58A653B859711E26917837C8175221F7418A4B97D74D096A666D08FE33594A2ABB1CC029C6CFEBC5541E43A80039351DFF955BA0C2FD633021C19068342F4
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Heading North" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="2707831" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......<Defa

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Heading North\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):74147
                                          Entropy (8bit):7.983368615750906
                                          Encrypted:false
                                          SSDEEP:1536:nP9xs3lPcdWoQ2U19Zlj6jPY6h1yzkNynxtOgUVqrM0dyBw:n41P1oQN1VsQ6h1yoNqxtBUcM0t
                                          MD5:7021A59BAB0C32248682A2A2A23A916A
                                          SHA1:A51D127CDABEDC31160379281392D9D1472987F0
                                          SHA-256:32D25635ECC67077A431B834EACC28F801BFC890946D4C7316DEA262BDE05994
                                          SHA-512:0E2E8E7493991A7E9A75E4ECCA6D43610A5D50BD4F7571ABCBCC935D68A26D5A6192E872AF144C94B76F6BB71D3AB01D89CB4E5CF1AE7165C5E664257380B451
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............J.......!.......................................................#"""#''''''''''..................................................!! !!''''''''''...........".....................................................................................!...1 A"2.0...@B#3P.$4.C.....................!.1A..Qaq...."...2B ..Rb#.r..3..0.C@P.Sc$4s.....%..T....................!1.. @Q0Aq...2P.a..."`...Rrp......................!1AQaq.......... 0...............J..B..A.B'.....3..c`@......p. .e6... S4.P.`....6...o.D...j.je......d...SAVk..%.........T;@.5l`....[..F.c^.)z..4..(.ug.....q.]y.......<t.[.0X....2.....d..1...}....&Q........)......m....1 r^..$..e#kk..\....2c)...-...&S.9A...oS+1)..f..u..S&...d..*..|.G.6.j.FE...U'\.6.r..N:...|4..X..Q9..Q...Bap...``..0...[..%.Q.^.c.NB....6C........L.bL.... ..p....LX .2...$.Z.....i.Nc .......[.NT.&!X.4..Z.h H\..5.7..(.q.fq.#4.f.........Z!e....591..NN0....6.y...1!dI..2....$4.c.NF..8

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Heading North\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3034
                                          Entropy (8bit):7.7628786897861985
                                          Encrypted:false
                                          SSDEEP:48:rAdMEqAKRTYfb277eHKkvvCWckHKnFCwZPKKcLWV0Dbd49dHvx7oXFgHkAJkZ:EdMRRzavCGHKnxZPVS69hvpo10kVZ
                                          MD5:9B56F0131FD51491A037C3A11F8AAA82
                                          SHA1:090E8445284AF008A4BA9ECD4EFCF08AA557D841
                                          SHA-256:1965ABAA35727B0F91650C2A158F995BE012DED34A81DA663C6067BFE4F919AE
                                          SHA-512:F9933ACF3EE4B2A031B4EA7947A77EDE3A56207A65E00F2CE85557C93F626ECADB7258ECD02C1F9DAA1B759F5A356042E14152E89FC3850DB3CFC1BAEAB11270
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!..".1#.$.....................!..1AQ"...aq.....2# ..B..3.Rbr.C4......................!1..Aq..Q.2a...3...................!.1AQa..q.......................u...A*.,E:...x.8Q....l...0M.U..$^...g.].^.QOf.u[....@.._..?,,..D?BG.XS..+A.....V..A.Sd4...q.......WZ#..|.+9...m........-@....z....B..............Z..v'.DU1.........=..T.......Jm.Q.1.`zS....lOf?...........c.E..uF9"+yt..i.&K...,;.0...[....Dq....<.Lo.................u.ts..`N.....b.._.J.X..cY>t.,.)..N...$.B.*..L.H..g-].Kd..M}. .5..(..&U.2.m.%.22..C.........k{Y...E...7v5.l...Ro;..n.b..Fs.}jm...t.y.G[.......nY_.....7...M."b|F....Yb...w..[wS..E;.GR....>U.Oy..7z...C2[.n........4yKQ'...E)... ......t"...cru..g.J....Q..h.{.......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Heading North\Resources\is-H40IE.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3034
                                          Entropy (8bit):7.7628786897861985
                                          Encrypted:false
                                          SSDEEP:48:rAdMEqAKRTYfb277eHKkvvCWckHKnFCwZPKKcLWV0Dbd49dHvx7oXFgHkAJkZ:EdMRRzavCGHKnxZPVS69hvpo10kVZ
                                          MD5:9B56F0131FD51491A037C3A11F8AAA82
                                          SHA1:090E8445284AF008A4BA9ECD4EFCF08AA557D841
                                          SHA-256:1965ABAA35727B0F91650C2A158F995BE012DED34A81DA663C6067BFE4F919AE
                                          SHA-512:F9933ACF3EE4B2A031B4EA7947A77EDE3A56207A65E00F2CE85557C93F626ECADB7258ECD02C1F9DAA1B759F5A356042E14152E89FC3850DB3CFC1BAEAB11270
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!..".1#.$.....................!..1AQ"...aq.....2# ..B..3.Rbr.C4......................!1..Aq..Q.2a...3...................!.1AQa..q.......................u...A*.,E:...x.8Q....l...0M.U..$^...g.].^.QOf.u[....@.._..?,,..D?BG.XS..+A.....V..A.Sd4...q.......WZ#..|.+9...m........-@....z....B..............Z..v'.DU1.........=..T.......Jm.Q.1.`zS....lOf?...........c.E..uF9"+yt..i.&K...,;.0...[....Dq....<.Lo.................u.ts..`N.....b.._.J.X..cY>t.,.)..N...$.B.*..L.H..g-].Kd..M}. .5..(..&U.2.m.%.22..C.........k{Y...E...7v5.l...Ro;..n.b..Fs.}jm...t.y.G[.......nY_.....7...M."b|F....Yb...w..[wS..E;.GR....>U.Oy..7z...C2[.n........4yKQ'...E)... ......t"...cru..g.J....Q..h.{.......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Heading North\Resources\is-TB3FJ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):74147
                                          Entropy (8bit):7.983368615750906
                                          Encrypted:false
                                          SSDEEP:1536:nP9xs3lPcdWoQ2U19Zlj6jPY6h1yzkNynxtOgUVqrM0dyBw:n41P1oQN1VsQ6h1yoNqxtBUcM0t
                                          MD5:7021A59BAB0C32248682A2A2A23A916A
                                          SHA1:A51D127CDABEDC31160379281392D9D1472987F0
                                          SHA-256:32D25635ECC67077A431B834EACC28F801BFC890946D4C7316DEA262BDE05994
                                          SHA-512:0E2E8E7493991A7E9A75E4ECCA6D43610A5D50BD4F7571ABCBCC935D68A26D5A6192E872AF144C94B76F6BB71D3AB01D89CB4E5CF1AE7165C5E664257380B451
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............J.......!.......................................................#"""#''''''''''..................................................!! !!''''''''''...........".....................................................................................!...1 A"2.0...@B#3P.$4.C.....................!.1A..Qaq...."...2B ..Rb#.r..3..0.C@P.Sc$4s.....%..T....................!1.. @Q0Aq...2P.a..."`...Rrp......................!1AQaq.......... 0...............J..B..A.B'.....3..c`@......p. .e6... S4.P.`....6...o.D...j.je......d...SAVk..%.........T;@.5l`....[..F.c^.)z..4..(.ug.....q.]y.......<t.[.0X....2.....d..1...}....&Q........)......m....1 r^..$..e#kk..\....2c)...-...&S.9A...oS+1)..f..u..S&...d..*..|.G.6.j.FE...U'\.6.r..N:...|4..X..Q9..Q...Bap...``..0...[..%.Q.^.c.NB....6C........L.bL.... ..p....LX .2...$.Z.....i.Nc .......[.NT.&!X.4..Z.h H\..5.7..(.q.fq.#4.f.........Z!e....591..NN0....6.y...1!dI..2....$4.c.NF..8

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Heading North\is-5NOSS.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9142
                                          Entropy (8bit):5.0223225481462395
                                          Encrypted:false
                                          SSDEEP:192:ztNJHkLIkLrqNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:ztNJHkLIkLrqNJhkLpkL7kLuvyCjqw6N
                                          MD5:EC9009066A696C48EFE588F29432B33D
                                          SHA1:D3D516817DE86C7ED088BE3F8F4DB1B25665D335
                                          SHA-256:0F5BA9E300897D4C07076E9258D8811CDDBDCC13F65DD6AA7D66C7580FF87588
                                          SHA-512:97F58A653B859711E26917837C8175221F7418A4B97D74D096A666D08FE33594A2ABB1CC029C6CFEBC5541E43A80039351DFF955BA0C2FD633021C19068342F4
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Heading North" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="2707831" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......<Defa

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\I Love You\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9148
                                          Entropy (8bit):5.02620565037857
                                          Encrypted:false
                                          SSDEEP:192:myNJ+skLFkLrNNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:myNJFkLFkLrNNJhkLpkL7kLuvyCjqw6N
                                          MD5:4EA7A5C311BC3BE772791882F216065A
                                          SHA1:3FFEA912F896C733BDFD2A9957584C13AA3C15BF
                                          SHA-256:CB6F32FE55554D91DF1044830CA8FDC09B0427D69E867A3FE5ED543E34A89CD7
                                          SHA-512:80200358B4BDBD94FBF96AD1FF8445E15AC71E102C3B75B07FF52892AD5761F36E38F5804714602320F8EBDCB28490E2005B600605E8041B46F3FE632D7B3F1D
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="I Love You" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="9416397" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\I Love You\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):25604
                                          Entropy (8bit):7.9687409022367595
                                          Encrypted:false
                                          SSDEEP:384:YNpd1Dy2Euxs/A1Z0CM4s2CPNMtn3PWeRkTY0bmjnrElqnxv0yfsaZkspUOWo2b6:YNP1RJI41C1FiLeqnROGa5Q
                                          MD5:6E4995C7B5A4EEF34DD46D170F565BA5
                                          SHA1:0E23EFFB089E6C2E1E6520E1E364C46312C2EFB4
                                          SHA-256:C167F4C927CA0077B2B3F0449380D48E760A19A7D27C5614B73A363E530D3DC7
                                          SHA-512:CE7FD016C61B122D71327BBE323766BEDF225C4E2D0769D70EA9DD3AACAA2DFCDDCF75DA5BAE5493D7E8B7373DB34E01DB0B7409FE6D9CB8F488999C75246ED1
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............$'..9...d.......................................................#"""#''''''''''..................................................!! !!''''''''''..........."...................................................................................... 1A@!..0..."PB..23.`#4$.....................!.1A.. Qa"..0@`q...2B..r#.P.Rb.3.CS..s$..c4.......................!1..A@Qq...2 Pa...".0...p.B.3....................!1A.Qq a.0@......P.................Mg_....@ .H.....>..s.7Y.Y%......i..k:.}9.&..lY.^q.....X...!`...."....^}9T.....g..=.}9,!.).A...t..6$..W)l..f..o..B.5..5.s.).d..6..7......,...A......yt/>.. .@......}).d..A...@t..6.9o...T.,K).o.6H..R.X.i.a7.d..5."..Y....A.....A.Z..r......Oa.o...XAH .H.M.rm,..*dVe..5.t.1..%.3....1....k6f....X....R....N.{%..A` ....~._.%... . .%7.....gVb.e.HX .i.:.Y`....:.........q.. . ... .......Nd.E...{.g\.RK.K(.).(@..m:J..e....,.e:.x5,H...gX...sH54#..........@...d.^].s.............rXA`R

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\I Love You\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2143
                                          Entropy (8bit):7.610348322688211
                                          Encrypted:false
                                          SSDEEP:48:pAOBCiDO6ofVXUu/zvgMnbrw4Y/erky3bxz6Jp0c03Y:6OTWfVEusMbc4Eeoobxz6JZ3
                                          MD5:312427C20B51994640D2C24A48DAE553
                                          SHA1:2A880AF196BC9AD3E33977EC62F22D3700479A20
                                          SHA-256:42BA75A9CF0282350729B34C2BECC2A51CD42C6D1B752C3727CC0AB397FB3010
                                          SHA-512:9980ADD3863A2C0758F3B18D287CDAAAA32EE4A48DF4B72C5D1094720DBC39B16396BA26D19D47B93045A46A89B4ED4DDC556F1D4EB9D338764ADB5A9A97AF98
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............P.......]......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".....................................................................................1!A.... 0"#3........................!1..A.aq."2BQ.... 0@...R#....................!1.. a.0..."AQq2......................!1AQaq........................#'..3....h"..".l.....E.h.....]fD...c..>.q.,5...u....Wl..T]..F...t..Y]tVy.>Km..>.QEV..W...7..M...|.4T.#...z..Y............h).......(. j(......t.U..GU..............9..u....-..bn.k...=....n.Dd.$:../.B...........E.~<..E.hk..7r.tS0.^H...j.)..w.%y5.....Q.....X...a......WlA`..Z8H"...1..Y..X..F...S."..\..n..[.o.2z....gs.&.J.7wm....<7]z.Bl...b..........o.\.)..H.....'=..7......%..........?..Ie\.(.>...V_nJE..d.%.........?...._..f.MYH. .z!p....:....Sg..(.....rC......(h..rya.........?..i..)Q{.R(....M?n.*Ft....U..+.J.....u.1

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\I Love You\Resources\is-5PA83.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):25604
                                          Entropy (8bit):7.9687409022367595
                                          Encrypted:false
                                          SSDEEP:384:YNpd1Dy2Euxs/A1Z0CM4s2CPNMtn3PWeRkTY0bmjnrElqnxv0yfsaZkspUOWo2b6:YNP1RJI41C1FiLeqnROGa5Q
                                          MD5:6E4995C7B5A4EEF34DD46D170F565BA5
                                          SHA1:0E23EFFB089E6C2E1E6520E1E364C46312C2EFB4
                                          SHA-256:C167F4C927CA0077B2B3F0449380D48E760A19A7D27C5614B73A363E530D3DC7
                                          SHA-512:CE7FD016C61B122D71327BBE323766BEDF225C4E2D0769D70EA9DD3AACAA2DFCDDCF75DA5BAE5493D7E8B7373DB34E01DB0B7409FE6D9CB8F488999C75246ED1
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............$'..9...d.......................................................#"""#''''''''''..................................................!! !!''''''''''..........."...................................................................................... 1A@!..0..."PB..23.`#4$.....................!.1A.. Qa"..0@`q...2B..r#.P.Rb.3.CS..s$..c4.......................!1..A@Qq...2 Pa...".0...p.B.3....................!1A.Qq a.0@......P.................Mg_....@ .H.....>..s.7Y.Y%......i..k:.}9.&..lY.^q.....X...!`...."....^}9T.....g..=.}9,!.).A...t..6$..W)l..f..o..B.5..5.s.).d..6..7......,...A......yt/>.. .@......}).d..A...@t..6.9o...T.,K).o.6H..R.X.i.a7.d..5."..Y....A.....A.Z..r......Oa.o...XAH .H.M.rm,..*dVe..5.t.1..%.3....1....k6f....X....R....N.{%..A` ....~._.%... . .%7.....gVb.e.HX .i.:.Y`....:.........q.. . ... .......Nd.E...{.g\.RK.K(.).(@..m:J..e....,.e:.x5,H...gX...sH54#..........@...d.^].s.............rXA`R

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\I Love You\Resources\is-PE3QK.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2143
                                          Entropy (8bit):7.610348322688211
                                          Encrypted:false
                                          SSDEEP:48:pAOBCiDO6ofVXUu/zvgMnbrw4Y/erky3bxz6Jp0c03Y:6OTWfVEusMbc4Eeoobxz6JZ3
                                          MD5:312427C20B51994640D2C24A48DAE553
                                          SHA1:2A880AF196BC9AD3E33977EC62F22D3700479A20
                                          SHA-256:42BA75A9CF0282350729B34C2BECC2A51CD42C6D1B752C3727CC0AB397FB3010
                                          SHA-512:9980ADD3863A2C0758F3B18D287CDAAAA32EE4A48DF4B72C5D1094720DBC39B16396BA26D19D47B93045A46A89B4ED4DDC556F1D4EB9D338764ADB5A9A97AF98
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............P.......]......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".....................................................................................1!A.... 0"#3........................!1..A.aq."2BQ.... 0@...R#....................!1.. a.0..."AQq2......................!1AQaq........................#'..3....h"..".l.....E.h.....]fD...c..>.q.,5...u....Wl..T]..F...t..Y]tVy.>Km..>.QEV..W...7..M...|.4T.#...z..Y............h).......(. j(......t.U..GU..............9..u....-..bn.k...=....n.Dd.$:../.B...........E.~<..E.hk..7r.tS0.^H...j.)..w.%y5.....Q.....X...a......WlA`..Z8H"...1..Y..X..F...S."..\..n..[.o.2z....gs.&.J.7wm....<7]z.Bl...b..........o.\.)..H.....'=..7......%..........?..Ie\.(.>...V_nJE..d.%.........?...._..f.MYH. .z!p....:....Sg..(.....rC......(h..rya.........?..i..)Q{.R(....M?n.*Ft....U..+.J.....u.1

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\I Love You\is-A72QR.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9148
                                          Entropy (8bit):5.02620565037857
                                          Encrypted:false
                                          SSDEEP:192:myNJ+skLFkLrNNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:myNJFkLFkLrNNJhkLpkL7kLuvyCjqw6N
                                          MD5:4EA7A5C311BC3BE772791882F216065A
                                          SHA1:3FFEA912F896C733BDFD2A9957584C13AA3C15BF
                                          SHA-256:CB6F32FE55554D91DF1044830CA8FDC09B0427D69E867A3FE5ED543E34A89CD7
                                          SHA-512:80200358B4BDBD94FBF96AD1FF8445E15AC71E102C3B75B07FF52892AD5761F36E38F5804714602320F8EBDCB28490E2005B600605E8041B46F3FE632D7B3F1D
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="I Love You" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="9416397" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Love\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9142
                                          Entropy (8bit):5.022539504777768
                                          Encrypted:false
                                          SSDEEP:192:8uNJ+skLFkLrBNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:8uNJFkLFkLrBNJhkLpkL7kLuvyCjqw6N
                                          MD5:896F1FD410C4DC2B798756770F455EF5
                                          SHA1:83372CE41210BB241FB2504C7C50C0AAB775DD48
                                          SHA-256:C43D6E2D03FB472CD641D2E540EC09A5DE27C083E40738D805CC36BDC44939D1
                                          SHA-512:FCE0BFF2E4B40D9A6EB3CA1C5BBB285F165C06BAB2C4550F47F6BD4CF336311631FDC5DA71C78194C39A76F3CD976E1E1CC600E4718211E170C44B5A50C68451
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Love" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="5263863" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<Defa

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Love\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):120902
                                          Entropy (8bit):7.979211087928318
                                          Encrypted:false
                                          SSDEEP:3072:L0GTIFJOw96tP2TpFw+u2UcsElW5ehTS4/g+lI2:L0GTIvOw96JqpKlKplW5iJ4+22
                                          MD5:234266E9155B2D31E38D5AE88CE427E1
                                          SHA1:5DF2FD849D7F269AED4C319FB4E3569E6EF856EB
                                          SHA-256:FBBB515DFE6CDB1F8D1212A4BA620B62AF740E9A9944B2ADFACC8127FEBCADF0
                                          SHA-512:7F6060EFB94AF51B4302B0C355433A4EBE3B8C2B8A288480FB2B161CF056A48D6FABA141198E5F3634D3AF74B201EF4D2EE181FBD94F09FCA22EADD7775C899C
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......c.....&Adobe.d...............@7..M........D........................................................................................................................................................................................................................................ .0A.@!1...P2".`#3.p.C$..................... .!1.0.Aaq..@Q......."rP2..BbR........#3.....................!0. @P`..p1AQq"...a2.......................!1A.Qaq.. ....0.@`Pp................/......:Sm@.D........ .....;.....j....@.............Q.....V..g.......(0...P.........j....... ... . ..H..$.H(..B... ./.....MX.....0..P.`.....Z.-...."...... ..".B.. .b...H.C....$..@`.n|..4.P@.0..h.v..y.J(j...b..........8f&.....@P[0.HTd.......B..D.i0..Y4CD..@4B..U.Y...T.4]R...$Am...V...n.=.sB6....@*!.)l..j.)/.._[.......d..f.......2..$.i.H..j..R&..(..{.I.B.)T..1.IDs/.:KO...).J#"B..T;..s....r.t...M\.)bV.,U..WN...qm...}?...x...8.o9WgL.0.=.d.ZfZ..5m..T.V.M.....N...\....7..5.=$...Y.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Love\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):1692
                                          Entropy (8bit):7.422251836488333
                                          Encrypted:false
                                          SSDEEP:24:mWAOjMx8L85KPQplAnekQdtMv4ToBioFW8IPPLRmmonVaxba6Zi6Bcd7udvxsXzq:bA7prHAnBQovw3PPLUal+6+dWsXjjb6
                                          MD5:40D9FDAEED37760FC76F0AE1F99C05CE
                                          SHA1:7A7EF41C0A3B6D8CF52947B7685771B4F8073F87
                                          SHA-256:9D55BE838334745A0C02D14ACC1805457C277E29394F3DE141D840AE4F73B2A5
                                          SHA-512:E50F244AFE565BFD5DFD593CBD60902EC7A4D36E632D8EFB3A0CB1D91739FCFE1A7D5DE79809198D38DD0D741752C03538FFFC1513D200032904966708E04461
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".................................................................................... !..1.0".2.......................!..1AQ" 0..#q...2R.a.r.3.....................!. ..AQ"0@1a....2....................!.1AQa...q....................k.............H. .v....g.K^~.....\>2R'..@ar+.a....N...a3........0t..........z`...F>9.x.@T.rW...2...?............D6.*.(...e.?..........}p...Q8r.VFV....d...4...$...=E............t..j..%,d.......x......#.....Le.......C.....;".r...e........u.....:\g...|....P.!+%)...T2d$...^....I.N$....:}.R.....{B9$i........?..........?.c.k}.GI....4Z.g../....1uL..._........?...o0c?.|.x.'.......^..4?...r.Xf.../.e..^'F..p.A.[...,..#"7b......v5p.+.yY.i=c.j.v*..%....mp]....MT.X...W..-.H.e. %V....x._.........$......+..V{O..d...'q..i?...1yW.H.2

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Love\Resources\is-BH2VS.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):1692
                                          Entropy (8bit):7.422251836488333
                                          Encrypted:false
                                          SSDEEP:24:mWAOjMx8L85KPQplAnekQdtMv4ToBioFW8IPPLRmmonVaxba6Zi6Bcd7udvxsXzq:bA7prHAnBQovw3PPLUal+6+dWsXjjb6
                                          MD5:40D9FDAEED37760FC76F0AE1F99C05CE
                                          SHA1:7A7EF41C0A3B6D8CF52947B7685771B4F8073F87
                                          SHA-256:9D55BE838334745A0C02D14ACC1805457C277E29394F3DE141D840AE4F73B2A5
                                          SHA-512:E50F244AFE565BFD5DFD593CBD60902EC7A4D36E632D8EFB3A0CB1D91739FCFE1A7D5DE79809198D38DD0D741752C03538FFFC1513D200032904966708E04461
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".................................................................................... !..1.0".2.......................!..1AQ" 0..#q...2R.a.r.3.....................!. ..AQ"0@1a....2....................!.1AQa...q....................k.............H. .v....g.K^~.....\>2R'..@ar+.a....N...a3........0t..........z`...F>9.x.@T.rW...2...?............D6.*.(...e.?..........}p...Q8r.VFV....d...4...$...=E............t..j..%,d.......x......#.....Le.......C.....;".r...e........u.....:\g...|....P.!+%)...T2d$...^....I.N$....:}.R.....{B9$i........?..........?.c.k}.GI....4Z.g../....1uL..._........?...o0c?.|.x.'.......^..4?...r.Xf.../.e..^'F..p.A.[...,..#"7b......v5p.+.yY.i=c.j.v*..%....mp]....MT.X...W..-.H.e. %V....x._.........$......+..V{O..d...'q..i?...1yW.H.2

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Love\Resources\is-M4B4J.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):120902
                                          Entropy (8bit):7.979211087928318
                                          Encrypted:false
                                          SSDEEP:3072:L0GTIFJOw96tP2TpFw+u2UcsElW5ehTS4/g+lI2:L0GTIvOw96JqpKlKplW5iJ4+22
                                          MD5:234266E9155B2D31E38D5AE88CE427E1
                                          SHA1:5DF2FD849D7F269AED4C319FB4E3569E6EF856EB
                                          SHA-256:FBBB515DFE6CDB1F8D1212A4BA620B62AF740E9A9944B2ADFACC8127FEBCADF0
                                          SHA-512:7F6060EFB94AF51B4302B0C355433A4EBE3B8C2B8A288480FB2B161CF056A48D6FABA141198E5F3634D3AF74B201EF4D2EE181FBD94F09FCA22EADD7775C899C
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......c.....&Adobe.d...............@7..M........D........................................................................................................................................................................................................................................ .0A.@!1...P2".`#3.p.C$..................... .!1.0.Aaq..@Q......."rP2..BbR........#3.....................!0. @P`..p1AQq"...a2.......................!1A.Qaq.. ....0.@`Pp................/......:Sm@.D........ .....;.....j....@.............Q.....V..g.......(0...P.........j....... ... . ..H..$.H(..B... ./.....MX.....0..P.`.....Z.-...."...... ..".B.. .b...H.C....$..@`.n|..4.P@.0..h.v..y.J(j...b..........8f&.....@P[0.HTd.......B..D.i0..Y4CD..@4B..U.Y...T.4]R...$Am...V...n.=.sB6....@*!.)l..j.)/.._[.......d..f.......2..$.i.H..j..R&..(..{.I.B.)T..1.IDs/.:KO...).J#"B..T;..s....r.t...M\.)bV.,U..WN...qm...}?...x...8.o9WgL.0.=.d.ZfZ..5m..T.V.M.....N...\....7..5.=$...Y.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Love\is-LEI8J.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9142
                                          Entropy (8bit):5.022539504777768
                                          Encrypted:false
                                          SSDEEP:192:8uNJ+skLFkLrBNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:8uNJFkLFkLrBNJhkLpkL7kLuvyCjqw6N
                                          MD5:896F1FD410C4DC2B798756770F455EF5
                                          SHA1:83372CE41210BB241FB2504C7C50C0AAB775DD48
                                          SHA-256:C43D6E2D03FB472CD641D2E540EC09A5DE27C083E40738D805CC36BDC44939D1
                                          SHA-512:FCE0BFF2E4B40D9A6EB3CA1C5BBB285F165C06BAB2C4550F47F6BD4CF336311631FDC5DA71C78194C39A76F3CD976E1E1CC600E4718211E170C44B5A50C68451
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Love" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="5263863" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<Defa

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Merry Christmas\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9146
                                          Entropy (8bit):5.021589656756438
                                          Encrypted:false
                                          SSDEEP:192:v0NJZkLkkLrfNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:v0NJZkLkkLrfNJhkLpkL7kLuvyCjqw6N
                                          MD5:0411C74926FC4E7568200426D464C639
                                          SHA1:04DD4CBB76D3AC719BD9ED1CD9897DCD8A68A9C4
                                          SHA-256:B80E9E0BCF40B85FB9E20C2F2BABC8EE40AEC64F247F0D93A3F14E74F4E4FA11
                                          SHA-512:3E90F81CA18AC89B82D9515D9D994A9E9F09F200071982BCE55AE9B7229F03229E3E3A6029170F955E6D727DBAA3C2B84DBBDB0B6F9E958A47CC3FBD3422565F
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Merry Christmas" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="5672180" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="380" y1="130" x2="650" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="380" y1="250" x2="650" y2="350"/>......<States>.......<

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Merry Christmas\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):49422
                                          Entropy (8bit):7.981859036296241
                                          Encrypted:false
                                          SSDEEP:1536:Cem17ivnts3T7JO5sz5rD4xxFPAhKHSe/fXbrzfEXT1n:Ce47Ents3T76kdD8PwKHPb0D1n
                                          MD5:02A124636CE307179426C72C767D0472
                                          SHA1:8B70BC726279A8E09456163DFC08FA5AA95D11DC
                                          SHA-256:262FB67A501FA02B08C60F4788E0B8CA377D78A2E1EA173951A581C226ED3469
                                          SHA-512:092E9A453832C580B0D4BCE3460E00619196E792573004C6C74C7B26875450CC4FA59F8B6B084B1D95725AC8A82984FD226AE4B4908872E1DF61ABDD2EC1ED57
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............A;..n...........................................................#"""#''''''''''..................................................!! !!''''''''''..........."......................................................................................!. 1..0@A".2.#3.PB$4.......................!1..AQa".. 0q2@...BR...br#3...P.CS$....4..cs.....................!..P1AQa. q.".0....2@...R`.B.b#r.......................!1A.Qa q....0.....@.................. dA.r.ae-4&.a.....:.P...O...n......;n.V..>y..]-....ti.].?Yd..hNv.c..@.h...H........HC..Y..E"rQ)1HE.\.;-.w.4..%.......r....7....GE.l.,d.)V.d.4.Epf...J.wk.C.@.......S.;...J:l......H.......WB..R.f^..L..r....I. .....T.....4!.j.....D.&.....l:G?t..2.{..@.YM5;.T..D....K...&.9.X)BLx..g9...@IE.....N..r.<.zr.....>z..zsq.t5.~.......~''.9......x..Q..<_?gO.Z.fr:.*..2HiM..&..4.J.mU....!.o.*...mW....W.k......$......V....n.t...kF...Bqt.k..Mf.....n.&...%bt"4.._YC&..b..m...x..'b.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Merry Christmas\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3055
                                          Entropy (8bit):7.753383360717326
                                          Encrypted:false
                                          SSDEEP:48:SAMcksnUOuld08QxvVLnxpzfI2pmQk2TGK+ug2yx72uWcr99aT+fgwIYi7iC:FvkGsB+LxpvgQmLug2Mh39IDwqF
                                          MD5:0C9B4AA63F8C88C7F17B7FB9E055DF83
                                          SHA1:75AF73E4474027756803ACA1DED4F75CEB762A78
                                          SHA-256:7A634BB263A88BFD23D816931485A4E62B6E1A9B9B38A8EA63E6F0FEC4110EC8
                                          SHA-512:4FCACA1C45B72F9579E9F6BC8EB71CF70817EB0C542181672A1E6FD2A421332B70BCE62EE3326C0B0B0379E717A94CF661722303C1341ED951305F6345418B90
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!"1.B#......................!..1AQ".q.a...2B#...R...3CS....................!1.. AQaq..."...2....................!.1AQaq...........................CV..%.%>..v7.......n.....Hn..~RI..^.....1jy....s..B.gMK79_...KWL.F.p..92:MI\g.G..L.r...B.Ae..;2`.4.w.f>.X..I..I+..Bo..A...n.K..............x."`..!......d...z.+..9....o..|...........-?_Y...33..[Z...X.k.:?5...^'.l.?...C.Z...yNPC+...s.#O..........6K0C.Yo.z..1.BG/..9.p.....u.[:=q[..N.K......-.En0X.3)....]N....[.....dto[T.b....l4.":*W..].V...5`#.2}%{.~.m.JZ.Fv..X..gYb.tZ.B.?........Z.l.Q..vgF.~&q...6..U........u[.Y.-3Ca4vm..W..l...f.g.@.O.0.PfP..I$.j,...:......G..A...u5h......v..W.... .Y.......+..........?....H.s..Q...EqZ..7..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Merry Christmas\Resources\is-EVB2K.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3055
                                          Entropy (8bit):7.753383360717326
                                          Encrypted:false
                                          SSDEEP:48:SAMcksnUOuld08QxvVLnxpzfI2pmQk2TGK+ug2yx72uWcr99aT+fgwIYi7iC:FvkGsB+LxpvgQmLug2Mh39IDwqF
                                          MD5:0C9B4AA63F8C88C7F17B7FB9E055DF83
                                          SHA1:75AF73E4474027756803ACA1DED4F75CEB762A78
                                          SHA-256:7A634BB263A88BFD23D816931485A4E62B6E1A9B9B38A8EA63E6F0FEC4110EC8
                                          SHA-512:4FCACA1C45B72F9579E9F6BC8EB71CF70817EB0C542181672A1E6FD2A421332B70BCE62EE3326C0B0B0379E717A94CF661722303C1341ED951305F6345418B90
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!"1.B#......................!..1AQ".q.a...2B#...R...3CS....................!1.. AQaq..."...2....................!.1AQaq...........................CV..%.%>..v7.......n.....Hn..~RI..^.....1jy....s..B.gMK79_...KWL.F.p..92:MI\g.G..L.r...B.Ae..;2`.4.w.f>.X..I..I+..Bo..A...n.K..............x."`..!......d...z.+..9....o..|...........-?_Y...33..[Z...X.k.:?5...^'.l.?...C.Z...yNPC+...s.#O..........6K0C.Yo.z..1.BG/..9.p.....u.[:=q[..N.K......-.En0X.3)....]N....[.....dto[T.b....l4.":*W..].V...5`#.2}%{.~.m.JZ.Fv..X..gYb.tZ.B.?........Z.l.Q..vgF.~&q...6..U........u[.Y.-3Ca4vm..W..l...f.g.@.O.0.PfP..I$.j,...:......G..A...u5h......v..W.... .Y.......+..........?....H.s..Q...EqZ..7..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Merry Christmas\Resources\is-URLP6.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):49422
                                          Entropy (8bit):7.981859036296241
                                          Encrypted:false
                                          SSDEEP:1536:Cem17ivnts3T7JO5sz5rD4xxFPAhKHSe/fXbrzfEXT1n:Ce47Ents3T76kdD8PwKHPb0D1n
                                          MD5:02A124636CE307179426C72C767D0472
                                          SHA1:8B70BC726279A8E09456163DFC08FA5AA95D11DC
                                          SHA-256:262FB67A501FA02B08C60F4788E0B8CA377D78A2E1EA173951A581C226ED3469
                                          SHA-512:092E9A453832C580B0D4BCE3460E00619196E792573004C6C74C7B26875450CC4FA59F8B6B084B1D95725AC8A82984FD226AE4B4908872E1DF61ABDD2EC1ED57
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............A;..n...........................................................#"""#''''''''''..................................................!! !!''''''''''..........."......................................................................................!. 1..0@A".2.#3.PB$4.......................!1..AQa".. 0q2@...BR...br#3...P.CS$....4..cs.....................!..P1AQa. q.".0....2@...R`.B.b#r.......................!1A.Qa q....0.....@.................. dA.r.ae-4&.a.....:.P...O...n......;n.V..>y..]-....ti.].?Yd..hNv.c..@.h...H........HC..Y..E"rQ)1HE.\.;-.w.4..%.......r....7....GE.l.,d.)V.d.4.Epf...J.wk.C.@.......S.;...J:l......H.......WB..R.f^..L..r....I. .....T.....4!.j.....D.&.....l:G?t..2.{..@.YM5;.T..D....K...&.9.X)BLx..g9...@IE.....N..r.<.zr.....>z..zsq.t5.~.......~''.9......x..Q..<_?gO.Z.fr:.*..2HiM..&..4.J.mU....!.o.*...mW....W.k......$......V....n.t...kF...Bqt.k..Mf.....n.&...%bt"4.._YC&..b..m...x..'b.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Merry Christmas\is-F7BKI.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9146
                                          Entropy (8bit):5.021589656756438
                                          Encrypted:false
                                          SSDEEP:192:v0NJZkLkkLrfNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:v0NJZkLkkLrfNJhkLpkL7kLuvyCjqw6N
                                          MD5:0411C74926FC4E7568200426D464C639
                                          SHA1:04DD4CBB76D3AC719BD9ED1CD9897DCD8A68A9C4
                                          SHA-256:B80E9E0BCF40B85FB9E20C2F2BABC8EE40AEC64F247F0D93A3F14E74F4E4FA11
                                          SHA-512:3E90F81CA18AC89B82D9515D9D994A9E9F09F200071982BCE55AE9B7229F03229E3E3A6029170F955E6D727DBAA3C2B84DBBDB0B6F9E958A47CC3FBD3422565F
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Merry Christmas" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="5672180" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="380" y1="130" x2="650" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="380" y1="250" x2="650" y2="350"/>......<States>.......<

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Newborn Boy\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9149
                                          Entropy (8bit):5.024110120687155
                                          Encrypted:false
                                          SSDEEP:192:BtNJ+skLFkLryNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:BtNJFkLFkLryNJhkLpkL7kLuvyCjqw6N
                                          MD5:4A5828FCA4ED65367A11FD6FF3A1E044
                                          SHA1:A0B4BF9779D206E358D01946DCF324FA13BE30BF
                                          SHA-256:06D9F84261F3126C124A666607741F678B42599641780BD2A529167D886CB063
                                          SHA-512:78FDBF55F2E65CD7541F5676DBB6BEAFDFFFA31A74218180C9A6ACDCEE096D0476B870F7624EBC1A5FBC382C89E2BD30FAE8E0D885FBDB4AFBBFA479D6D17039
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Newborn Boy" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="9588534" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Newborn Boy\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):143630
                                          Entropy (8bit):7.977866746888069
                                          Encrypted:false
                                          SSDEEP:3072:62/8L2Y6ueJKjhQhMT5cEdt4ySTZQx2GJ4AEN:62kL2YyIh4M9cEdt4l9I4Aa
                                          MD5:5817F6870889AD06173128E3ED0C6604
                                          SHA1:BF95C20CAEE1B391F45226BE70DA7EC3675CC8E5
                                          SHA-256:D4F04BFD6EE3482C413845CF9444FDC273290D9EB40593EDC1739F552F74BEDB
                                          SHA-512:AABAC4D4C7F6DDAF4ADD160BEA460193855B6EC8B2056BB2A505901D07A8975CEABDB8A129FFE64F25E862DCA31FCBECBC6AD91D8F18DF2D0ECF4A9B668DD64B
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......`.....&Adobe.d...............x....u..x...1.............................................................................................................................................................'................................................................................. ..0!1.P"3..@2#.A4C$6`B%5........................!.1"..AQ2.aq.B#3.. 0..R..P..r....$..5..b..CS..4.@.`..csD.%...u......................!1...AQ" @P`aq.2.0..#....BR.b3.p.r.$....................!1AQa..q. 0.....P..@................`.l...v......u6s...A.......!...[].Lmmvs....................o5.*Sn.,a....=...S....-.J..#.0..).0......x.e..^.f....H.Y9..0Yc.;TP..g..u6=.NU.....>.=VF....0.d.tK1.ar..J.f.-..~...k.o.Y>k...=.0Yb..o5.9..Y.......5...;b.....<g..v2.<.....k.U..y.....w...{9.k\....M..2<.............D.U._P.....#Kk.6)..M.&....,.....m.:..o..>...K....\.~.3.......!)..v,3...v....:3Wcn.!....<k_.a..N..1%.i6`..J.4f+........b.(..#.k.....M....=.t+k..Y.z...OuP

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Newborn Boy\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3241
                                          Entropy (8bit):7.763334225791224
                                          Encrypted:false
                                          SSDEEP:96:qzRqsQgc2KbGJ5IlOrbL7k+P5XLqHCIfKu:WgsQgc2qGLIYrASXLqHffKu
                                          MD5:55FBAEA03CC9F857D062FC065F5CC48F
                                          SHA1:84EA0159999884BDF6C6EEEC652243B9DE1911D7
                                          SHA-256:E1C8BF08E295F0C53A877F463A16EBA32BF2EB488BE64E5890D2196B4EB3CF38
                                          SHA-512:057625E6786E8A4AC3EE9ACF6611792C01D74178DD72381F2A23C84BCC96C83F35A2B8DC68D7647568D9AEF25118C8C0323E043C8A6337A7B5767603E1DA25A4
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................g..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................! 1.".......................!1A"..Qaq2..B..... ...r.#3C......................!.1A.2 Qaq........."#....................!.1AaQ.q........................}o.Rf.5EgrD-7.W...u9:l.j..x..'8.Z..6-..]..m.....J.[C%..&.@)k..N..B..me@`..7..Opv...yYNR...<..8j3....{k.~.]"..I...$.<...A............x...zNc....e.9^|..#`....}N..l..._..../..<................g.....y. '..W,x.....3.....r...B....<.ow..............;Y..........0^Lo:.\..Y0.<.W..m....u.M....D.|Q..b......Y.d*.......Hmb..58..8..D6`.~L@....|..5Y6Ys4..`.g.^.Td.........6.......\D.F.....u..#w.z6........C.-Ae..T..*[....C+V9D'...U...9.hj.......W;....S.+.4i...g.......6.C._['.N.8..r..@...`..L3........)...9....1..V...W.....Q........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Newborn Boy\Resources\is-I7N94.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):143630
                                          Entropy (8bit):7.977866746888069
                                          Encrypted:false
                                          SSDEEP:3072:62/8L2Y6ueJKjhQhMT5cEdt4ySTZQx2GJ4AEN:62kL2YyIh4M9cEdt4l9I4Aa
                                          MD5:5817F6870889AD06173128E3ED0C6604
                                          SHA1:BF95C20CAEE1B391F45226BE70DA7EC3675CC8E5
                                          SHA-256:D4F04BFD6EE3482C413845CF9444FDC273290D9EB40593EDC1739F552F74BEDB
                                          SHA-512:AABAC4D4C7F6DDAF4ADD160BEA460193855B6EC8B2056BB2A505901D07A8975CEABDB8A129FFE64F25E862DCA31FCBECBC6AD91D8F18DF2D0ECF4A9B668DD64B
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......`.....&Adobe.d...............x....u..x...1.............................................................................................................................................................'................................................................................. ..0!1.P"3..@2#.A4C$6`B%5........................!.1"..AQ2.aq.B#3.. 0..R..P..r....$..5..b..CS..4.@.`..csD.%...u......................!1...AQ" @P`aq.2.0..#....BR.b3.p.r.$....................!1AQa..q. 0.....P..@................`.l...v......u6s...A.......!...[].Lmmvs....................o5.*Sn.,a....=...S....-.J..#.0..).0......x.e..^.f....H.Y9..0Yc.;TP..g..u6=.NU.....>.=VF....0.d.tK1.ar..J.f.-..~...k.o.Y>k...=.0Yb..o5.9..Y.......5...;b.....<g..v2.<.....k.U..y.....w...{9.k\....M..2<.............D.U._P.....#Kk.6)..M.&....,.....m.:..o..>...K....\.~.3.......!)..v,3...v....:3Wcn.!....<k_.a..N..1%.i6`..J.4f+........b.(..#.k.....M....=.t+k..Y.z...OuP

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Newborn Boy\Resources\is-J3GV0.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3241
                                          Entropy (8bit):7.763334225791224
                                          Encrypted:false
                                          SSDEEP:96:qzRqsQgc2KbGJ5IlOrbL7k+P5XLqHCIfKu:WgsQgc2qGLIYrASXLqHffKu
                                          MD5:55FBAEA03CC9F857D062FC065F5CC48F
                                          SHA1:84EA0159999884BDF6C6EEEC652243B9DE1911D7
                                          SHA-256:E1C8BF08E295F0C53A877F463A16EBA32BF2EB488BE64E5890D2196B4EB3CF38
                                          SHA-512:057625E6786E8A4AC3EE9ACF6611792C01D74178DD72381F2A23C84BCC96C83F35A2B8DC68D7647568D9AEF25118C8C0323E043C8A6337A7B5767603E1DA25A4
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................g..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................! 1.".......................!1A"..Qaq2..B..... ...r.#3C......................!.1A.2 Qaq........."#....................!.1AaQ.q........................}o.Rf.5EgrD-7.W...u9:l.j..x..'8.Z..6-..]..m.....J.[C%..&.@)k..N..B..me@`..7..Opv...yYNR...<..8j3....{k.~.]"..I...$.<...A............x...zNc....e.9^|..#`....}N..l..._..../..<................g.....y. '..W,x.....3.....r...B....<.ow..............;Y..........0^Lo:.\..Y0.<.W..m....u.M....D.|Q..b......Y.d*.......Hmb..58..8..D6`.~L@....|..5Y6Ys4..`.g.^.Td.........6.......\D.F.....u..#w.z6........C.-Ae..T..*[....C+V9D'...U...9.hj.......W;....S.+.4i...g.......6.C._['.N.8..r..@...`..L3........)...9....1..V...W.....Q........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Newborn Boy\is-22AD0.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9149
                                          Entropy (8bit):5.024110120687155
                                          Encrypted:false
                                          SSDEEP:192:BtNJ+skLFkLryNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:BtNJFkLFkLryNJhkLpkL7kLuvyCjqw6N
                                          MD5:4A5828FCA4ED65367A11FD6FF3A1E044
                                          SHA1:A0B4BF9779D206E358D01946DCF324FA13BE30BF
                                          SHA-256:06D9F84261F3126C124A666607741F678B42599641780BD2A529167D886CB063
                                          SHA-512:78FDBF55F2E65CD7541F5676DBB6BEAFDFFFA31A74218180C9A6ACDCEE096D0476B870F7624EBC1A5FBC382C89E2BD30FAE8E0D885FBDB4AFBBFA479D6D17039
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Newborn Boy" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="9588534" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Newborn Girl\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9150
                                          Entropy (8bit):5.022638976003131
                                          Encrypted:false
                                          SSDEEP:192:lLNJ+skLFkLrQNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:lLNJFkLFkLrQNJhkLpkL7kLuvyCjqw6N
                                          MD5:3574E11236AF70816BFAF024C67859F3
                                          SHA1:8FFF26A93CDA1603716900F9C60C480C7992927F
                                          SHA-256:9C2396F95A76806763DF49250F1A81301C3CAA347BDDEAB0253EE82C5CBFB904
                                          SHA-512:99EE2F97DDA2D196B1E93B3BC454721CC6DF8BCE28D100DB0852B2479FCD424CFB9FE62B185EEA17E127CFCF484872EE460BC6BB9909A2B0B2C640BCC082E3AF
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Newborn Girl" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="5511581" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Newborn Girl\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):103033
                                          Entropy (8bit):7.9591670688797915
                                          Encrypted:false
                                          SSDEEP:1536:ot4dEIcE8uofc1vw7hBlHo////HTDkt4r+byE49/4Pmu69rU9UdatbilykO:oMuuoUJOBlHQTDXyW9/jSUgWykO
                                          MD5:A67ECE067AB2989CDBC4472FE03817A8
                                          SHA1:25E5833AA5BB56053BBDAC762A762E02CB4BE7FA
                                          SHA-256:244DD63FC3E7610D3BC0F5F118AAFA790503DE7A140FE2DDC3746437AC3D7198
                                          SHA-512:3546E3897B800251361133FA478163284F7544CAC2B815959128E65F33F675E3863061407A38E1E054A5C7EC20118CA72B2F5493DACAB31FB8BCCC5BBE8ED385
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......d.....&Adobe.d...............W....J...u...w............................................................................................................................................................1................................................................................... 0..!12.P`45.@"36.AB#.$......................!..1A...Qaq"2 ..BR#3..4.0......5.P`..br......@..CS$...s.c.%...ED.eu......................!1. A....0@`a.."2PQ..qb...BR.#.$.p.r3C...s....................!1A.Qaq ....0.....P@`...............o..b............'...i/CF....:3..5u..k.}l. .........Sx...U.....g...,\|.....L.....+H......i..5...?...@.}...~..9S\k..........xy......j.d...J..+.3<..k....>../-s...+.L..0]=&....m.|w/..y..E.......f.|..u..]^.K....~{......t.....v}....G..5..zt.Iy9}.G%{.@...{O..|.4....~{....u....[P...>O_.E...[W.....b:g.....wmE...o.......:.?C@..^.7O....}]...d...p....{........f.5..S....m.<2.U.ss.>..#G@..+.[.....<....w.c..6..V.....").. .......f.yW.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Newborn Girl\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2732
                                          Entropy (8bit):7.722573024580177
                                          Encrypted:false
                                          SSDEEP:48:7AftNXsjx51VvZvs041gE4JheTRrLkgWQCShNcbSECqXE:U3O51Vvmn2hYRPkjyNcbDXE
                                          MD5:98F8989F96899EF567D8BFCAE2D4E854
                                          SHA1:B6B350EBD2D88FA07C582249ED3D5C14E77784FC
                                          SHA-256:F3992041088CE27136C3488242818D021B0E6B0098118AE052B1B3734A168913
                                          SHA-512:3E977B50855AD10ACC1DD51AD52701B35D85710D04E5299519D3216AA66B26215669741EAB47C32C68F2F293423F16DD693AF0FE79E9CEAE000E628EFE2A48AF
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................#..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!.. 10"24.....................!..1A"..Qaq...2B. ..3..#RCs$.....................!A..1.a."2 0@.Qq........................!1AQa..q.... .................[...~.m....Z.G. ....aKel..B....N51..C]..3k]9..y_..?.].g.....U&*.....[.M{.|.'...`.....H0.5...h..n.'..r"zd..$,.H.d............K..g?...s..=..............u)..B...k.-M.....%D.#..5+X@*!....j...Fv..e...................`.....eZ..TCh....dUm]..i2[.B..;.e!....L..g..>F..4..|....L..B......58.K...q8.P....<.....}...n..9.~...(.....>.}g?..........YXf!k..(.ZO.5.M....k ].$.P[..u.s.^z#......`..T.g2....s..Z<.a.....-..(.(j...g.....l.61F9A..^.g=..i.oA~...+C\I@..#.jE..B...%cTA........?..S%...........?.(P.B....%]..v..c-v..R...r.yg2.^I..GK..+.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Newborn Girl\Resources\is-9S882.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2732
                                          Entropy (8bit):7.722573024580177
                                          Encrypted:false
                                          SSDEEP:48:7AftNXsjx51VvZvs041gE4JheTRrLkgWQCShNcbSECqXE:U3O51Vvmn2hYRPkjyNcbDXE
                                          MD5:98F8989F96899EF567D8BFCAE2D4E854
                                          SHA1:B6B350EBD2D88FA07C582249ED3D5C14E77784FC
                                          SHA-256:F3992041088CE27136C3488242818D021B0E6B0098118AE052B1B3734A168913
                                          SHA-512:3E977B50855AD10ACC1DD51AD52701B35D85710D04E5299519D3216AA66B26215669741EAB47C32C68F2F293423F16DD693AF0FE79E9CEAE000E628EFE2A48AF
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................#..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!.. 10"24.....................!..1A"..Qaq...2B. ..3..#RCs$.....................!A..1.a."2 0@.Qq........................!1AQa..q.... .................[...~.m....Z.G. ....aKel..B....N51..C]..3k]9..y_..?.].g.....U&*.....[.M{.|.'...`.....H0.5...h..n.'..r"zd..$,.H.d............K..g?...s..=..............u)..B...k.-M.....%D.#..5+X@*!....j...Fv..e...................`.....eZ..TCh....dUm]..i2[.B..;.e!....L..g..>F..4..|....L..B......58.K...q8.P....<.....}...n..9.~...(.....>.}g?..........YXf!k..(.ZO.5.M....k ].$.P[..u.s.^z#......`..T.g2....s..Z<.a.....-..(.(j...g.....l.61F9A..^.g=..i.oA~...+C\I@..#.jE..B...%cTA........?..S%...........?.(P.B....%]..v..c-v..R...r.yg2.^I..GK..+.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Newborn Girl\Resources\is-F52C6.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):103033
                                          Entropy (8bit):7.9591670688797915
                                          Encrypted:false
                                          SSDEEP:1536:ot4dEIcE8uofc1vw7hBlHo////HTDkt4r+byE49/4Pmu69rU9UdatbilykO:oMuuoUJOBlHQTDXyW9/jSUgWykO
                                          MD5:A67ECE067AB2989CDBC4472FE03817A8
                                          SHA1:25E5833AA5BB56053BBDAC762A762E02CB4BE7FA
                                          SHA-256:244DD63FC3E7610D3BC0F5F118AAFA790503DE7A140FE2DDC3746437AC3D7198
                                          SHA-512:3546E3897B800251361133FA478163284F7544CAC2B815959128E65F33F675E3863061407A38E1E054A5C7EC20118CA72B2F5493DACAB31FB8BCCC5BBE8ED385
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......d.....&Adobe.d...............W....J...u...w............................................................................................................................................................1................................................................................... 0..!12.P`45.@"36.AB#.$......................!..1A...Qaq"2 ..BR#3..4.0......5.P`..br......@..CS$...s.c.%...ED.eu......................!1. A....0@`a.."2PQ..qb...BR.#.$.p.r3C...s....................!1A.Qaq ....0.....P@`...............o..b............'...i/CF....:3..5u..k.}l. .........Sx...U.....g...,\|.....L.....+H......i..5...?...@.}...~..9S\k..........xy......j.d...J..+.3<..k....>../-s...+.L..0]=&....m.|w/..y..E.......f.|..u..]^.K....~{......t.....v}....G..5..zt.Iy9}.G%{.@...{O..|.4....~{....u....[P...>O_.E...[W.....b:g.....wmE...o.......:.?C@..^.7O....}]...d...p....{........f.5..S....m.<2.U.ss.>..#G@..+.[.....<....w.c..6..V.....").. .......f.yW.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Newborn Girl\is-U3NQL.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9150
                                          Entropy (8bit):5.022638976003131
                                          Encrypted:false
                                          SSDEEP:192:lLNJ+skLFkLrQNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:lLNJFkLFkLrQNJhkLpkL7kLuvyCjqw6N
                                          MD5:3574E11236AF70816BFAF024C67859F3
                                          SHA1:8FFF26A93CDA1603716900F9C60C480C7992927F
                                          SHA-256:9C2396F95A76806763DF49250F1A81301C3CAA347BDDEAB0253EE82C5CBFB904
                                          SHA-512:99EE2F97DDA2D196B1E93B3BC454721CC6DF8BCE28D100DB0852B2479FCD424CFB9FE62B185EEA17E127CFCF484872EE460BC6BB9909A2B0B2C640BCC082E3AF
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Newborn Girl" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="5511581" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Ocean\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9143
                                          Entropy (8bit):5.023058477109346
                                          Encrypted:false
                                          SSDEEP:192:0ThNJ+skLFkLrIhNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:0ThNJFkLFkLrIhNJhkLpkL7kLuvyCjqb
                                          MD5:DA1B48C56B7F019C389CEDF8C12C4E50
                                          SHA1:50288F0A7A33D378D08922090A178E3D7A33AED1
                                          SHA-256:8F32ACD84DBA6519DD09D8A733F5B41957DF980BE5C08AED59CA6EC14A18D168
                                          SHA-512:81720ECCDFBD449967D7A33ABEF2F1F2994092092E13FB9EE60EA2BA7D6465EF6DEEA90D669CF24681CACDCC987DDABA27A1769008C3FA9DED8E9C1235165724
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Ocean" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="7298374" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<Def

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Ocean\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):59813
                                          Entropy (8bit):7.98121954203813
                                          Encrypted:false
                                          SSDEEP:1536:18+XypsQyITZiPJJW1oKy+aIJ3EGefA8B/CnNGm6BMHku4mhWIOT26:s2QyITZiXBK8IJU5BMHku4mMX
                                          MD5:280B6BC8A2099E65448B28B5FB9D632E
                                          SHA1:EF04BFB3FA10C18409D452FDED1F51C93CA31230
                                          SHA-256:38A8459C5746737BBF6BA3AF68E26228457BE413C9D9C65D642EE17685336A1C
                                          SHA-512:AEEC3331B5D75E3F48D6313D205DA8CB96554B1F3A148C71247567D0ADCE52DFF3D9E766D0F328C36726F0399A715AD15F27CD759946EAEB0B2CAC74A8A60BF7
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............N..............................................................#"""#''''''''''..................................................!! !!''''''''''..........."......................................................................................!... 1"0A..@2#3$..`.B.....................!..1AQa"q2.......B# ..Rb0@..3.P.r.C.$.....`..Sc4....................!.1 AQ.0@aq...".P..2...#....................!1AQa.q. .....0...@P`................./...P......P......@....Q...D.......Q..$P.@...@.b. ..@..EA..".... ......1................P..D.*.*.Q....@Q..B..@F....".........0. .......T`..(........ ........DT....@.P....E@.......P.@:.....@....... 0.....PA(..0E....1..@.. ..."."..*..6........"....(.....@..H.....;.!....P...@.P..A.`..@.@...........Q.T..@..@.....X.!..T...........D . .@...*0@b..EF..".]*..@.A...H.(....(......A(..@..Q...T........4....P....@.@.@T... & .T....@.....9T.........A$P...*..A......DQ...P...H............ ......... %@`....*6

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Ocean\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3314
                                          Entropy (8bit):7.794112775105214
                                          Encrypted:false
                                          SSDEEP:48:uYA1Sh0jYgBkTwNUit6tcv4FHI2M+NqGkBpBl7mMTmLCogOF0VEBGAZ1tofI6hd6:ur1/9UvZFfzNNMPvSwOF0gGktuIQc9r
                                          MD5:FB580514B4D0BDD01685C439202B8478
                                          SHA1:7B9C523070FC4CF5206304301F592C4DB9EEFD4F
                                          SHA-256:B17FC597FF49195BE87E22BCFB51B965175DB968A1597F519AC1761F990903FF
                                          SHA-512:EBF5CB57C9B7DBEFAB862E327563B64F228BC9F2ACD231C25F12A1691A193CC23D139116364A35CB787F92465AD7447E18C6C77198C8C74DEA1E4E21F229F91A
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."....................................................................................... !.10A........................!1A"..Q2aq.B..R#..b..@..4....................1.!AQ.. ..."q...2....................!1AQaq........ .................h...N.2I..x(.G....r....KmE...M...U..].../..R;.e.C.\.-2..s..u...^..t.>..>.\......I.vj../Z......VM...6.j[...G..J.=rH5..zSRqTzT5\.............9...N.sg.Mn.i)..m.<....,.+..t6.a.[/...)eO]#..............42.,.Xc...,2.''....u.6...M....K....&.v|.............N.eeg....y..+..~O@....{t.....~I'+..Y.eOa.yH....t..H.|.MJn..F.9....J.......^W;r....HX$Sf.M...D..>.....S..e.y).[I.GiT..(......>.F..-..9..,P..^H...L]]...a..0..L...."..q...M.5...+.d..).....NN....*^...k.n`...>...y...q<.3.vLf.P0..%(B...1.X..7.2.:^....a..9.4.e...}j.5.....X..A.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Ocean\Resources\is-P56ME.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):59813
                                          Entropy (8bit):7.98121954203813
                                          Encrypted:false
                                          SSDEEP:1536:18+XypsQyITZiPJJW1oKy+aIJ3EGefA8B/CnNGm6BMHku4mhWIOT26:s2QyITZiXBK8IJU5BMHku4mMX
                                          MD5:280B6BC8A2099E65448B28B5FB9D632E
                                          SHA1:EF04BFB3FA10C18409D452FDED1F51C93CA31230
                                          SHA-256:38A8459C5746737BBF6BA3AF68E26228457BE413C9D9C65D642EE17685336A1C
                                          SHA-512:AEEC3331B5D75E3F48D6313D205DA8CB96554B1F3A148C71247567D0ADCE52DFF3D9E766D0F328C36726F0399A715AD15F27CD759946EAEB0B2CAC74A8A60BF7
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............N..............................................................#"""#''''''''''..................................................!! !!''''''''''..........."......................................................................................!... 1"0A..@2#3$..`.B.....................!..1AQa"q2.......B# ..Rb0@..3.P.r.C.$.....`..Sc4....................!.1 AQ.0@aq...".P..2...#....................!1AQa.q. .....0...@P`................./...P......P......@....Q...D.......Q..$P.@...@.b. ..@..EA..".... ......1................P..D.*.*.Q....@Q..B..@F....".........0. .......T`..(........ ........DT....@.P....E@.......P.@:.....@....... 0.....PA(..0E....1..@.. ..."."..*..6........"....(.....@..H.....;.!....P...@.P..A.`..@.@...........Q.T..@..@.....X.!..T...........D . .@...*0@b..EF..".]*..@.A...H.(....(......A(..@..Q...T........4....P....@.@.@T... & .T....@.....9T.........A$P...*..A......DQ...P...H............ ......... %@`....*6

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Ocean\Resources\is-PTDE6.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3314
                                          Entropy (8bit):7.794112775105214
                                          Encrypted:false
                                          SSDEEP:48:uYA1Sh0jYgBkTwNUit6tcv4FHI2M+NqGkBpBl7mMTmLCogOF0VEBGAZ1tofI6hd6:ur1/9UvZFfzNNMPvSwOF0gGktuIQc9r
                                          MD5:FB580514B4D0BDD01685C439202B8478
                                          SHA1:7B9C523070FC4CF5206304301F592C4DB9EEFD4F
                                          SHA-256:B17FC597FF49195BE87E22BCFB51B965175DB968A1597F519AC1761F990903FF
                                          SHA-512:EBF5CB57C9B7DBEFAB862E327563B64F228BC9F2ACD231C25F12A1691A193CC23D139116364A35CB787F92465AD7447E18C6C77198C8C74DEA1E4E21F229F91A
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."....................................................................................... !.10A........................!1A"..Q2aq.B..R#..b..@..4....................1.!AQ.. ..."q...2....................!1AQaq........ .................h...N.2I..x(.G....r....KmE...M...U..].../..R;.e.C.\.-2..s..u...^..t.>..>.\......I.vj../Z......VM...6.j[...G..J.=rH5..zSRqTzT5\.............9...N.sg.Mn.i)..m.<....,.+..t6.a.[/...)eO]#..............42.,.Xc...,2.''....u.6...M....K....&.v|.............N.eeg....y..+..~O@....{t.....~I'+..Y.eOa.yH....t..H.|.MJn..F.9....J.......^W;r....HX$Sf.M...D..>.....S..e.y).[I.GiT..(......>.F..-..9..,P..^H...L]]...a..0..L...."..q...M.5...+.d..).....NN....*^...k.n`...>...y...q<.3.vLf.P0..%(B...1.X..7.2.:^....a..9.4.e...}j.5.....X..A.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Ocean\is-4F38O.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9143
                                          Entropy (8bit):5.023058477109346
                                          Encrypted:false
                                          SSDEEP:192:0ThNJ+skLFkLrIhNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:0ThNJFkLFkLrIhNJhkLpkL7kLuvyCjqb
                                          MD5:DA1B48C56B7F019C389CEDF8C12C4E50
                                          SHA1:50288F0A7A33D378D08922090A178E3D7A33AED1
                                          SHA-256:8F32ACD84DBA6519DD09D8A733F5B41957DF980BE5C08AED59CA6EC14A18D168
                                          SHA-512:81720ECCDFBD449967D7A33ABEF2F1F2994092092E13FB9EE60EA2BA7D6465EF6DEEA90D669CF24681CACDCC987DDABA27A1769008C3FA9DED8E9C1235165724
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Ocean" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="7298374" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<Def

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Outdoor Flame\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9151
                                          Entropy (8bit):5.025389890637244
                                          Encrypted:false
                                          SSDEEP:192:llNJ+skLFkLriNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:llNJFkLFkLriNJhkLpkL7kLuvyCjqw6N
                                          MD5:46E600C8EB40A03A8FA4A23A5DF32E9F
                                          SHA1:7B8E60A51FB01F7E52B6E06652E41D95FE489A1F
                                          SHA-256:E213EBDB4A75046BF9C966816296EFB08B0FE3ADB59196FF3D148E0F0E2783A6
                                          SHA-512:24DE475E5456D1AE64E460F6E812FF336CD4EED09E2381A940C7EAD601C78E47F58868F3F30FD868354F2D40C2BA13EFFE218118042066A1C2FBFE77CFE266AA
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Outdoor Flame" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="9933958" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Outdoor Flame\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):144640
                                          Entropy (8bit):7.9734910137081725
                                          Encrypted:false
                                          SSDEEP:3072:y4AuO+R52Bb7D/BobGC4988N2ax4bsHzekmpdML3WnCL:y4jO+R52B/Dyb9wfkaxG5MjWnK
                                          MD5:AD983CCD06FA28393A0C1ABB85B068C4
                                          SHA1:EF6BB90AE0A1597DE670774488F57E229F69C396
                                          SHA-256:F7E71824620DBA062ABCCE6C2D1E870C36450D0D62C0741EDD878F240166BB19
                                          SHA-512:FAE262C7C4136CE0AEC2247F46372702607DAFCB710B3378BE2A3D04F9CBB92CDC7AEDB4461898DB3E18E0DDE86240907D8F2E192014943AE31F5481C12C01B3
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......<......Adobe.d............................................................................................................................................................................................................................................!1A".Qa2.q.B..R#...b3..r...$..C...Sc4%..s..D......................!1.A..Qa"q........2..B.Rb#r3.....C.............?....]V.^..@.`.....?=.X.7..Q...R..@.m.....<...h.U..........P.H.......j...NJ8W..@..;.W.&...4Z.5.@..*....'r.`...h....jV.t.........+.Wu?....8..Q.4..h.k......d.....`v..h.........w.. ..].Z...5.O..A..$..P...|>.......:S........j..5.Z.#p.3...T..-.8...M....UD..}R*..7.......=Y...N...xp!t.J..../PX.....H&.w.|.@.).R....M7....HE....-."E<.....s...g.L....,..kEV@ce..=+.h.|.x.E.....8.E.K-T...*w..R.`A.M".f....\.~.G.B.?-...e1..!IY.L..+B..eE.x....S.~.(.]J..../.......4..Y.e.n.8..:'....p.@\.....PPqc.R...<r7n2..........?.(!..Z1o. *..p;._..D.0h.$k.Z5.I.j..Q.{.OW.>+U...u.cU.GK.yx...f..~.<"

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Outdoor Flame\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3089
                                          Entropy (8bit):7.762113991147194
                                          Encrypted:false
                                          SSDEEP:96:F0U4H0RCQXbbf1mTLZbevxdUt7mTtBOnn:x4HEX9MZbevxdUUtc
                                          MD5:A112F885ACE51A7F2828E25D382763F5
                                          SHA1:DBED0FE20033E11ACC57EFCDAE59DEAA1F386A8B
                                          SHA-256:F2CE80DBFBA7B7CF390F74A0D6105E5F1DB7FD0C683CE44C5CCBB90A064F272B
                                          SHA-512:2193915DC6E5092554CBCE4FA7D286B603FC8246555E9C22957A96F6A7CFC45E0EA07A4B2C7254C4F96778E5918D530E117320B417D8C2798BF936816C76A9E0
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!." 1A2B......................!1..A.Qa".q.2....#..BR3.....br.$....................!.1 Aa.Q...B....".....................!1AQaq........................q^..Y.y.4X.oIXZ..h.6G*...R.x<.uj....&W.[..w..0..%U...)2....j9.Y3U.*.i..|.[..i9..=...c.-...A....(T.(.K}%....a....A;..T..!...A.w..;..............~U.9.9...D..Z..|.Z.,vNM...'..W.>|...............2.R.....e(.r*kv...h.`...(.g.>..P.......b.o(1. .............s.Q=m...{\..C7+9L..(....?xA.u..:.R.W..Ye:.5\}..!\4...!W2..Y.u)~..k.(Gv.o.....lf.....Z.m=7.6..e......?.v....B....R.....>.............pQ}....eq]n..R...........k.Q.t...V..%c.(5.[..o.V.]......jZ..L...>uR...6v...U.W...uCZ..l6V#..C.....l]j..[!,.....x..L..w...{=(..%......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Outdoor Flame\Resources\is-IJDO4.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):144640
                                          Entropy (8bit):7.9734910137081725
                                          Encrypted:false
                                          SSDEEP:3072:y4AuO+R52Bb7D/BobGC4988N2ax4bsHzekmpdML3WnCL:y4jO+R52B/Dyb9wfkaxG5MjWnK
                                          MD5:AD983CCD06FA28393A0C1ABB85B068C4
                                          SHA1:EF6BB90AE0A1597DE670774488F57E229F69C396
                                          SHA-256:F7E71824620DBA062ABCCE6C2D1E870C36450D0D62C0741EDD878F240166BB19
                                          SHA-512:FAE262C7C4136CE0AEC2247F46372702607DAFCB710B3378BE2A3D04F9CBB92CDC7AEDB4461898DB3E18E0DDE86240907D8F2E192014943AE31F5481C12C01B3
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......<......Adobe.d............................................................................................................................................................................................................................................!1A".Qa2.q.B..R#...b3..r...$..C...Sc4%..s..D......................!1.A..Qa"q........2..B.Rb#r3.....C.............?....]V.^..@.`.....?=.X.7..Q...R..@.m.....<...h.U..........P.H.......j...NJ8W..@..;.W.&...4Z.5.@..*....'r.`...h....jV.t.........+.Wu?....8..Q.4..h.k......d.....`v..h.........w.. ..].Z...5.O..A..$..P...|>.......:S........j..5.Z.#p.3...T..-.8...M....UD..}R*..7.......=Y...N...xp!t.J..../PX.....H&.w.|.@.).R....M7....HE....-."E<.....s...g.L....,..kEV@ce..=+.h.|.x.E.....8.E.K-T...*w..R.`A.M".f....\.~.G.B.?-...e1..!IY.L..+B..eE.x....S.~.(.]J..../.......4..Y.e.n.8..:'....p.@\.....PPqc.R...<r7n2..........?.(!..Z1o. *..p;._..D.0h.$k.Z5.I.j..Q.{.OW.>+U...u.cU.GK.yx...f..~.<"

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Outdoor Flame\Resources\is-USF74.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3089
                                          Entropy (8bit):7.762113991147194
                                          Encrypted:false
                                          SSDEEP:96:F0U4H0RCQXbbf1mTLZbevxdUt7mTtBOnn:x4HEX9MZbevxdUUtc
                                          MD5:A112F885ACE51A7F2828E25D382763F5
                                          SHA1:DBED0FE20033E11ACC57EFCDAE59DEAA1F386A8B
                                          SHA-256:F2CE80DBFBA7B7CF390F74A0D6105E5F1DB7FD0C683CE44C5CCBB90A064F272B
                                          SHA-512:2193915DC6E5092554CBCE4FA7D286B603FC8246555E9C22957A96F6A7CFC45E0EA07A4B2C7254C4F96778E5918D530E117320B417D8C2798BF936816C76A9E0
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!." 1A2B......................!1..A.Qa".q.2....#..BR3.....br.$....................!.1 Aa.Q...B....".....................!1AQaq........................q^..Y.y.4X.oIXZ..h.6G*...R.x<.uj....&W.[..w..0..%U...)2....j9.Y3U.*.i..|.[..i9..=...c.-...A....(T.(.K}%....a....A;..T..!...A.w..;..............~U.9.9...D..Z..|.Z.,vNM...'..W.>|...............2.R.....e(.r*kv...h.`...(.g.>..P.......b.o(1. .............s.Q=m...{\..C7+9L..(....?xA.u..:.R.W..Ye:.5\}..!\4...!W2..Y.u)~..k.(Gv.o.....lf.....Z.m=7.6..e......?.v....B....R.....>.............pQ}....eq]n..R...........k.Q.t...V..%c.(5.[..o.V.]......jZ..L...>uR...6v...U.W...uCZ..l6V#..C.....l]j..[!,.....x..L..w...{=(..%......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Outdoor Flame\is-DNKNP.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9151
                                          Entropy (8bit):5.025389890637244
                                          Encrypted:false
                                          SSDEEP:192:llNJ+skLFkLriNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:llNJFkLFkLriNJhkLpkL7kLuvyCjqw6N
                                          MD5:46E600C8EB40A03A8FA4A23A5DF32E9F
                                          SHA1:7B8E60A51FB01F7E52B6E06652E41D95FE489A1F
                                          SHA-256:E213EBDB4A75046BF9C966816296EFB08B0FE3ADB59196FF3D148E0F0E2783A6
                                          SHA-512:24DE475E5456D1AE64E460F6E812FF336CD4EED09E2381A940C7EAD601C78E47F58868F3F30FD868354F2D40C2BA13EFFE218118042066A1C2FBFE77CFE266AA
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Outdoor Flame" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="9933958" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Outdoor\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9145
                                          Entropy (8bit):5.024348570865647
                                          Encrypted:false
                                          SSDEEP:192:ulNJ+skLFkLriNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:ulNJFkLFkLriNJhkLpkL7kLuvyCjqw6N
                                          MD5:2A87415545D49162E516DF5141C834E6
                                          SHA1:58B01BEE229219292B658FDE3F20A7C4BA9ECD1B
                                          SHA-256:F3820B2F6967C6B996EE446FC17EF8535EF06D24A860989AD9600BFB3FC1E764
                                          SHA-512:5BDD2574C56EA95704EC67A9C652AD52A18109EFA2540EC3801F083006656CBC7C4DA058C34A33EE6BCCBB0AD540D150DEABBFD170718F568850A911FA3907F8
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Outdoor" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="9933958" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<D

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Outdoor\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):121448
                                          Entropy (8bit):7.971392888957307
                                          Encrypted:false
                                          SSDEEP:3072:iPinbqJnlxYurWfJr17nR576plSBYrNrfGx9XIPQrgxJCG:iPIqSkgJp/Ir0nJKJT
                                          MD5:F14DE7A1B745C5AA87F36EDA30946277
                                          SHA1:6D4A1492615DF705D4E50ACB344C6A07C0274406
                                          SHA-256:9576CF1750D7229C6D7D404120A6A8D33B5D7DA209E87346A65A6BED5C566049
                                          SHA-512:0A97E035C3C094A453E1E83117AB46B0F4BC10F7FEFE2C1BA2D365C1841AF3214924AABC928E9C76DBCA40CCC7C35E88C7C7DAC8833FB68ADE7A3DBAB87D9BCA
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......<......Adobe.d..........................................................................................................................................................................................................................................!.1A"Q.aq2...B#.R....br...3.$.C...Sc4...s%.....................!1...AQaq........"..2..BRbr.................?..!,9%..J5...@xf.c?.....Zq......hJ.PHY-..2X......upe\..7.iZ.".V ".UUd....~'.Y..'..^..X.)......g.....:.[........e......#..VF....T..,&.......uQ.h...4Y.6U..r......J.t.<..m.6C.....+.B.Q...CB...;i...j..R..U..1r].u.+\.UP.w.:.hKP..KT..[.. ox............X '..Ua.2e.V...@#.u.q_q.70?KBy7...t..J.F...V......).?...+..r?p.6..W*Dh.|....`CXV.-.Rb|.P.F..._(..2..Kb.I....?..c.u..Xv..s....@.D.....q._.K..(...........bI.zj4.s?./.}|.........=..`....J... .&./&>..)..1-#.z..Z....ERT.......06...k.ZM...v...?......l{.`...@.5.]...;.....9B.^9U..C..x........a2M..v:..+....$J...H=6...?..Xy..@-....G}\...y9[.H/0q

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Outdoor\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2495
                                          Entropy (8bit):7.673119153331504
                                          Encrypted:false
                                          SSDEEP:48:HAoQh3lpcqvm0tvBH6kbqeno3VPXgq0V5SB56qJk3goubqCOL/iWa:g1MwvVtqz3Vvgq0V5SD6qme2nuWa
                                          MD5:C8253130A237C99F2AD8B0E884491B53
                                          SHA1:DF33A8118556A2265568E773AD8292EA6893E3F4
                                          SHA-256:658886C98D521D3251FFEA36925159316180113173B9837CBD3EE7707D3EF6A7
                                          SHA-512:45E17ED2286D0EA380AB0C7402F9C07646694DEEAC8EAC54AF184C8805AE166D66B65B3B86E7E5472FA90B92257FD5097ECD01AFDA08ED8FEF4B29BAFB95D3FF
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............^...=..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................!..0"1A.........................!1A.Qa...."2.q.# ..BR3...$...................!..0.@1a.....................!1AQaq....0.....................;r0j&....]0...*.......z..*..ON...}E}5iv.r!/....8i...P.n{m.R.k../..+o...L......Mu"(e.)$..I.JD.B.!U.../...................3..^.0t...........q.}&.......w%` ....../............[.@..AFRT......`..Ke...t#.9nW.5._Z..+.<6..|?..)P.}4.......v..m...mg.d.1{,{.f.m>..q.;5... ..n.dx...........e.f..L*@..Q.....Setr...Q..vqq.|._.......@.7.....+E.......+.a.lk...L*"....97....9/.+...!.YM.G.D...;Fv.k....f..&..GhT..........?..oF.y.........?.....................?.%~..t...s...w..:...$......m.......t....O~.-.2.....Rs.h..4....T.}.;..Z.{....5.....Am..#

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Outdoor\Resources\is-CHR3P.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2495
                                          Entropy (8bit):7.673119153331504
                                          Encrypted:false
                                          SSDEEP:48:HAoQh3lpcqvm0tvBH6kbqeno3VPXgq0V5SB56qJk3goubqCOL/iWa:g1MwvVtqz3Vvgq0V5SD6qme2nuWa
                                          MD5:C8253130A237C99F2AD8B0E884491B53
                                          SHA1:DF33A8118556A2265568E773AD8292EA6893E3F4
                                          SHA-256:658886C98D521D3251FFEA36925159316180113173B9837CBD3EE7707D3EF6A7
                                          SHA-512:45E17ED2286D0EA380AB0C7402F9C07646694DEEAC8EAC54AF184C8805AE166D66B65B3B86E7E5472FA90B92257FD5097ECD01AFDA08ED8FEF4B29BAFB95D3FF
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............^...=..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................!..0"1A.........................!1A.Qa...."2.q.# ..BR3...$...................!..0.@1a.....................!1AQaq....0.....................;r0j&....]0...*.......z..*..ON...}E}5iv.r!/....8i...P.n{m.R.k../..+o...L......Mu"(e.)$..I.JD.B.!U.../...................3..^.0t...........q.}&.......w%` ....../............[.@..AFRT......`..Ke...t#.9nW.5._Z..+.<6..|?..)P.}4.......v..m...mg.d.1{,{.f.m>..q.;5... ..n.dx...........e.f..L*@..Q.....Setr...Q..vqq.|._.......@.7.....+E.......+.a.lk...L*"....97....9/.+...!.YM.G.D...;Fv.k....f..&..GhT..........?..oF.y.........?.....................?.%~..t...s...w..:...$......m.......t....O~.-.2.....Rs.h..4....T.}.;..Z.{....5.....Am..#

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Outdoor\Resources\is-LRRP7.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):121448
                                          Entropy (8bit):7.971392888957307
                                          Encrypted:false
                                          SSDEEP:3072:iPinbqJnlxYurWfJr17nR576plSBYrNrfGx9XIPQrgxJCG:iPIqSkgJp/Ir0nJKJT
                                          MD5:F14DE7A1B745C5AA87F36EDA30946277
                                          SHA1:6D4A1492615DF705D4E50ACB344C6A07C0274406
                                          SHA-256:9576CF1750D7229C6D7D404120A6A8D33B5D7DA209E87346A65A6BED5C566049
                                          SHA-512:0A97E035C3C094A453E1E83117AB46B0F4BC10F7FEFE2C1BA2D365C1841AF3214924AABC928E9C76DBCA40CCC7C35E88C7C7DAC8833FB68ADE7A3DBAB87D9BCA
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......<......Adobe.d..........................................................................................................................................................................................................................................!.1A"Q.aq2...B#.R....br...3.$.C...Sc4...s%.....................!1...AQaq........"..2..BRbr.................?..!,9%..J5...@xf.c?.....Zq......hJ.PHY-..2X......upe\..7.iZ.".V ".UUd....~'.Y..'..^..X.)......g.....:.[........e......#..VF....T..,&.......uQ.h...4Y.6U..r......J.t.<..m.6C.....+.B.Q...CB...;i...j..R..U..1r].u.+\.UP.w.:.hKP..KT..[.. ox............X '..Ua.2e.V...@#.u.q_q.70?KBy7...t..J.F...V......).?...+..r?p.6..W*Dh.|....`CXV.-.Rb|.P.F..._(..2..Kb.I....?..c.u..Xv..s....@.D.....q._.K..(...........bI.zj4.s?./.}|.........=..`....J... .&./&>..)..1-#.z..Z....ERT.......06...k.ZM...v...?......l{.`...@.5.]...;.....9B.^9U..C..x........a2M..v:..+....$J...H=6...?..Xy..@-....G}\...y9[.H/0q

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Outdoor\is-P2355.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9145
                                          Entropy (8bit):5.024348570865647
                                          Encrypted:false
                                          SSDEEP:192:ulNJ+skLFkLriNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:ulNJFkLFkLriNJhkLpkL7kLuvyCjqw6N
                                          MD5:2A87415545D49162E516DF5141C834E6
                                          SHA1:58B01BEE229219292B658FDE3F20A7C4BA9ECD1B
                                          SHA-256:F3820B2F6967C6B996EE446FC17EF8535EF06D24A860989AD9600BFB3FC1E764
                                          SHA-512:5BDD2574C56EA95704EC67A9C652AD52A18109EFA2540EC3801F083006656CBC7C4DA058C34A33EE6BCCBB0AD540D150DEABBFD170718F568850A911FA3907F8
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Outdoor" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="9933958" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<D

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Pets\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9135
                                          Entropy (8bit):5.022864839615239
                                          Encrypted:false
                                          SSDEEP:192:G+NJZkLkkLrhNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:G+NJZkLkkLrhNJhkLpkL7kLuvyCjqw6N
                                          MD5:E9119A42720235B36D0D31593D582474
                                          SHA1:5161420C2A1240A652E454C0F06036EBAE6AB51F
                                          SHA-256:EEF6A54D43A5888094508B1F7FE492164AE7243E0B5BF696D453F158CA04EA0D
                                          SHA-512:8435090F60D3757385DCFE90C48FD0F365F2CB890578821692E6D85868D991DDDA7E6098466DE5E8A691B4FA18EC5BCE9EC25FBE093F5E2238E523DC5B5092B4
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Pets" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="1787479" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="380" y1="130" x2="650" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="380" y1="250" x2="650" y2="350"/>......<States>.......<Default typ

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Pets\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2008:04:22 16:35:05], baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):138616
                                          Entropy (8bit):7.944063366588017
                                          Encrypted:false
                                          SSDEEP:3072:ZImw9hMvqgABHinGwLws3zEQfyUAw6lPIqMvXIo:ZI1hOABHkGOwsjLybRPIXYo
                                          MD5:D0DB3848F3F173D7438E32F52571586B
                                          SHA1:F6C5BC2128E65D63DFFEF0561F61D4F00A16E919
                                          SHA-256:201C42443A00608DC44123A9BAB2B67D4A55DF139ABF442220654540E881867C
                                          SHA-512:F17FAFB7C0FA250F7F7E765652C68923B735910A86C90264FF7CF7F16D4AA5C781D123BD65B8F5D9CF9B38EE25E707AC3E2394620384A76BC82CEE33FC64FA84
                                          Malicious:false
                                          Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS3 Windows.2008:04:22 16:35:05...................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................x...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...A`}..=.0..5.-.....\.m..UM....$.L.n.c....D..c..My/`....N...n.o._n.{]..Q{.].^.....qs...G...{.]VzO..TZMNo.q...,.j.}C).

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Pets\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3171
                                          Entropy (8bit):7.759766477450669
                                          Encrypted:false
                                          SSDEEP:96:o7wF5rU//kU26FV1RsGYxGywx4LRZC2o0SYOGO0:XFU/5nRsG+GlxM4730
                                          MD5:7A720DF3C5C971BD6206276D77956D27
                                          SHA1:06D7603D357C1A248FE4BE39A726CB0B3107FA9B
                                          SHA-256:B9F83159CEDAC1B6BD60A5FEE17CD4D33CBF195C242B10E3AEB2D72395943E04
                                          SHA-512:5A866CAF182BB41DE5296841EC0F70740F8782CE0081B1DDF0936E48A0944F7A7BEAB065282AF5DE647C8476CAF17E12B9BA33899C8B3425ECA72D66D9DFFC3D
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................a......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................... !..1.0A"#........................!1A"..Qaq2B..#R0....3..b.......................!.1 A.Qa..q....#....................!1AQaq... ....................z.....Jd..Tw..\....r..9.i-......7l...+"...O..L.4hX.o;...I..Yl..cX.<0..U..)....5..V*\4..t>.....yl|.......Ly...... 1..............?...........Nyr.3..\J..g...8=8..96...>.R8........(....OW...........rG<s..$..3..<g.rO..&9....##................=...q%...lc....n*..bx`v..v..7T.\..kku..).I.ape..t.v..zU.f.O..`.@)...u..4D.?.".#b...r.P.*.U}.@,Ej..*J.j...........V)...Z.M(..4..@.V].,.J.#-_...}........\..\|J......ax...q..i.k..$.'..v....Y.v.^,.......d..s...D......k....T--F....l.>.n.=...:H...mX..%...2g.....y..?.R.U.%...i6...g\.s.u.3

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Pets\Resources\is-1TCSO.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3171
                                          Entropy (8bit):7.759766477450669
                                          Encrypted:false
                                          SSDEEP:96:o7wF5rU//kU26FV1RsGYxGywx4LRZC2o0SYOGO0:XFU/5nRsG+GlxM4730
                                          MD5:7A720DF3C5C971BD6206276D77956D27
                                          SHA1:06D7603D357C1A248FE4BE39A726CB0B3107FA9B
                                          SHA-256:B9F83159CEDAC1B6BD60A5FEE17CD4D33CBF195C242B10E3AEB2D72395943E04
                                          SHA-512:5A866CAF182BB41DE5296841EC0F70740F8782CE0081B1DDF0936E48A0944F7A7BEAB065282AF5DE647C8476CAF17E12B9BA33899C8B3425ECA72D66D9DFFC3D
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................a......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................... !..1.0A"#........................!1A"..Qaq2B..#R0....3..b.......................!.1 A.Qa..q....#....................!1AQaq... ....................z.....Jd..Tw..\....r..9.i-......7l...+"...O..L.4hX.o;...I..Yl..cX.<0..U..)....5..V*\4..t>.....yl|.......Ly...... 1..............?...........Nyr.3..\J..g...8=8..96...>.R8........(....OW...........rG<s..$..3..<g.rO..&9....##................=...q%...lc....n*..bx`v..v..7T.\..kku..).I.ape..t.v..zU.f.O..`.@)...u..4D.?.".#b...r.P.*.U}.@,Ej..*J.j...........V)...Z.M(..4..@.V].,.J.#-_...}........\..\|J......ax...q..i.k..$.'..v....Y.v.^,.......d..s...D......k....T--F....l.>.n.=...:H...mX..%...2g.....y..?.R.U.%...i6...g\.s.u.3

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Pets\Resources\is-QPE1N.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2008:04:22 16:35:05], baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):138616
                                          Entropy (8bit):7.944063366588017
                                          Encrypted:false
                                          SSDEEP:3072:ZImw9hMvqgABHinGwLws3zEQfyUAw6lPIqMvXIo:ZI1hOABHkGOwsjLybRPIXYo
                                          MD5:D0DB3848F3F173D7438E32F52571586B
                                          SHA1:F6C5BC2128E65D63DFFEF0561F61D4F00A16E919
                                          SHA-256:201C42443A00608DC44123A9BAB2B67D4A55DF139ABF442220654540E881867C
                                          SHA-512:F17FAFB7C0FA250F7F7E765652C68923B735910A86C90264FF7CF7F16D4AA5C781D123BD65B8F5D9CF9B38EE25E707AC3E2394620384A76BC82CEE33FC64FA84
                                          Malicious:false
                                          Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS3 Windows.2008:04:22 16:35:05...................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................x...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...A`}..=.0..5.-.....\.m..UM....$.L.n.c....D..c..My/`....N...n.o._n.{]..Q{.].^.....qs...G...{.]VzO..TZMNo.q...,.j.}C).

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Pets\is-5LKKB.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9135
                                          Entropy (8bit):5.022864839615239
                                          Encrypted:false
                                          SSDEEP:192:G+NJZkLkkLrhNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:G+NJZkLkkLrhNJhkLpkL7kLuvyCjqw6N
                                          MD5:E9119A42720235B36D0D31593D582474
                                          SHA1:5161420C2A1240A652E454C0F06036EBAE6AB51F
                                          SHA-256:EEF6A54D43A5888094508B1F7FE492164AE7243E0B5BF696D453F158CA04EA0D
                                          SHA-512:8435090F60D3757385DCFE90C48FD0F365F2CB890578821692E6D85868D991DDDA7E6098466DE5E8A691B4FA18EC5BCE9EC25FBE093F5E2238E523DC5B5092B4
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Pets" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="1787479" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="380" y1="130" x2="650" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="380" y1="250" x2="650" y2="350"/>......<States>.......<Default typ

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Picnic\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9137
                                          Entropy (8bit):5.021875613993717
                                          Encrypted:false
                                          SSDEEP:192:aZNJHkLIkLrUNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:aZNJHkLIkLrUNJhkLpkL7kLuvyCjqw6N
                                          MD5:5128A6514C1EE40D96BD989C214D86B4
                                          SHA1:9DD190594F2A7F4C324AF5CF83637FB69A75D8E4
                                          SHA-256:FF2C0AAD71554E9E8FD6F432D14A37B0EE95E8764EDA05BBBD83903598251F82
                                          SHA-512:90C8C2A136A2571CDF79BFBB66D62E45F53F7DF1CB02D2CD6ED2A955664D7DB8A33DD7E233DCEF37AE2AAB1DEB99072C7D45B4ACC08A7A2552805076184DC24F
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Picnic" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="10118935" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......<Default ty

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Picnic\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):68235
                                          Entropy (8bit):7.982427473237978
                                          Encrypted:false
                                          SSDEEP:1536:TeQiTwZkhegeAKYHLI7RBR4lVdw31rxuoannO1q6hmTGu:TXiT2khegeA0RV/ranSfhVu
                                          MD5:0E1515808A2D33C0DC24F1BCAEAFDCE2
                                          SHA1:A220564DB37A4BA5A996069753D8D8F69497531F
                                          SHA-256:16C5B00065E7180E0B043C45DDF986229F197110B3E87B4C1281DB1F622F537E
                                          SHA-512:2928EE95265A4DCA1CB917C93DD2F7613506346D8B24CC98C78D5425A83939934581F70A8A224D9CB5D1A2B672C76EDB2D6522598032B82D07DD5BE6099589AE
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............N*..............................................................#"""#''''''''''..................................................!! !!''''''''''...........".......................................................................................!.. 01"..2@A#3.B$4.PCD`%.....................!.1A.Qaq"....2.....BR ..br0@.#P`..3...CS..c$..p..s.4.D....................!.1. PAQq.20@a.`p."..r......................!1AQaq...... ....0@...............\~.?..y..7o-..*.tZk....ha.BQ.......{e..........?/M...:0.....,Z..5.".1..M.....6..6%g..]..m.....;P...&.b.<.<.zXoN.#...\p..xID..... p;..X.*.8..'TV..7R..e.i*(.b.2.2!.+3.n.......Y....k.../...LN.@......g...c...7..U.:.c....+..j.2.NN..5.s......6$.j..B..\...57i.5..EL. |7)#c.b.....Q6wl.....6.*\..5..w1.Q...E....M.S.f..S."EH1..UZ.S....m.O.[,NJ....[....ju.I..Z.A....F..#..I.}.....0...H....sg...}ist:z..Q...<.....It.....7j..-..{....G;C7...+t...Vr.a...t....2$..f|u.,.B_..^.^^..C..*Y}...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Picnic\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3186
                                          Entropy (8bit):7.777429069438887
                                          Encrypted:false
                                          SSDEEP:96:iIounn/y4OQfgIZRdxpuRkxbA6xiutqEkCpW:DnnK41g4nOCbNOOW
                                          MD5:C7CE259AF16137E91BCA4AF4016E4997
                                          SHA1:BE9E2D385DF16861B3C54925A7B201D55C9F02DA
                                          SHA-256:FBDC387996A8DC6DCF541FFB30C0B58D671A16B28F1CA8012FE61B99E0378689
                                          SHA-512:76DFD27CB92CDECCD1AD352EC25AD8BAE96DE5B1E8D28EBDB2A44721EDA1533AFCE688FEE49DDE26490E62F2CF86A9C400CC53D9C319E88DB5FEFA2A78A80902
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................B...p......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!.... "2......................!.1.AQ".a2.q...#...BR...r3.$....................! 1.AQ..2q.......................!1AQqa.... ..........................$.T.&..-+..j...E.....w2..#.?=..>..v...1b..\...!.+.U..`.....3.L...n....1.o.....f..Zc-.{o...G....MF..q..9G......=...J..).J..$7S.#.<.................-* E.Sz..g.@,...=..TA.T...a1....B.hR.'..x............(#S..%...O..'.f.....g....x....la.(.................S..:.i.W.MG3^..u:k}.;G.X..]d.*.^....Nl.U......-..F{%....^....m...|.y.G.1...L.i..i.....W..]....[K+_Ze2Q..`rf..^..5.k.y......]n.g-<.O.L.vo...:...;.i.Ywl..c.v.._~}W..-......e.ww.z.{...._rQ....}.\Y..l+O...|..J..][:.z]....&.n....OzZ...&..=yV...9+^.{%.4.=M...muU.m..|..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Picnic\Resources\is-NUSTV.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):68235
                                          Entropy (8bit):7.982427473237978
                                          Encrypted:false
                                          SSDEEP:1536:TeQiTwZkhegeAKYHLI7RBR4lVdw31rxuoannO1q6hmTGu:TXiT2khegeA0RV/ranSfhVu
                                          MD5:0E1515808A2D33C0DC24F1BCAEAFDCE2
                                          SHA1:A220564DB37A4BA5A996069753D8D8F69497531F
                                          SHA-256:16C5B00065E7180E0B043C45DDF986229F197110B3E87B4C1281DB1F622F537E
                                          SHA-512:2928EE95265A4DCA1CB917C93DD2F7613506346D8B24CC98C78D5425A83939934581F70A8A224D9CB5D1A2B672C76EDB2D6522598032B82D07DD5BE6099589AE
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............N*..............................................................#"""#''''''''''..................................................!! !!''''''''''...........".......................................................................................!.. 01"..2@A#3.B$4.PCD`%.....................!.1A.Qaq"....2.....BR ..br0@.#P`..3...CS..c$..p..s.4.D....................!.1. PAQq.20@a.`p."..r......................!1AQaq...... ....0@...............\~.?..y..7o-..*.tZk....ha.BQ.......{e..........?/M...:0.....,Z..5.".1..M.....6..6%g..]..m.....;P...&.b.<.<.zXoN.#...\p..xID..... p;..X.*.8..'TV..7R..e.i*(.b.2.2!.+3.n.......Y....k.../...LN.@......g...c...7..U.:.c....+..j.2.NN..5.s......6$.j..B..\...57i.5..EL. |7)#c.b.....Q6wl.....6.*\..5..w1.Q...E....M.S.f..S."EH1..UZ.S....m.O.[,NJ....[....ju.I..Z.A....F..#..I.}.....0...H....sg...}ist:z..Q...<.....It.....7j..-..{....G;C7...+t...Vr.a...t....2$..f|u.,.B_..^.^^..C..*Y}...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Picnic\Resources\is-TO1ON.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3186
                                          Entropy (8bit):7.777429069438887
                                          Encrypted:false
                                          SSDEEP:96:iIounn/y4OQfgIZRdxpuRkxbA6xiutqEkCpW:DnnK41g4nOCbNOOW
                                          MD5:C7CE259AF16137E91BCA4AF4016E4997
                                          SHA1:BE9E2D385DF16861B3C54925A7B201D55C9F02DA
                                          SHA-256:FBDC387996A8DC6DCF541FFB30C0B58D671A16B28F1CA8012FE61B99E0378689
                                          SHA-512:76DFD27CB92CDECCD1AD352EC25AD8BAE96DE5B1E8D28EBDB2A44721EDA1533AFCE688FEE49DDE26490E62F2CF86A9C400CC53D9C319E88DB5FEFA2A78A80902
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................B...p......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!.... "2......................!.1.AQ".a2.q...#...BR...r3.$....................! 1.AQ..2q.......................!1AQqa.... ..........................$.T.&..-+..j...E.....w2..#.?=..>..v...1b..\...!.+.U..`.....3.L...n....1.o.....f..Zc-.{o...G....MF..q..9G......=...J..).J..$7S.#.<.................-* E.Sz..g.@,...=..TA.T...a1....B.hR.'..x............(#S..%...O..'.f.....g....x....la.(.................S..:.i.W.MG3^..u:k}.;G.X..]d.*.^....Nl.U......-..F{%....^....m...|.y.G.1...L.i..i.....W..]....[K+_Ze2Q..`rf..^..5.k.y......]n.g-<.O.L.vo...:...;.i.Ywl..c.v.._~}W..-......e.ww.z.{...._rQ....}.\Y..l+O...|..J..][:.z]....&.n....OzZ...&..=yV...9+^.{%.4.=M...muU.m..|..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Picnic\is-L6DT8.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9137
                                          Entropy (8bit):5.021875613993717
                                          Encrypted:false
                                          SSDEEP:192:aZNJHkLIkLrUNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:aZNJHkLIkLrUNJhkLpkL7kLuvyCjqw6N
                                          MD5:5128A6514C1EE40D96BD989C214D86B4
                                          SHA1:9DD190594F2A7F4C324AF5CF83637FB69A75D8E4
                                          SHA-256:FF2C0AAD71554E9E8FD6F432D14A37B0EE95E8764EDA05BBBD83903598251F82
                                          SHA-512:90C8C2A136A2571CDF79BFBB66D62E45F53F7DF1CB02D2CD6ED2A955664D7DB8A33DD7E233DCEF37AE2AAB1DEB99072C7D45B4ACC08A7A2552805076184DC24F
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Picnic" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="10118935" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......<Default ty

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Simply Together\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9153
                                          Entropy (8bit):5.0222908780455
                                          Encrypted:false
                                          SSDEEP:192:WtLNJ+skLFkLrsNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:WtLNJFkLFkLrsNJhkLpkL7kLuvyCjqwW
                                          MD5:EB0AA06683F8B56A1CFE336E7245C26C
                                          SHA1:E967F5CFFC80D7200D8564C7A6CA8A2CB4C51621
                                          SHA-256:D05C55339EAD0758D336FD8BB1BEDCC991F973694821A518355546B422085C5B
                                          SHA-512:2F0ECC3D77213FACFF125666C5C7836377F7F43B267702DF2F062C4A8F66CE86666CC2D392693C1455A0BF1F8099379CAD3A0F6D0ED0AFF1B7C97F61CB7A3CD6
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Simply Together" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="1052914" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Simply Together\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2008:04:25 16:23:40], baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):121821
                                          Entropy (8bit):7.9323263916639775
                                          Encrypted:false
                                          SSDEEP:1536:vzoz5o37YaYI/+v84ySdBQTF1t3Hv9PGHSzaclmodSPnEB35Gx8csFX1AVX9rYXj:935YIY7FdBQThgHS5lfYYPX1EX9rmr9h
                                          MD5:EFBACF53B115ADFBD5092D92582A0306
                                          SHA1:C510495165E9EFD3FF720A5D1E8F7B59C8B18F02
                                          SHA-256:F4F6816986A12B8C45C2AB0CE6D0C95446FEEE207DCD1D2FCD89CE8AE0FA8B55
                                          SHA-512:3B801866C842DF4631F4F598B79D9B59FD0C1984C53680CE7FB9DA06BE128E127DD2D6E2C8EF002B1431B4D6BDB677FB71EF54C6CDDE8CCD7D18D82885DD9515
                                          Malicious:false
                                          Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS3 Windows.2008:04:25 16:23:40...................................................................................&.(.................................N.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................x...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....mi.T9......U.?Q.|U`..\Z7H....n...vY...X.f ...oe)H..k..8.h..-...n.s...(.W[=G8...3...k.......s.....i.s..Y.mF..=.C....M

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Simply Together\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2974
                                          Entropy (8bit):7.734046255865943
                                          Encrypted:false
                                          SSDEEP:48:ZAkWf97CTChXvlwswayAZGw77OVPpw2FlhefuK+rZaTi29:qk3TS9wswIGwnO7w2FlhefUUTr
                                          MD5:A3D0BA5138D5B28B06FEDB9D7A4DB10C
                                          SHA1:C6808419BB37C429D7EF34AB2915D66D2581DE64
                                          SHA-256:DF7649B24E2F1B8E863E11A7777649CCD1D8B601283C9EEBBCEACCDF14B93BD5
                                          SHA-512:6AC4034E577248F1D8B52B7652708B2B5017833734F77B70F83734822906C82C63B73465D78F94FEB927FD9ABBE673FA16FFA7EDB0B657D6361570254C366204
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!.".. 2A.......................!1AQ"..a.2.q. ..R..#.B3$....................!.. 1AQa."....2q.....................!.1AQaq..........................y.......rr8...:(..e..Lp&....6[e.:.'CH..@..j.F.+!nb.Z.2.....<.j9.<.}Ej&u.._..q.{..u.U...P..|hs3..OL...i..(V..:E[...BII(.W8%!Bi*o..........9.!....!..P.a..O...f..>....4...8..3..........l..&ffr....[c...g.:.....m.]..c.g........Od,..g..y.`...........}:.F..V.f..f.JZ+.`.%..2...;...S.k._./..Ns.........J. ..u.o.}.}.....yNS..**J..4j7l...u[GsN.b.|..:m..i...9E.........5...t...`...)...30..zu{w....kv.....r...W^.s..n.R..\...f..;......g...m{...*..*._\....vT.O|U..6.:..wq.Sa..330...yN.ut.;Wr[.....(..`l.s?....O...........?.j..SQj...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Simply Together\Resources\is-0JLQA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2974
                                          Entropy (8bit):7.734046255865943
                                          Encrypted:false
                                          SSDEEP:48:ZAkWf97CTChXvlwswayAZGw77OVPpw2FlhefuK+rZaTi29:qk3TS9wswIGwnO7w2FlhefUUTr
                                          MD5:A3D0BA5138D5B28B06FEDB9D7A4DB10C
                                          SHA1:C6808419BB37C429D7EF34AB2915D66D2581DE64
                                          SHA-256:DF7649B24E2F1B8E863E11A7777649CCD1D8B601283C9EEBBCEACCDF14B93BD5
                                          SHA-512:6AC4034E577248F1D8B52B7652708B2B5017833734F77B70F83734822906C82C63B73465D78F94FEB927FD9ABBE673FA16FFA7EDB0B657D6361570254C366204
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!.".. 2A.......................!1AQ"..a.2.q. ..R..#.B3$....................!.. 1AQa."....2q.....................!.1AQaq..........................y.......rr8...:(..e..Lp&....6[e.:.'CH..@..j.F.+!nb.Z.2.....<.j9.<.}Ej&u.._..q.{..u.U...P..|hs3..OL...i..(V..:E[...BII(.W8%!Bi*o..........9.!....!..P.a..O...f..>....4...8..3..........l..&ffr....[c...g.:.....m.]..c.g........Od,..g..y.`...........}:.F..V.f..f.JZ+.`.%..2...;...S.k._./..Ns.........J. ..u.o.}.}.....yNS..**J..4j7l...u[GsN.b.|..:m..i...9E.........5...t...`...)...30..zu{w....kv.....r...W^.s..n.R..\...f..;......g...m{...*..*._\....vT.O|U..6.:..wq.Sa..330...yN.ut.;Wr[.....(..`l.s?....O...........?.j..SQj...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Simply Together\Resources\is-8SPQA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2008:04:25 16:23:40], baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):121821
                                          Entropy (8bit):7.9323263916639775
                                          Encrypted:false
                                          SSDEEP:1536:vzoz5o37YaYI/+v84ySdBQTF1t3Hv9PGHSzaclmodSPnEB35Gx8csFX1AVX9rYXj:935YIY7FdBQThgHS5lfYYPX1EX9rmr9h
                                          MD5:EFBACF53B115ADFBD5092D92582A0306
                                          SHA1:C510495165E9EFD3FF720A5D1E8F7B59C8B18F02
                                          SHA-256:F4F6816986A12B8C45C2AB0CE6D0C95446FEEE207DCD1D2FCD89CE8AE0FA8B55
                                          SHA-512:3B801866C842DF4631F4F598B79D9B59FD0C1984C53680CE7FB9DA06BE128E127DD2D6E2C8EF002B1431B4D6BDB677FB71EF54C6CDDE8CCD7D18D82885DD9515
                                          Malicious:false
                                          Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS3 Windows.2008:04:25 16:23:40...................................................................................&.(.................................N.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................x...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....mi.T9......U.?Q.|U`..\Z7H....n...vY...X.f ...oe)H..k..8.h..-...n.s...(.W[=G8...3...k.......s.....i.s..Y.mF..=.C....M

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Simply Together\is-NF2IP.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9153
                                          Entropy (8bit):5.0222908780455
                                          Encrypted:false
                                          SSDEEP:192:WtLNJ+skLFkLrsNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:WtLNJFkLFkLrsNJhkLpkL7kLuvyCjqwW
                                          MD5:EB0AA06683F8B56A1CFE336E7245C26C
                                          SHA1:E967F5CFFC80D7200D8564C7A6CA8A2CB4C51621
                                          SHA-256:D05C55339EAD0758D336FD8BB1BEDCC991F973694821A518355546B422085C5B
                                          SHA-512:2F0ECC3D77213FACFF125666C5C7836377F7F43B267702DF2F062C4A8F66CE86666CC2D392693C1455A0BF1F8099379CAD3A0F6D0ED0AFF1B7C97F61CB7A3CD6
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Simply Together" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="1052914" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Snowmen\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9136
                                          Entropy (8bit):5.02263487840848
                                          Encrypted:false
                                          SSDEEP:192:382NJHkLIkLrT2NJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:3NNJHkLIkLr6NJhkLpkL7kLuvyCjqw6N
                                          MD5:A8DE955E21089A592749E132B3E12C3D
                                          SHA1:D6AC90AF726FF33770129B41F2C9CADD12EC7E3D
                                          SHA-256:A696024DA025E39602488DEA1CE52A3310619208D241EB4A8E532D4B761FB2F1
                                          SHA-512:665E901CFA5C5A1751894E35C74BDC557CF5F677C7FD4D5CA93C38AA5541E6794F510843777FC0DC9D391D1640FA1864620DB8E10B49C76F0A162E46EB318B71
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Snowmen" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="7895278" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......<Default ty

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Snowmen\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):37961
                                          Entropy (8bit):7.981260084407558
                                          Encrypted:false
                                          SSDEEP:768:i9gBtnXU/RB1wsRFO5sL0Crt111ghGsqYd6btwJk8Rn8oQV17:iXPJO5lc11ShZqYd6bAR8oQV17
                                          MD5:C53DE00310E509181B637587D57D72B9
                                          SHA1:1579F86379EF29B422B196A3E3A8F775338AC937
                                          SHA-256:F0341E4F1693C821E568432EAD6DCA66C889BD1D9F61B548C87F80903B2A9EB6
                                          SHA-512:7A837923A87A0FB23509ACA74768DB4473DD129F61F1305568062C0C7F4383E6DF0A9398C53974FB10799ABFD8443A6991BB231D9DB0776E0AE62D3AB99EBC70
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..................U....G......................................................#"""#''''''''''..................................................!! !!''''''''''..........."........................................................................................!.. 0@P".12`#A.3$p4%5.......................!.1AQ..aq". ..2B.0`....R#Pbr3..@....S4.C$.cs.......................!.. 1AQaq.@.P..."2.0....BR`.br3....#....................!.1A Qaq.0........@................g..2.@...0...6..V..cL`T1..j...1..@.FH..1X0..p.8C..L...L..j[.$.c.V..I.s........Xs....b*k)...g$.x...3sYL...&.....d.\......i........j.MX.T..Lj.j.2...c-T..V.....414640..I...lV...i....k.,......m..............c.rMc.sYJ..M.f."{.|.D&..T.4..bj..m5E&...a...*F.1..X.P.P17i...@..p.c.....B..4.*T.'#...w..X.....sur."z]k..F.g......8.$.......r.q*...'.P9}....Ji..cMSi...m2.;0j.RU"..0T1..T.Uls..P....(`........L...4.....j.qR.rO^.....q.i.."}g..t.-o/.|..1.\b....TV*2.X.HyJ...@s{@.`.0..`5C

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Snowmen\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2752
                                          Entropy (8bit):7.726154750857068
                                          Encrypted:false
                                          SSDEEP:48:lAXA2rE/TWFGL6I8mIUvm72BAqQH10r38fn447AstX8GlP:WXA24/TW3ZmiKcWr38JlZ8YP
                                          MD5:E7A00520B6B8779408D0F6ADE7F8E36E
                                          SHA1:57D22BC3131AAA09A71ECA88733EFDECB5BEAD7F
                                          SHA-256:66ED65745F83D5C37BBEA3AB9AF21EB09A5D0C8244C5705B4890FE8D43CBF28B
                                          SHA-512:73BA7D8BF4594FB3BA0E680DA399DAE6850A37949A38C958271BAD5BBEF9DDEF3C5529F2FF375D86DC993933C2233FEBF25F844904967395702A390E41DA13FA
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................p..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".........................................................................................!.1". A......................!..1AQ.a". q...2#.0B3...R.$....................!A.1Qa... q....".0.BR....................!1AQaq.......................3..lJF.V..(..J.....:.........g...h..99.>J.R...I5C.P...O.M....H,.s..9....kyk...@.z. .6.vtJ7w...6n.U.o;...C....J.*4.rPp.J'..Q-...Y.N.K................9.`i.1.z/&v......Q...R?k>D"v..@.s................G..d.e.F..c.....Q|.....sPJ...._..s..b.......[.v..f/.....t.............'....q.P.W.mv..J..z..N!.#.......ZA.z.b/{..Cv....[......n._..%s...... .....3$5..5.dB...e......&....g.:.n.L.TV..F./..5n 0.lgn.O..?.......im...mt.'.2Y.S_.9..b...3.L.......C....o6{mNN.5.N..j.kAR.r..c....q.Vi1q..Y?..m(.....:.~w.S..../........?...(.V.T>.\.j4.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Snowmen\Resources\is-97SH3.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2752
                                          Entropy (8bit):7.726154750857068
                                          Encrypted:false
                                          SSDEEP:48:lAXA2rE/TWFGL6I8mIUvm72BAqQH10r38fn447AstX8GlP:WXA24/TW3ZmiKcWr38JlZ8YP
                                          MD5:E7A00520B6B8779408D0F6ADE7F8E36E
                                          SHA1:57D22BC3131AAA09A71ECA88733EFDECB5BEAD7F
                                          SHA-256:66ED65745F83D5C37BBEA3AB9AF21EB09A5D0C8244C5705B4890FE8D43CBF28B
                                          SHA-512:73BA7D8BF4594FB3BA0E680DA399DAE6850A37949A38C958271BAD5BBEF9DDEF3C5529F2FF375D86DC993933C2233FEBF25F844904967395702A390E41DA13FA
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................p..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".........................................................................................!.1". A......................!..1AQ.a". q...2#.0B3...R.$....................!A.1Qa... q....".0.BR....................!1AQaq.......................3..lJF.V..(..J.....:.........g...h..99.>J.R...I5C.P...O.M....H,.s..9....kyk...@.z. .6.vtJ7w...6n.U.o;...C....J.*4.rPp.J'..Q-...Y.N.K................9.`i.1.z/&v......Q...R?k>D"v..@.s................G..d.e.F..c.....Q|.....sPJ...._..s..b.......[.v..f/.....t.............'....q.P.W.mv..J..z..N!.#.......ZA.z.b/{..Cv....[......n._..%s...... .....3$5..5.dB...e......&....g.:.n.L.TV..F./..5n 0.lgn.O..?.......im...mt.'.2Y.S_.9..b...3.L.......C....o6{mNN.5.N..j.kAR.r..c....q.Vi1q..Y?..m(.....:.~w.S..../........?...(.V.T>.\.j4.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Snowmen\Resources\is-GHBTU.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):37961
                                          Entropy (8bit):7.981260084407558
                                          Encrypted:false
                                          SSDEEP:768:i9gBtnXU/RB1wsRFO5sL0Crt111ghGsqYd6btwJk8Rn8oQV17:iXPJO5lc11ShZqYd6bAR8oQV17
                                          MD5:C53DE00310E509181B637587D57D72B9
                                          SHA1:1579F86379EF29B422B196A3E3A8F775338AC937
                                          SHA-256:F0341E4F1693C821E568432EAD6DCA66C889BD1D9F61B548C87F80903B2A9EB6
                                          SHA-512:7A837923A87A0FB23509ACA74768DB4473DD129F61F1305568062C0C7F4383E6DF0A9398C53974FB10799ABFD8443A6991BB231D9DB0776E0AE62D3AB99EBC70
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..................U....G......................................................#"""#''''''''''..................................................!! !!''''''''''..........."........................................................................................!.. 0@P".12`#A.3$p4%5.......................!.1AQ..aq". ..2B.0`....R#Pbr3..@....S4.C$.cs.......................!.. 1AQaq.@.P..."2.0....BR`.br3....#....................!.1A Qaq.0........@................g..2.@...0...6..V..cL`T1..j...1..@.FH..1X0..p.8C..L...L..j[.$.c.V..I.s........Xs....b*k)...g$.x...3sYL...&.....d.\......i........j.MX.T..Lj.j.2...c-T..V.....414640..I...lV...i....k.,......m..............c.rMc.sYJ..M.f."{.|.D&..T.4..bj..m5E&...a...*F.1..X.P.P17i...@..p.c.....B..4.*T.'#...w..X.....sur."z]k..F.g......8.$.......r.q*...'.P9}....Ji..cMSi...m2.;0j.RU"..0T1..T.Uls..P....(`........L...4.....j.qR.rO^.....q.i.."}g..t.-o/.|..1.\b....TV*2.X.HyJ...@s{@.`.0..`5C

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Snowmen\is-03GTI.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9136
                                          Entropy (8bit):5.02263487840848
                                          Encrypted:false
                                          SSDEEP:192:382NJHkLIkLrT2NJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:3NNJHkLIkLr6NJhkLpkL7kLuvyCjqw6N
                                          MD5:A8DE955E21089A592749E132B3E12C3D
                                          SHA1:D6AC90AF726FF33770129B41F2C9CADD12EC7E3D
                                          SHA-256:A696024DA025E39602488DEA1CE52A3310619208D241EB4A8E532D4B761FB2F1
                                          SHA-512:665E901CFA5C5A1751894E35C74BDC557CF5F677C7FD4D5CA93C38AA5541E6794F510843777FC0DC9D391D1640FA1864620DB8E10B49C76F0A162E46EB318B71
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Snowmen" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="7895278" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......<Default ty

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring Time\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9149
                                          Entropy (8bit):5.024215396428179
                                          Encrypted:false
                                          SSDEEP:192:UhNJ+skLFkLrKNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:UhNJFkLFkLrKNJhkLpkL7kLuvyCjqw6N
                                          MD5:B747297FD0FC9CAEB04BEBDF828CFDDF
                                          SHA1:EEEAAE1FDDE5EEE1DFAC9777552B5AD7DDC38B07
                                          SHA-256:AE4AD9D30267C9A506464DF2344ACD4786E4EDBAB89265FA668009DDD02CA0F3
                                          SHA-512:F41CB4E3F38E52E0140C7C73011C3EF4AB378CD1E4FB4E0161F775B669DDCDE6AE6DE305FC0025547BBE6279C9432BD48CC8F1BEA7F2C971FB59353FCCA5B26B
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Spring Time" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="4960447" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring Time\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):149746
                                          Entropy (8bit):7.976178841190166
                                          Encrypted:false
                                          SSDEEP:3072:ps/IpxgWjot/gdyQpgFt/x3F9UYM2ciY7khFX6V+GaD0kQ7Qyx1LoA8Z9A5oc7Lj:rhCgDpgFpH9UOp7X6Gwk+LoA8Zq
                                          MD5:A76A505F4E520174B0D281E4882776B5
                                          SHA1:A25FA565C4C4A5A0B36F5B7F21EE0E2295FC3DF5
                                          SHA-256:CE57A962599C29935FB72A2962346DCDF4EE3C3E65DC2C8549D8AC788AFEBF9A
                                          SHA-512:2D43F1EBB129B878260525323682C0B2B5AEF637C436E007251A03515FE726E951FE35C1C405A566920DEFD419C39CE773D0515FFD7BB7B6BE444A133B27B4CD
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......Z.....&Adobe.d................=......{...H...............................................................................................................................................................................................................................................!.. 1"..02#@A.P3$B4..%6C&.5.....................!.1...AQ". aq2B..#0...R3..bC$@P.r..S..4...c%.s..dt5.....................!. 0@.P`1.a"AQq..p..2b....................!1.AQaq.. ......0.@...............+..F.x.dj............D.D..{...p..bpH[.....Y....mM3..1#.....H\^:.,o... ....6.>(h..CP....>....qcB.....I..$,hH.qBB...L.dF..,N..$lUc".j!N...#]c4..T.......q...y.r..b..~..+qM`.g..-X...\Ae;.[d..#...1_`..n)%{/,Tkb.....f.(......B..7.6...}.<b6...........z'w#..z....R......>.."........4(J..CB.......,m(|P...CB..........m........Y9coT.......1$!.......A8....y.Q'J+t....V.5cg..a.e..(..9.,.N.s..4........5f)uPo.0=".....m.1..r...N.x.-..hY.B\...,}.0..H.......'....\..#.....R@.....jP

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring Time\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3539
                                          Entropy (8bit):7.805293706577987
                                          Encrypted:false
                                          SSDEEP:96:sQd/YGtSJ+DXmJLnoBpFAXALO5Vi+vfxDkPpU8bN0:l93tSULmN0mQLuJvfgpU8bN0
                                          MD5:0FBA650C0A1E1D99427E96717967CC63
                                          SHA1:334D98E919C9873CF9A39EBAA11CFDACF3753C1E
                                          SHA-256:900F1C096A7C609F3F3DF019D523347BBACA5A54E8450B4AF8FA6A9BD1D518BB
                                          SHA-512:9405BB0A65B947306639BBB74C5851CC47F5934C34AF976F9AF64A21175E927FA76241E4F2A20F806ED510622E241A6E32E7BCC45F0FD431D97FEBB508CF05A1
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............J...I..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!".... 2#3&.....................!..1.AQa"q.2..B#.......R..3...C....................!.. 1A..Qa....q.2r.#....................!1AQaq......................z..z9.j....v..r.23f..j..g.Q.D.....^..0..:.}MK...8....Y.#..)..KR'.h...v.*.......}..HF9..c_.t.2^w....2.."f. .Ay.6c2Xy...1.....}...z.Iz%..o.J..JO#RJ.4%}.'RR............c..e.$....\t.L}!.....2$...F .^.^s.H..x1..8.0..Y.@...9<...................8..s.......#(........q.o.......?..................Nf...f..\....8sn....v.*..m....NQ......<....sek..".H...<f.o.me.[nmNW ..X..my..|Bh9j.]Bf...f@.S..C..._u....L.V....T..1T ..[...4.D. 6.GZ.#..O..=...CYo..]j.3.Y1.c.W.il...fYn.Kkh..+V..O_b..u.u.i^Ucl=..#...J...F......%IM......ly..GS...W

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring Time\Resources\is-0M5TG.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3539
                                          Entropy (8bit):7.805293706577987
                                          Encrypted:false
                                          SSDEEP:96:sQd/YGtSJ+DXmJLnoBpFAXALO5Vi+vfxDkPpU8bN0:l93tSULmN0mQLuJvfgpU8bN0
                                          MD5:0FBA650C0A1E1D99427E96717967CC63
                                          SHA1:334D98E919C9873CF9A39EBAA11CFDACF3753C1E
                                          SHA-256:900F1C096A7C609F3F3DF019D523347BBACA5A54E8450B4AF8FA6A9BD1D518BB
                                          SHA-512:9405BB0A65B947306639BBB74C5851CC47F5934C34AF976F9AF64A21175E927FA76241E4F2A20F806ED510622E241A6E32E7BCC45F0FD431D97FEBB508CF05A1
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............J...I..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!".... 2#3&.....................!..1.AQa"q.2..B#.......R..3...C....................!.. 1A..Qa....q.2r.#....................!1AQaq......................z..z9.j....v..r.23f..j..g.Q.D.....^..0..:.}MK...8....Y.#..)..KR'.h...v.*.......}..HF9..c_.t.2^w....2.."f. .Ay.6c2Xy...1.....}...z.Iz%..o.J..JO#RJ.4%}.'RR............c..e.$....\t.L}!.....2$...F .^.^s.H..x1..8.0..Y.@...9<...................8..s.......#(........q.o.......?..................Nf...f..\....8sn....v.*..m....NQ......<....sek..".H...<f.o.me.[nmNW ..X..my..|Bh9j.]Bf...f@.S..C..._u....L.V....T..1T ..[...4.D. 6.GZ.#..O..=...CYo..]j.3.Y1.c.W.il...fYn.Kkh..+V..O_b..u.u.i^Ucl=..#...J...F......%IM......ly..GS...W

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring Time\Resources\is-K0MQO.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):149746
                                          Entropy (8bit):7.976178841190166
                                          Encrypted:false
                                          SSDEEP:3072:ps/IpxgWjot/gdyQpgFt/x3F9UYM2ciY7khFX6V+GaD0kQ7Qyx1LoA8Z9A5oc7Lj:rhCgDpgFpH9UOp7X6Gwk+LoA8Zq
                                          MD5:A76A505F4E520174B0D281E4882776B5
                                          SHA1:A25FA565C4C4A5A0B36F5B7F21EE0E2295FC3DF5
                                          SHA-256:CE57A962599C29935FB72A2962346DCDF4EE3C3E65DC2C8549D8AC788AFEBF9A
                                          SHA-512:2D43F1EBB129B878260525323682C0B2B5AEF637C436E007251A03515FE726E951FE35C1C405A566920DEFD419C39CE773D0515FFD7BB7B6BE444A133B27B4CD
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......Z.....&Adobe.d................=......{...H...............................................................................................................................................................................................................................................!.. 1"..02#@A.P3$B4..%6C&.5.....................!.1...AQ". aq2B..#0...R3..bC$@P.r..S..4...c%.s..dt5.....................!. 0@.P`1.a"AQq..p..2b....................!1.AQaq.. ......0.@...............+..F.x.dj............D.D..{...p..bpH[.....Y....mM3..1#.....H\^:.,o... ....6.>(h..CP....>....qcB.....I..$,hH.qBB...L.dF..,N..$lUc".j!N...#]c4..T.......q...y.r..b..~..+qM`.g..-X...\Ae;.[d..#...1_`..n)%{/,Tkb.....f.(......B..7.6...}.<b6...........z'w#..z....R......>.."........4(J..CB.......,m(|P...CB..........m........Y9coT.......1$!.......A8....y.Q'J+t....V.5cg..a.e..(..9.,.N.s..4........5f)uPo.0=".....m.1..r...N.x.-..hY.B\...,}.0..H.......'....\..#.....R@.....jP

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring Time\is-JR9ML.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9149
                                          Entropy (8bit):5.024215396428179
                                          Encrypted:false
                                          SSDEEP:192:UhNJ+skLFkLrKNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:UhNJFkLFkLrKNJhkLpkL7kLuvyCjqw6N
                                          MD5:B747297FD0FC9CAEB04BEBDF828CFDDF
                                          SHA1:EEEAAE1FDDE5EEE1DFAC9777552B5AD7DDC38B07
                                          SHA-256:AE4AD9D30267C9A506464DF2344ACD4786E4EDBAB89265FA668009DDD02CA0F3
                                          SHA-512:F41CB4E3F38E52E0140C7C73011C3EF4AB378CD1E4FB4E0161F775B669DDCDE6AE6DE305FC0025547BBE6279C9432BD48CC8F1BEA7F2C971FB59353FCCA5B26B
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Spring Time" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="4960447" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring and Summer\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9148
                                          Entropy (8bit):5.0228496831576415
                                          Encrypted:false
                                          SSDEEP:192:LwlNJZkLkkLrXlNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:LwlNJZkLkkLrXlNJhkLpkL7kLuvyCjqb
                                          MD5:2436C14ACB96D7908C2EFFE5EEBFFFAD
                                          SHA1:F0C7F7087EA3B6DFD08D946800ED90C99579A1E6
                                          SHA-256:BC4A3E37ED43A59F0BFE0F9A289AB96A3FCC10E36EE29254FC5C5F38BAFF458B
                                          SHA-512:DC99E9EFC6A615B28B6580DE4E014B8C2F5319EC4BB2B2058C71B01F0645FE077709B5AE4F3D58C8B07D9C87D97A71B2A190BB967389D90FCB090F19EBCDFF19
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Spring and Summer" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="3484712" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="380" y1="130" x2="650" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="380" y1="250" x2="650" y2="350"/>......<States>......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring and Summer\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):31876
                                          Entropy (8bit):7.97646117787143
                                          Encrypted:false
                                          SSDEEP:768:yyBhRP1E2Ql9EHxPbNI8ifvWeLEB0NOWDZAw1d11O:yiD+Tl9kB+5q2Zv1c
                                          MD5:00B9DF0E285359E881A187B1CEA0F89A
                                          SHA1:A937704F165D3332F2557E41DA7DA7082282A826
                                          SHA-256:B20C977040B45D862D52FD877A42D6D5275FDB79A23416A16E6795804420152D
                                          SHA-512:A5D34482CA20821326F67D7ADC75B0FCC6487961CEE8E65EC7FAC85FE5BD3CCA494B005945A9E5F8A4D6A886C2A050FC17C74D45BEB516EA69A452354DE9716E
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............6...K...|.......................................................#"""#''''''''''..................................................!! !!''''''''''..........."........................................................................................ 0!1.@P".A2.#$4.3B.....................!.. 1.AQa".q...2R.0@P`...Bb#3...r.S.C$.cs.p.D....................!.0@P1Q. `Aaq......p...".....................!1A.Qa q.0...@.....P...................8i.J.....=,..SQ..)...r.Al@,:....Y...4.....Z...,S..`.S<...x..,...........[I.7..n .".h .!.......`.4...M.S.(.E..m.D.M"..E.....b.xj[.<...&..K..J.$P..<(.I..DH ... ...Ac......=..&.P.b...S.Y.w4...u[.+..a6.3....2.9.s.4..K)$.@.P481......i...).....H.."I&.Dh..H.)3..h0...F....}=*Y.m.,.gghf..vj...8..H-8..$.8..sH.X.GCu.Z.:LNc..9Bh.....Z...Z.~..u...[-=....s..o-2.BM".....@..5.9..SA$...b(.$.E...I"...Qg[]...J.uk_....4.b.s4.........H.. . .\...9. ......I..9..8U..ZT...T..m.m.#t.dE.E.....9:$.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring and Summer\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2874
                                          Entropy (8bit):7.734337250355745
                                          Encrypted:false
                                          SSDEEP:48:XASR7FY/+IOy5AXv9xapzLGvG1anri3uPTwI9QFN:wKJYk7aoeC+1I9g
                                          MD5:DA563DB47FA572D224CAB440E5610A32
                                          SHA1:1DFB26871341AE77CF11C231BB927F034AB9DC67
                                          SHA-256:DA4B00BC2FC0D0B7D58CD2FCE08BB25FDC22A2612F9EF984DB33332B08A73357
                                          SHA-512:572C734DC69F9EB390AFE1A566C249BA922DF993ECD524EC451D737AC1AD7C68AF4CC8CAA837A71F03C56365B2E6DC6A073E4628FD7F9920366524AA9EBDF9CD
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................8......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".....................................................................................!.. 1.."#.........................!1AQaq"2...B# ...R3.b.....r$................... ....!1A.Q..0@q..".....................!1AQaq.......................c{^.c.A...../....^....y......I.*...,Y..3......c..1|u8...*5..]..|..t.....!|.z..h.....dvZ....p.vw..F{~=W..F..sR-..~.8..y.!.K..i4....Vq.<.-"...........w.....\H@xs.G......)...3&0..........C.!................E..>.p2..0...oO(............e.hKH%5T.>".8.Q.......f..#.3.J..........(. ......'..c.8.nYR.a.-..`..@ ....V..g.X..1>.j..zW...g!...8@ ..........tO..>.n.;6..L*_.<v ...a.f.x.............(d.{J(g..7..^.b..u.e.5.g,.09n.76C.ZY .]~...O!M#..qM.f....$Y........OZ..i....].U.# $.>......Ya..k066..[^....~.Ik.&\B.....-.........?.HJ.Q

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring and Summer\Resources\is-A6D6B.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):31876
                                          Entropy (8bit):7.97646117787143
                                          Encrypted:false
                                          SSDEEP:768:yyBhRP1E2Ql9EHxPbNI8ifvWeLEB0NOWDZAw1d11O:yiD+Tl9kB+5q2Zv1c
                                          MD5:00B9DF0E285359E881A187B1CEA0F89A
                                          SHA1:A937704F165D3332F2557E41DA7DA7082282A826
                                          SHA-256:B20C977040B45D862D52FD877A42D6D5275FDB79A23416A16E6795804420152D
                                          SHA-512:A5D34482CA20821326F67D7ADC75B0FCC6487961CEE8E65EC7FAC85FE5BD3CCA494B005945A9E5F8A4D6A886C2A050FC17C74D45BEB516EA69A452354DE9716E
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............6...K...|.......................................................#"""#''''''''''..................................................!! !!''''''''''..........."........................................................................................ 0!1.@P".A2.#$4.3B.....................!.. 1.AQa".q...2R.0@P`...Bb#3...r.S.C$.cs.p.D....................!.0@P1Q. `Aaq......p...".....................!1A.Qa q.0...@.....P...................8i.J.....=,..SQ..)...r.Al@,:....Y...4.....Z...,S..`.S<...x..,...........[I.7..n .".h .!.......`.4...M.S.(.E..m.D.M"..E.....b.xj[.<...&..K..J.$P..<(.I..DH ... ...Ac......=..&.P.b...S.Y.w4...u[.+..a6.3....2.9.s.4..K)$.@.P481......i...).....H.."I&.Dh..H.)3..h0...F....}=*Y.m.,.gghf..vj...8..H-8..$.8..sH.X.GCu.Z.:LNc..9Bh.....Z...Z.~..u...[-=....s..o-2.BM".....@..5.9..SA$...b(.$.E...I"...Qg[]...J.uk_....4.b.s4.........H.. . .\...9. ......I..9..8U..ZT...T..m.m.#t.dE.E.....9:$.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring and Summer\Resources\is-BT4NM.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2874
                                          Entropy (8bit):7.734337250355745
                                          Encrypted:false
                                          SSDEEP:48:XASR7FY/+IOy5AXv9xapzLGvG1anri3uPTwI9QFN:wKJYk7aoeC+1I9g
                                          MD5:DA563DB47FA572D224CAB440E5610A32
                                          SHA1:1DFB26871341AE77CF11C231BB927F034AB9DC67
                                          SHA-256:DA4B00BC2FC0D0B7D58CD2FCE08BB25FDC22A2612F9EF984DB33332B08A73357
                                          SHA-512:572C734DC69F9EB390AFE1A566C249BA922DF993ECD524EC451D737AC1AD7C68AF4CC8CAA837A71F03C56365B2E6DC6A073E4628FD7F9920366524AA9EBDF9CD
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................8......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".....................................................................................!.. 1.."#.........................!1AQaq"2...B# ...R3.b.....r$................... ....!1A.Q..0@q..".....................!1AQaq.......................c{^.c.A...../....^....y......I.*...,Y..3......c..1|u8...*5..]..|..t.....!|.z..h.....dvZ....p.vw..F{~=W..F..sR-..~.8..y.!.K..i4....Vq.<.-"...........w.....\H@xs.G......)...3&0..........C.!................E..>.p2..0...oO(............e.hKH%5T.>".8.Q.......f..#.3.J..........(. ......'..c.8.nYR.a.-..`..@ ....V..g.X..1>.j..zW...g!...8@ ..........tO..>.n.;6..L*_.<v ...a.f.x.............(d.{J(g..7..^.b..u.e.5.g,.09n.76C.ZY .]~...O!M#..qM.f....$Y........OZ..i....].U.# $.>......Ya..k066..[^....~.Ik.&\B.....-.........?.HJ.Q

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring and Summer\is-F9T8B.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9148
                                          Entropy (8bit):5.0228496831576415
                                          Encrypted:false
                                          SSDEEP:192:LwlNJZkLkkLrXlNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:LwlNJZkLkkLrXlNJhkLpkL7kLuvyCjqb
                                          MD5:2436C14ACB96D7908C2EFFE5EEBFFFAD
                                          SHA1:F0C7F7087EA3B6DFD08D946800ED90C99579A1E6
                                          SHA-256:BC4A3E37ED43A59F0BFE0F9A289AB96A3FCC10E36EE29254FC5C5F38BAFF458B
                                          SHA-512:DC99E9EFC6A615B28B6580DE4E014B8C2F5319EC4BB2B2058C71B01F0645FE077709B5AE4F3D58C8B07D9C87D97A71B2A190BB967389D90FCB090F19EBCDFF19
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Spring and Summer" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="3484712" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="380" y1="130" x2="650" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="380" y1="250" x2="650" y2="350"/>......<States>......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9142
                                          Entropy (8bit):5.02140693642014
                                          Encrypted:false
                                          SSDEEP:192:xeNJ+skLFkLrTNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:xeNJFkLFkLrTNJhkLpkL7kLuvyCjqw6N
                                          MD5:87E01171091286225CB23DCAE2323FDB
                                          SHA1:EC09E1DC8BE7C885E94F32A89B772C697B12FC97
                                          SHA-256:F568D762E224DC8AE3CC52DCD31EDF0DAF3F9BCC3257A125F035B07B1CA00595
                                          SHA-512:79E767BE08A11C9EA22953A2649B35DF944C02306CA937A724FB6B3C4EC1376813F345EACAA07DCDFD7CE7B78C461DDDB917218A1560699BC8BD1108A37063D0
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Spring" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="821617" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<Def

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):46835
                                          Entropy (8bit):7.983491781445082
                                          Encrypted:false
                                          SSDEEP:768:k6BtWhbBsSTz/g811jOCj6OHZPAVgR4exqB4jEf910l7KcZDtVJ8L/qUd9Il9b:vBQhFx3pj66R4exJo9e+oDtVmLiUdOlR
                                          MD5:E8C9043A9DDA7C5D33E397AADEAACA8B
                                          SHA1:0F9BF730F79409649357705396B6B86E801BB875
                                          SHA-256:DD01B5EF15892D053F761B477626E4A7575508159F6177F7D595489063956C50
                                          SHA-512:AA662E439BC8ACEEF62AE598D684A2A7733F47844F5AFACECF98A46A2E6CF296813F08955DEA5705178C29C4B8ED44B9C35255683F8D8C29C2190FD743D933A9
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............A...g...........................................................#"""#''''''''''..................................................!! !!''''''''''...........".......................................................................................!. 1.0@"2#..PA3.B$`4%5.....................!..1AQ. aq"...2.0@....BR#Pb3..r.CS.$.4.`...c.......................!.1A.. Qaq"0@...P..2R....Bb`p#.......................!1A.Qaq.. ...0....@................K..$.3C.J..7Coo....P!..B@B@....Aj........9.|d$M SC3~m........=..".z..$L(!"...&.... ........@B@...V.?.U.O3..py.......p.f.,y...K.....r6....Vt.z>..y/`..G.....X..+.i..W.|.\...F..t4..7...P......4..... ...0...Y-T....u..)"...^....}{..;..y.....we[.T...=.G..X.a..P<....1.n!...KP8$..qEr|.a.V!..%.....v.=uZM.CN.N.....0...~..Nz\..[.#.B....%yaj..X.:[........U<5....8."Q.A.cQ!......m.9wy).....i.b......z.....-...?I...T.zn#r......2....Rj....1(..8%1...H<.......$"..@.......}v|7..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3281
                                          Entropy (8bit):7.756685035141939
                                          Encrypted:false
                                          SSDEEP:48:VARiXmLj7W08vLLTLK/HL4jvkRDuCTs+fu7XEGZ/3QNJq7/xRT2uQzUP4z8bse:G0XmLj7GTe/HL44LuV/qJq7/xRaxzb8R
                                          MD5:A08A4DD6A720C4A11526F96D752D333C
                                          SHA1:C1E0E1598398DDC4E9A82801B2593C8CD9A1EEBA
                                          SHA-256:97A54C63F7C5CC14F79D77E9529A4A426CB76CA3782D7B564824431CD28BC3D9
                                          SHA-512:3961E74CA049F82EDE3B00FACF310B26C135D93218D3D2C4A3734A090B11D02A921579253C4D00881E7C578448C02DA49A28F09350B27A72A0A0B9E246E18C1C
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!.. 1"0$.......................!1..AQa"2..q.B...Rb.. ..rC..#$4.....................!1AQa.."..q2. ..b#@..BR...................!.1AQa.q... ..................m.+O.$.......g7. ..U...E.2T.:lF}f..$...T.E.}*.>.i..)U....z.*..~......*..Y+mYS.70.m.....A......v.....:.X......r....lx.).!-...`/.Y.U$............K.......9 .R........M.Q9..tw............W..e..b>3XPXD.?..;8..............X...`...o.............y3.Y...~...?..k/..9:....&mJc....QNOqD.k.`xL....<.df... ....."q7.W.9......B._.....0I/'...bxRs.R@.3...t..).T....C....Z..4.Y...Y.9gv..o.o#..>.,.......*..+D...)..sEa..._......l.lm.R....S#.Bf4_.8do.b.-....B..V].".B..L....=......5X......L\..>w..W.61i....`Ke.G.\.S<G..~g.N.y..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring\Resources\is-AMR4V.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):46835
                                          Entropy (8bit):7.983491781445082
                                          Encrypted:false
                                          SSDEEP:768:k6BtWhbBsSTz/g811jOCj6OHZPAVgR4exqB4jEf910l7KcZDtVJ8L/qUd9Il9b:vBQhFx3pj66R4exJo9e+oDtVmLiUdOlR
                                          MD5:E8C9043A9DDA7C5D33E397AADEAACA8B
                                          SHA1:0F9BF730F79409649357705396B6B86E801BB875
                                          SHA-256:DD01B5EF15892D053F761B477626E4A7575508159F6177F7D595489063956C50
                                          SHA-512:AA662E439BC8ACEEF62AE598D684A2A7733F47844F5AFACECF98A46A2E6CF296813F08955DEA5705178C29C4B8ED44B9C35255683F8D8C29C2190FD743D933A9
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............A...g...........................................................#"""#''''''''''..................................................!! !!''''''''''...........".......................................................................................!. 1.0@"2#..PA3.B$`4%5.....................!..1AQ. aq"...2.0@....BR#Pb3..r.CS.$.4.`...c.......................!.1A.. Qaq"0@...P..2R....Bb`p#.......................!1A.Qaq.. ...0....@................K..$.3C.J..7Coo....P!..B@B@....Aj........9.|d$M SC3~m........=..".z..$L(!"...&.... ........@B@...V.?.U.O3..py.......p.f.,y...K.....r6....Vt.z>..y/`..G.....X..+.i..W.|.\...F..t4..7...P......4..... ...0...Y-T....u..)"...^....}{..;..y.....we[.T...=.G..X.a..P<....1.n!...KP8$..qEr|.a.V!..%.....v.=uZM.CN.N.....0...~..Nz\..[.#.B....%yaj..X.:[........U<5....8."Q.A.cQ!......m.9wy).....i.b......z.....-...?I...T.zn#r......2....Rj....1(..8%1...H<.......$"..@.......}v|7..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring\Resources\is-PNV5V.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3281
                                          Entropy (8bit):7.756685035141939
                                          Encrypted:false
                                          SSDEEP:48:VARiXmLj7W08vLLTLK/HL4jvkRDuCTs+fu7XEGZ/3QNJq7/xRT2uQzUP4z8bse:G0XmLj7GTe/HL44LuV/qJq7/xRaxzb8R
                                          MD5:A08A4DD6A720C4A11526F96D752D333C
                                          SHA1:C1E0E1598398DDC4E9A82801B2593C8CD9A1EEBA
                                          SHA-256:97A54C63F7C5CC14F79D77E9529A4A426CB76CA3782D7B564824431CD28BC3D9
                                          SHA-512:3961E74CA049F82EDE3B00FACF310B26C135D93218D3D2C4A3734A090B11D02A921579253C4D00881E7C578448C02DA49A28F09350B27A72A0A0B9E246E18C1C
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!.. 1"0$.......................!1..AQa"2..q.B...Rb.. ..rC..#$4.....................!1AQa.."..q2. ..b#@..BR...................!.1AQa.q... ..................m.+O.$.......g7. ..U...E.2T.:lF}f..$...T.E.}*.>.i..)U....z.*..~......*..Y+mYS.70.m.....A......v.....:.X......r....lx.).!-...`/.Y.U$............K.......9 .R........M.Q9..tw............W..e..b>3XPXD.?..;8..............X...`...o.............y3.Y...~...?..k/..9:....&mJc....QNOqD.k.`xL....<.df... ....."q7.W.9......B._.....0I/'...bxRs.R@.3...t..).T....C....Z..4.Y...Y.9gv..o.o#..>.,.......*..+D...)..sEa..._......l.lm.R....S#.Bf4_.8do.b.-....B..V].".B..L....=......5X......L\..>w..W.61i....`Ke.G.\.S<G..~g.N.y..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Spring\is-K8777.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9142
                                          Entropy (8bit):5.02140693642014
                                          Encrypted:false
                                          SSDEEP:192:xeNJ+skLFkLrTNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:xeNJFkLFkLrTNJhkLpkL7kLuvyCjqw6N
                                          MD5:87E01171091286225CB23DCAE2323FDB
                                          SHA1:EC09E1DC8BE7C885E94F32A89B772C697B12FC97
                                          SHA-256:F568D762E224DC8AE3CC52DCD31EDF0DAF3F9BCC3257A125F035B07B1CA00595
                                          SHA-512:79E767BE08A11C9EA22953A2649B35DF944C02306CA937A724FB6B3C4EC1376813F345EACAA07DCDFD7CE7B78C461DDDB917218A1560699BC8BD1108A37063D0
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Spring" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="821617" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<Def

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Summer Time\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9147
                                          Entropy (8bit):5.0212946252933826
                                          Encrypted:false
                                          SSDEEP:192:UjNJ+skLFkLr2NJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:UjNJFkLFkLr2NJhkLpkL7kLuvyCjqw6N
                                          MD5:E9D79A7EFBF0625013A8B6623D8DCA6C
                                          SHA1:F9ACAE3657EB182BAECF8CE8C1D25FF6E3A6FE24
                                          SHA-256:10BFE55043B5CE142E1B58DCBD6EDDC28AF3BA23D1C24C360E4AED16C182A32B
                                          SHA-512:702FDDF17412B629BDF636688819DDE284FAA2B448908945B9FA69DC44E01BC524CC5E2FBF32759E8FBFBBD062D51C9027E31DCF01AD377B9B317D755F11BCB8
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Summer Time" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="405452" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Summer Time\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 721x541, components 3
                                          Category:dropped
                                          Size (bytes):153287
                                          Entropy (8bit):7.978115648494444
                                          Encrypted:false
                                          SSDEEP:3072:sQjG2UwJuQpNV9kqR0JWv2/ffmrP6nRlDovJjbUzdEKH3QovZ8yNxiyj2VVF:s90uGNV9krIb6vDo+SwjhIyq3
                                          MD5:E595FBEAC7E0C7B87E468F751076EFC2
                                          SHA1:47DB6A4AE7AFC45BAF1BA6AEAFFC98897FAEBC30
                                          SHA-256:3B2B53EC64337B300C454F47D21884DD2E32A4895F4324C69ACAEAC8F02FAAE9
                                          SHA-512:391E353FFE010B0A4E43B47E1466FD6D12EF1D9C38395716292F001F3FB068652E94373BC7158C4020D82DAB2AC10C93CF91DBF8EEC3B96AB0A1A61A6C985E7F
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......P.....&Adobe.d................n.......J..V...........................................................................................................................................................................................................................................!.. 1"..0@2#.PA3$..B%......................!.1..AQa"2..q.B .R#0...b3...r.C$.4.@.P.c.SD.....%5....................!. 0P@`1.p..Aa.q"....................!1AQ.aq. .....0...@P................HZ...I+..}..]..zW_.......R......$e3!i.7..?K...-7..A...s.6K6.......M.Zui..u..*<.N!jJV,B...2.V..Y%.q'..(.H.....I...AaX......B.J.P....X.1.g)..c)...0<...(`..m....!...!..*.bl.a..m...6.5.4.P6gOv.Z...........>..A..;....m.;P2.%.....9.peS:....d3.02.2..-I....cD.aa.....R.......H9..,..R.4...B..L.4........%.I.Y...X2.(....*Z...qW.g...&..B.L.}..n...W.......:+..q0K.+.Z..~.....amF...}./]'.....0w...J.qzw....O.H.A2$..Y%....a6.U.)0..-I...a.....I........37.y.XT..l.,.C..M$... .).....CV1Y

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Summer Time\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3831
                                          Entropy (8bit):7.8226032412083875
                                          Encrypted:false
                                          SSDEEP:96:SwG2Zs8bhkL3hKm1aylJozOOmRvkf12uvzQzgBI3CVYMT1:xGms8bhkbV1zJaOZRvkfUuvMzgBIUYMR
                                          MD5:F04316EBC3B6976D7F5D1A3A53D15EF8
                                          SHA1:DC74F3E4ED69F6039C243D8C086654B5B8290835
                                          SHA-256:53FC5EBC39BCF56740C75CC0CBDBCA25CA5A92042BC0A521B302FE2913196BBC
                                          SHA-512:CA1E093DEB1F414479ABC455AADB1434EBFC4FA16A541CEF7F61E462E440FC8FAC0B564101FA0086E8D33FC931A8F17479745FD6D79B5763738F9F56F8665089
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............J..............................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!...1"#2.......................!..1.AQ"2.q.a...BRb#.....r3.C$.....................!1Q.Aa.....q."....2#....................!1AQaq.......................{.4..D....K%.2.. ..{|..s...?.DP..fNGh...W..I.1....(...qV.e.7K...h..~e%=B.ou.H..mX.L.e...#...w}W...?;h......_z...P....q.xc8E.%....Sf.H.....S.....`?.........././x.......'.N....F5{./y..rQ.HtB......-.>g^&pFp......23.............^,..........Z...l=.F-...8V>=..31...,....>.......'..s..............0......q..J.&>..X..ZC.....H....76F.]..6....3>...slY..nIZ.....iqJ.t..9;.....^...:..B..Z...^q...5.VF.}.)..G..!hg..0..]x..*.[..A5.8.%nH...X...6..]1}..j..Xj..c*q.]n..j~...J...VI...!....#d....O.o..=T....)..M.....9....G.......T.o.{.DW]..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Summer Time\Resources\is-9I265.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 721x541, components 3
                                          Category:dropped
                                          Size (bytes):153287
                                          Entropy (8bit):7.978115648494444
                                          Encrypted:false
                                          SSDEEP:3072:sQjG2UwJuQpNV9kqR0JWv2/ffmrP6nRlDovJjbUzdEKH3QovZ8yNxiyj2VVF:s90uGNV9krIb6vDo+SwjhIyq3
                                          MD5:E595FBEAC7E0C7B87E468F751076EFC2
                                          SHA1:47DB6A4AE7AFC45BAF1BA6AEAFFC98897FAEBC30
                                          SHA-256:3B2B53EC64337B300C454F47D21884DD2E32A4895F4324C69ACAEAC8F02FAAE9
                                          SHA-512:391E353FFE010B0A4E43B47E1466FD6D12EF1D9C38395716292F001F3FB068652E94373BC7158C4020D82DAB2AC10C93CF91DBF8EEC3B96AB0A1A61A6C985E7F
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......P.....&Adobe.d................n.......J..V...........................................................................................................................................................................................................................................!.. 1"..0@2#.PA3$..B%......................!.1..AQa"2..q.B .R#0...b3...r.C$.4.@.P.c.SD.....%5....................!. 0P@`1.p..Aa.q"....................!1AQ.aq. .....0...@P................HZ...I+..}..]..zW_.......R......$e3!i.7..?K...-7..A...s.6K6.......M.Zui..u..*<.N!jJV,B...2.V..Y%.q'..(.H.....I...AaX......B.J.P....X.1.g)..c)...0<...(`..m....!...!..*.bl.a..m...6.5.4.P6gOv.Z...........>..A..;....m.;P2.%.....9.peS:....d3.02.2..-I....cD.aa.....R.......H9..,..R.4...B..L.4........%.I.Y...X2.(....*Z...qW.g...&..B.L.}..n...W.......:+..q0K.+.Z..~.....amF...}./]'.....0w...J.qzw....O.H.A2$..Y%....a6.U.)0..-I...a.....I........37.y.XT..l.,.C..M$... .).....CV1Y

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Summer Time\Resources\is-JC1KV.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3831
                                          Entropy (8bit):7.8226032412083875
                                          Encrypted:false
                                          SSDEEP:96:SwG2Zs8bhkL3hKm1aylJozOOmRvkf12uvzQzgBI3CVYMT1:xGms8bhkbV1zJaOZRvkfUuvMzgBIUYMR
                                          MD5:F04316EBC3B6976D7F5D1A3A53D15EF8
                                          SHA1:DC74F3E4ED69F6039C243D8C086654B5B8290835
                                          SHA-256:53FC5EBC39BCF56740C75CC0CBDBCA25CA5A92042BC0A521B302FE2913196BBC
                                          SHA-512:CA1E093DEB1F414479ABC455AADB1434EBFC4FA16A541CEF7F61E462E440FC8FAC0B564101FA0086E8D33FC931A8F17479745FD6D79B5763738F9F56F8665089
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............J..............................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!...1"#2.......................!..1.AQ"2.q.a...BRb#.....r3.C$.....................!1Q.Aa.....q."....2#....................!1AQaq.......................{.4..D....K%.2.. ..{|..s...?.DP..fNGh...W..I.1....(...qV.e.7K...h..~e%=B.ou.H..mX.L.e...#...w}W...?;h......_z...P....q.xc8E.%....Sf.H.....S.....`?.........././x.......'.N....F5{./y..rQ.HtB......-.>g^&pFp......23.............^,..........Z...l=.F-...8V>=..31...,....>.......'..s..............0......q..J.&>..X..ZC.....H....76F.]..6....3>...slY..nIZ.....iqJ.t..9;.....^...:..B..Z...^q...5.VF.}.)..G..!hg..0..]x..*.[..A5.8.%nH...X...6..]1}..j..Xj..c*q.]n..j~...J...VI...!....#d....O.o..=T....)..M.....9....G.......T.o.{.DW]..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Summer Time\is-TMVME.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9147
                                          Entropy (8bit):5.0212946252933826
                                          Encrypted:false
                                          SSDEEP:192:UjNJ+skLFkLr2NJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:UjNJFkLFkLr2NJhkLpkL7kLuvyCjqw6N
                                          MD5:E9D79A7EFBF0625013A8B6623D8DCA6C
                                          SHA1:F9ACAE3657EB182BAECF8CE8C1D25FF6E3A6FE24
                                          SHA-256:10BFE55043B5CE142E1B58DCBD6EDDC28AF3BA23D1C24C360E4AED16C182A32B
                                          SHA-512:702FDDF17412B629BDF636688819DDE284FAA2B448908945B9FA69DC44E01BC524CC5E2FBF32759E8FBFBBD062D51C9027E31DCF01AD377B9B317D755F11BCB8
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Summer Time" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="405452" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Summer\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9144
                                          Entropy (8bit):5.022809838902032
                                          Encrypted:false
                                          SSDEEP:192:xw9NJ+skLFkLrX9NJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:xw9NJFkLFkLrX9NJhkLpkL7kLuvyCjqb
                                          MD5:13C1727E07801539ED2353E65DAB8D05
                                          SHA1:C82243B242A66EF6C637C05FF07BAC2FC2A652F8
                                          SHA-256:2615F2A1FCF2DD98E624D82D760888E2E2E65A31094DFA095A6F8E7FAC972002
                                          SHA-512:24A0A730EBC63D296BED25226309B8B0E311D63BAF85EB956413E76D06571569769DDECB13E0BB441C6871D8CD58E794EFCE5A109AB00FB0332C25C62CF957D7
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Summer" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="3381783" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<De

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Summer\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):75068
                                          Entropy (8bit):7.984554541288645
                                          Encrypted:false
                                          SSDEEP:1536:Y98IfRc02s/wfeYSQBeIEBtGpT18SpKYJw5JlQRotFKyRAFw7e:Ju5/9nIZwtC18H22lQ/me
                                          MD5:CED291560249D6134DEA43C571063AFC
                                          SHA1:9D839041CF9B6F85456332BF59F5A05DF4E582C2
                                          SHA-256:B6F24CC6435A8BD8C2A95A1A8E5BA165394E9FE6D0B4457BA3C071F22457E7F7
                                          SHA-512:A156027AC593A0424EC5BFE197664F4E4CA3EB51F8B8E0F1FA20B884DE762DF52E614A8144B7BEB90C5D59B77FABA87AD7DB75AC7D22D01AA438FDCC10AC6939
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............A.... ..%:......................................................#"""#''''''''''..................................................!! !!''''''''''..........."........................................................................................!.1" 0@..PA2#`.B3.$4......................!1.AQa".q.2....BR...b#P.r.3. @`.0...CS.c$..4....................!1.AQa..q.." 0P....@..`2.#p..b....................!1AQaq..... ....0.@P................O.<.$................!c....@H@@`.`.0.....&...........0...I.......@H.$.h!.HF...M5C..^Y4.......^gfmZ6q.^...o=.....d...R........FIa.! .0,0.h...0...&.................,h...0...a.a.2.!.$a. HH..(.zlu.w.'S..<U>.&W.j...9yN.WW6.h..=,.]...l.d./....o.....H@.BHP!"..........X.K..L.... .`)0.0.h.H.$.....$.!.$.$...$A2.I.At._...wV..[G.zx...X..e}p.ctHr.z...@0..[.i....x2....0.H.. .@... ..Jd`......$.$.!.!.$............0...0.$..@.d...../'..z?3....u...6......KI`...ieV....$b.h.~j.~... Hb$.B.1...@0!!.!(X

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Summer\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2813
                                          Entropy (8bit):7.70660866350887
                                          Encrypted:false
                                          SSDEEP:48:zAQDi82X2uaG5obuTjMNikMvaYF+S3N0mJefVhbPh4zQICg7C117hBNYGwvH:MQX2LobufF8obAry1Pm1dhrYGwvH
                                          MD5:19C622659C4B4904FFB8319CE1EBCE06
                                          SHA1:C7D0753CB9CF3C535E51060AE751C1C5D27DD697
                                          SHA-256:313DC9D901953EFA9112BAE10C29FDE40B80F523CDD41A4AFF978E3412C9DBB8
                                          SHA-512:43428ECF119E1693DCDE1E1DB730FC2FE12809C7CCA864CD8BCD065B862AA20D9E4406B8A17EBC1B60303967F067A7718FC113221172D96A76A1864A73A93469
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."........................................................................................ !"..1......................!..1AQaq."...2....# 0...BRbS...3C....................!..q.. 0.1AQa..".2.r3...................!.1AQaq...... .....................:*/.i#v~...o[.=........+..;.u....,g.s_/.....[=UG.#.;.nY...Z...\...j.....f....{Kv.djb[..xa/.(,.Z.!..bZ..(...R.MH.=*..KQ...........:.YcX.A....C].I.y..8._bD....hH.....S[.....a...x........3..............V....~.T.Mel..V...~...Mk..........l>................f.......(...U.`SiLLMf.Y..zNam.UF.,...#s. ....K.T" ..>.Pz...?.*...83........ms...T.(n^pv..c.....ia4.A.Yc..8.Y.b...,.J..._......{Q8.}..._PJ.C.l.X..e~...U.._...z......S0W....... .M.....<.a.jmPGF@.1m/..5._v..o......p..9..b.....+.x...J...7..........?...D

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Summer\Resources\is-ABDVO.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):75068
                                          Entropy (8bit):7.984554541288645
                                          Encrypted:false
                                          SSDEEP:1536:Y98IfRc02s/wfeYSQBeIEBtGpT18SpKYJw5JlQRotFKyRAFw7e:Ju5/9nIZwtC18H22lQ/me
                                          MD5:CED291560249D6134DEA43C571063AFC
                                          SHA1:9D839041CF9B6F85456332BF59F5A05DF4E582C2
                                          SHA-256:B6F24CC6435A8BD8C2A95A1A8E5BA165394E9FE6D0B4457BA3C071F22457E7F7
                                          SHA-512:A156027AC593A0424EC5BFE197664F4E4CA3EB51F8B8E0F1FA20B884DE762DF52E614A8144B7BEB90C5D59B77FABA87AD7DB75AC7D22D01AA438FDCC10AC6939
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............A.... ..%:......................................................#"""#''''''''''..................................................!! !!''''''''''..........."........................................................................................!.1" 0@..PA2#`.B3.$4......................!1.AQa".q.2....BR...b#P.r.3. @`.0...CS.c$..4....................!1.AQa..q.." 0P....@..`2.#p..b....................!1AQaq..... ....0.@P................O.<.$................!c....@H@@`.`.0.....&...........0...I.......@H.$.h!.HF...M5C..^Y4.......^gfmZ6q.^...o=.....d...R........FIa.! .0,0.h...0...&.................,h...0...a.a.2.!.$a. HH..(.zlu.w.'S..<U>.&W.j...9yN.WW6.h..=,.]...l.d./....o.....H@.BHP!"..........X.K..L.... .`)0.0.h.H.$.....$.!.$.$...$A2.I.At._...wV..[G.zx...X..e}p.ctHr.z...@0..[.i....x2....0.H.. .@... ..Jd`......$.$.!.!.$............0...0.$..@.d...../'..z?3....u...6......KI`...ieV....$b.h.~j.~... Hb$.B.1...@0!!.!(X

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Summer\Resources\is-V4DN5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2813
                                          Entropy (8bit):7.70660866350887
                                          Encrypted:false
                                          SSDEEP:48:zAQDi82X2uaG5obuTjMNikMvaYF+S3N0mJefVhbPh4zQICg7C117hBNYGwvH:MQX2LobufF8obAry1Pm1dhrYGwvH
                                          MD5:19C622659C4B4904FFB8319CE1EBCE06
                                          SHA1:C7D0753CB9CF3C535E51060AE751C1C5D27DD697
                                          SHA-256:313DC9D901953EFA9112BAE10C29FDE40B80F523CDD41A4AFF978E3412C9DBB8
                                          SHA-512:43428ECF119E1693DCDE1E1DB730FC2FE12809C7CCA864CD8BCD065B862AA20D9E4406B8A17EBC1B60303967F067A7718FC113221172D96A76A1864A73A93469
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."........................................................................................ !"..1......................!..1AQaq."...2....# 0...BRbS...3C....................!..q.. 0.1AQa..".2.r3...................!.1AQaq...... .....................:*/.i#v~...o[.=........+..;.u....,g.s_/.....[=UG.#.;.nY...Z...\...j.....f....{Kv.djb[..xa/.(,.Z.!..bZ..(...R.MH.=*..KQ...........:.YcX.A....C].I.y..8._bD....hH.....S[.....a...x........3..............V....~.T.Mel..V...~...Mk..........l>................f.......(...U.`SiLLMf.Y..zNam.UF.,...#s. ....K.T" ..>.Pz...?.*...83........ms...T.(n^pv..c.....ia4.A.Yc..8.Y.b...,.J..._......{Q8.}..._PJ.C.l.X..e~...U.._...z......S0W....... .M.....<.a.jmPGF@.1m/..5._v..o......p..9..b.....+.x...J...7..........?...D

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Summer\is-QRSIG.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9144
                                          Entropy (8bit):5.022809838902032
                                          Encrypted:false
                                          SSDEEP:192:xw9NJ+skLFkLrX9NJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:xw9NJFkLFkLrX9NJhkLpkL7kLuvyCjqb
                                          MD5:13C1727E07801539ED2353E65DAB8D05
                                          SHA1:C82243B242A66EF6C637C05FF07BAC2FC2A652F8
                                          SHA-256:2615F2A1FCF2DD98E624D82D760888E2E2E65A31094DFA095A6F8E7FAC972002
                                          SHA-512:24A0A730EBC63D296BED25226309B8B0E311D63BAF85EB956413E76D06571569769DDECB13E0BB441C6871D8CD58E794EFCE5A109AB00FB0332C25C62CF957D7
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Summer" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="3381783" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<De

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To China\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9144
                                          Entropy (8bit):5.022333201549299
                                          Encrypted:false
                                          SSDEEP:192:8/NJHkLIkLr0NJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:8/NJHkLIkLr0NJhkLpkL7kLuvyCjqw6N
                                          MD5:6773E7F6E6AFAF0CF49E86F2DA08BA14
                                          SHA1:47622D8063A611FC927F912653D7B910E86F25B9
                                          SHA-256:885CB01B38423440EE759C0228013BDFE257031797A851D139F8097484D1FD3A
                                          SHA-512:72BAA15DA65BBA145B5620A849A28DDBA2D0235A4FF591B7F47FB3B03A66F221C705CC69AEAC251FCACE3DA1A37CCC47A74B9C703C752456AF359561DE9DFE20
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Travel To China" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="8830410" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......<De

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To China\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):142341
                                          Entropy (8bit):7.9793080088466874
                                          Encrypted:false
                                          SSDEEP:3072:iM14xoq4ELtYdlBAYUf+KVtkd1BUEWHyleIE12Wq0qKafA:koqGOdtclWw103aI
                                          MD5:F02FB506A39DACD2F08FE01CBC4DCA95
                                          SHA1:69C5479B66348574503EA622A010122A31E92210
                                          SHA-256:1EC7E735C49E28C6567247A2635FA1568300D5C24828ED2F2FE1537670FE2A36
                                          SHA-512:8A545A51E0A05F1A612156B2818C83FD0D2D05E82AFB7B361034C9717A3B2B2848FDDF993DD058555B10EEADBF0C93C472A7394A3971ACBFDDE9F3011DAEF37A
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......F......Adobe.d...............................................................................................................................................................................................................................................!.1.AQ".a..q..2...BR#..3...br$..C...S4%.c.D...5..s..T..u&6'7......................!..1AQa"..q...2....B#..Rb.3$.r......4C............?...]|P......C..t...Q+.5AH.R..TI...".*.-..#..yh.lPG.WW.6(..@6*.....QA..0......<.........]\..4-.....:.....u R7... ^4:......uR..1..4......P..&.$7.\.w.j.6.H...8..A....BP..B.....F...Bw....F.....h).P......!m.b..tH[.......A.M1....i. jSp4.Y.k......$....j..V.@....a@"....'m.H..}..B..Q....]....o.e.x.h.".%`..;.<..X.|....W.x.........r...n.....$..X..j.....'X.|,...~....1.mLO.y...Fy...vg5....$..t9.l....Q(.tWbzSIwo..R..<.,..l!S.{.%.F"........8.{.}.K........I..:l.^..!@.ZS.V........1..sq,.........i?s.!{..QBT.%...4vl%J..q.......>.....k ,.:.....4R...T....o..R.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To China\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3785
                                          Entropy (8bit):7.81242375522924
                                          Encrypted:false
                                          SSDEEP:96:JWYHWiLTPtE1tKeyU1Cc22bSQjdnbJL8+pwnx2zIM:AiLTPtjel1CTkdbZ8tUEM
                                          MD5:08A4FCAB9C5C4C08AA8F4554281970D0
                                          SHA1:FB7F35F803FEE31C47AC938F13102B61FA819DDF
                                          SHA-256:E964B499DDE2FCCF6F6C16B76441B7E44C3AEEB366DD031EA90A8DB375C68505
                                          SHA-512:5D8E1CE1AEA3F0DF1F54273B4FB05891D2A2C49AC8A8990527BB7D2F631EF9774C7A5B58A2C8703B95CF8CCB81AF571D65E6B74C0EFEF15DCE7E257796913949
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............L... ..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!.".... A2......................!..1A".Qa2qBR#.........r3$ .b.CSc4.....................!.A1Q.. aq........"2R....................!1AQaq......................!...\..32.I?.e.u.)...u.x.~....b.+....x}.\VxZ.P.........Z.B.H.^3.P..u......V..e...t.X.[....?V.qpY.Co'J.z.-..X..<.,"rC.^Rg7H..)..#.T..}....$.i7.............$.Dy..z.0....|B.C.p....8|`.....3..I..'..x.0.S..s..2\v.................%<'.8..\}.'..N...%].~.>FQ..^_.....p...=zK............W.#.C....g\..R^....G$..p........=mO~....]....9.\.,...(.?...1..fR.}.X...*..b...F..P..g^.0D7... ...../.xE..K.F....b!a..!S.~.Ge.l.Q...$..V7QS-.k.....@{...X.-5...~..........$.]6...,YDT.v.7E.,[.[.?..........M..4..3.+.vTj.T.V...y...V.j...P

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To China\Resources\is-DPPCP.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):142341
                                          Entropy (8bit):7.9793080088466874
                                          Encrypted:false
                                          SSDEEP:3072:iM14xoq4ELtYdlBAYUf+KVtkd1BUEWHyleIE12Wq0qKafA:koqGOdtclWw103aI
                                          MD5:F02FB506A39DACD2F08FE01CBC4DCA95
                                          SHA1:69C5479B66348574503EA622A010122A31E92210
                                          SHA-256:1EC7E735C49E28C6567247A2635FA1568300D5C24828ED2F2FE1537670FE2A36
                                          SHA-512:8A545A51E0A05F1A612156B2818C83FD0D2D05E82AFB7B361034C9717A3B2B2848FDDF993DD058555B10EEADBF0C93C472A7394A3971ACBFDDE9F3011DAEF37A
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......F......Adobe.d...............................................................................................................................................................................................................................................!.1.AQ".a..q..2...BR#..3...br$..C...S4%.c.D...5..s..T..u&6'7......................!..1AQa"..q...2....B#..Rb.3$.r......4C............?...]|P......C..t...Q+.5AH.R..TI...".*.-..#..yh.lPG.WW.6(..@6*.....QA..0......<.........]\..4-.....:.....u R7... ^4:......uR..1..4......P..&.$7.\.w.j.6.H...8..A....BP..B.....F...Bw....F.....h).P......!m.b..tH[.......A.M1....i. jSp4.Y.k......$....j..V.@....a@"....'m.H..}..B..Q....]....o.e.x.h.".%`..;.<..X.|....W.x.........r...n.....$..X..j.....'X.|,...~....1.mLO.y...Fy...vg5....$..t9.l....Q(.tWbzSIwo..R..<.,..l!S.{.%.F"........8.{.}.K........I..:l.^..!@.ZS.V........1..sq,.........i?s.!{..QBT.%...4vl%J..q.......>.....k ,.:.....4R...T....o..R.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To China\Resources\is-QEK8J.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3785
                                          Entropy (8bit):7.81242375522924
                                          Encrypted:false
                                          SSDEEP:96:JWYHWiLTPtE1tKeyU1Cc22bSQjdnbJL8+pwnx2zIM:AiLTPtjel1CTkdbZ8tUEM
                                          MD5:08A4FCAB9C5C4C08AA8F4554281970D0
                                          SHA1:FB7F35F803FEE31C47AC938F13102B61FA819DDF
                                          SHA-256:E964B499DDE2FCCF6F6C16B76441B7E44C3AEEB366DD031EA90A8DB375C68505
                                          SHA-512:5D8E1CE1AEA3F0DF1F54273B4FB05891D2A2C49AC8A8990527BB7D2F631EF9774C7A5B58A2C8703B95CF8CCB81AF571D65E6B74C0EFEF15DCE7E257796913949
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............L... ..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."......................................................................................!.".... A2......................!..1A".Qa2qBR#.........r3$ .b.CSc4.....................!.A1Q.. aq........"2R....................!1AQaq......................!...\..32.I?.e.u.)...u.x.~....b.+....x}.\VxZ.P.........Z.B.H.^3.P..u......V..e...t.X.[....?V.qpY.Co'J.z.-..X..<.,"rC.^Rg7H..)..#.T..}....$.i7.............$.Dy..z.0....|B.C.p....8|`.....3..I..'..x.0.S..s..2\v.................%<'.8..\}.'..N...%].~.>FQ..^_.....p...=zK............W.#.C....g\..R^....G$..p........=mO~....]....9.\.,...(.?...1..fR.}.X...*..b...F..P..g^.0D7... ...../.xE..K.F....b!a..!S.~.Ge.l.Q...$..V7QS-.k.....@{...X.-5...~..........$.]6...,YDT.v.7E.,[.[.?..........M..4..3.+.vTj.T.V...y...V.j...P

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To China\is-O9BE2.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9144
                                          Entropy (8bit):5.022333201549299
                                          Encrypted:false
                                          SSDEEP:192:8/NJHkLIkLr0NJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:8/NJHkLIkLr0NJhkLpkL7kLuvyCjqw6N
                                          MD5:6773E7F6E6AFAF0CF49E86F2DA08BA14
                                          SHA1:47622D8063A611FC927F912653D7B910E86F25B9
                                          SHA-256:885CB01B38423440EE759C0228013BDFE257031797A851D139F8097484D1FD3A
                                          SHA-512:72BAA15DA65BBA145B5620A849A28DDBA2D0235A4FF591B7F47FB3B03A66F221C705CC69AEAC251FCACE3DA1A37CCC47A74B9C703C752456AF359561DE9DFE20
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Travel To China" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="8830410" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......<De

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To Egypt\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9146
                                          Entropy (8bit):5.025304413839002
                                          Encrypted:false
                                          SSDEEP:192:wwjNJZkLkkLrXjNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:wwjNJZkLkkLrXjNJhkLpkL7kLuvyCjqb
                                          MD5:E0FBB363B09D4F59D356A9EAA722CC81
                                          SHA1:5471BF9803B63B00DCA4A0569665E22AED7ECFB1
                                          SHA-256:0C8E2DEFE5152974C7789E7E4C653E844367EAA85C9E371F686C4715C5858668
                                          SHA-512:52864DF7373341A67EA8FD6A29DB3A2981422A71CF3DD8E95D6699A1F93A3C13F79BCB44238332654DE5A139397C9B2222C0BB61C5F0DE0C76B0A3F18B5E1DC7
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Travel To Egypt" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="3298397" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="380" y1="130" x2="650" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="380" y1="250" x2="650" y2="350"/>......<States>.......<

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To Egypt\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):152132
                                          Entropy (8bit):7.986382387504028
                                          Encrypted:false
                                          SSDEEP:3072:Sz9B5GwX5utnHejxbYLt58CbMACacgIXI0c6+/AyINb3mlw8v+OFFWg:SRHX5mnAxyPvbMVPPXI0J+/AyIm+OFFX
                                          MD5:BF6BB393A310527C52E4A13022316090
                                          SHA1:A31CF0B2F5E1A830A612E939394732AB61CBD930
                                          SHA-256:B9721A59948B89AA286E885124DB4615C97DB36563E8C9D750B810CA87B0EA8B
                                          SHA-512:31B4A5E25C3AFE754CC490D1B953EE2002D26E7B2942F9804E8DAE77493BF460484971D173D4CE96E2644ABDC4379F254FE6A37B07ADDDFFA72DB13388BF2B86
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......@.....&Adobe.d...............i....t..[...RB.......................................................................................................................................................................................................................................!. ..1.0PA"2@#..3$`B%45.C.....................!.1A..Qaq".2. .....BR#...b3.r..0.CS$....cs4D...@....................`..!1a.0@p. AqP.Q".......................!1A.Qaq.. .0....@P`.................4..+l~5..\....Vp...6..k.z....u.._'....r.o>.@.<.M.8.<....WZ....<...Q..Y.S$.p...,.P3Yc..`b.....-..2Rm...u..e.4%.!.C.`.ZL.dyJ..K\.Y......VjVt.#:..E.ro...].j._.7r..yt.|.Ke..Eze....T.q..gU.'.[.l.].o....7......!v./..U..9h.....i <......C......X.XJ"...n$p....... ..!I..T..m..2..,.9..8..S...k..'....z0......._.m...zN..<..}...'.@+..9t'..w.."n.....s.l.d.g.|M"....R..*>.*Y<*...5*:6R........B..X,....<<YN.....Y-jB...buu...EyG..3|.9...;...~.:W..p.m.W.w.}...o.z}/."........i........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To Egypt\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3812
                                          Entropy (8bit):7.810837402709973
                                          Encrypted:false
                                          SSDEEP:96:e4fxwcTV51JdjnaB30ceoGQZhaV0nYC69/aDbyq:t3vV3c1GGiGYC8SCq
                                          MD5:F3952ACAAABEFDDA125195C583946F46
                                          SHA1:0222A12899521D6A50E1C7DABCEAED56D998DA98
                                          SHA-256:228DB7A7D30F7A7B5EA4A37BA40C1BD92BC11EE23196C5B082B258EE895AF9F6
                                          SHA-512:A970E049967A70A01FE8778AFFCED13B69F1B349EE3D9F9B690CCFBC81A0ED95E99A43544F027DBDDCEDB069215387A40D48DA8B24F16F75A3AE10484DB50C13
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................... !"..AB3$.......................!1..A".aqQ2B..Rb3....#.....r.$.................... !..1AQa...".....2....................!1AQaq... ......................3\....V.M.. tu'.G#.m%y].....nS)]G.l....8\..nL.#f.9.....4+E....d..Z..;X.b8AZ..#..3..s..P.|....+.No'K./A.^Z.a..0..Y..J..XJK?.".H...........Qm.^p.Y......k...1.1..Y._o(.sI.29.[.p.{.oO............!.."y.L.>_.[$|....5...ns..s.6....P.g...........M..:6E7..u.+..3.'..0.fE23...x..R......=..S.~.3...mbj.rJ@.._k`.........S..t.......uqU../P..N&.0k=NmJh.....b.R...&IP.M..E....q.l.$m.G.LFY..7..bMEue6<.;. ....#.i..>HA..O.oq...rC.ba........E.)K&.<Aq^?.....r1'.9.o....c.u..=.GD+|..|...f..p.......3.;...o.;.......Mm.j.D.a.....$..N..].-7l..7-.[

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To Egypt\Resources\is-EM16Q.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):152132
                                          Entropy (8bit):7.986382387504028
                                          Encrypted:false
                                          SSDEEP:3072:Sz9B5GwX5utnHejxbYLt58CbMACacgIXI0c6+/AyINb3mlw8v+OFFWg:SRHX5mnAxyPvbMVPPXI0J+/AyIm+OFFX
                                          MD5:BF6BB393A310527C52E4A13022316090
                                          SHA1:A31CF0B2F5E1A830A612E939394732AB61CBD930
                                          SHA-256:B9721A59948B89AA286E885124DB4615C97DB36563E8C9D750B810CA87B0EA8B
                                          SHA-512:31B4A5E25C3AFE754CC490D1B953EE2002D26E7B2942F9804E8DAE77493BF460484971D173D4CE96E2644ABDC4379F254FE6A37B07ADDDFFA72DB13388BF2B86
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......@.....&Adobe.d...............i....t..[...RB.......................................................................................................................................................................................................................................!. ..1.0PA"2@#..3$`B%45.C.....................!.1A..Qaq".2. .....BR#...b3.r..0.CS$....cs4D...@....................`..!1a.0@p. AqP.Q".......................!1A.Qaq.. .0....@P`.................4..+l~5..\....Vp...6..k.z....u.._'....r.o>.@.<.M.8.<....WZ....<...Q..Y.S$.p...,.P3Yc..`b.....-..2Rm...u..e.4%.!.C.`.ZL.dyJ..K\.Y......VjVt.#:..E.ro...].j._.7r..yt.|.Ke..Eze....T.q..gU.'.[.l.].o....7......!v./..U..9h.....i <......C......X.XJ"...n$p....... ..!I..T..m..2..,.9..8..S...k..'....z0......._.m...zN..<..}...'.@+..9t'..w.."n.....s.l.d.g.|M"....R..*>.*Y<*...5*:6R........B..X,....<<YN.....Y-jB...buu...EyG..3|.9...;...~.:W..p.m.W.w.}...o.z}/."........i........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To Egypt\Resources\is-K9D7H.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3812
                                          Entropy (8bit):7.810837402709973
                                          Encrypted:false
                                          SSDEEP:96:e4fxwcTV51JdjnaB30ceoGQZhaV0nYC69/aDbyq:t3vV3c1GGiGYC8SCq
                                          MD5:F3952ACAAABEFDDA125195C583946F46
                                          SHA1:0222A12899521D6A50E1C7DABCEAED56D998DA98
                                          SHA-256:228DB7A7D30F7A7B5EA4A37BA40C1BD92BC11EE23196C5B082B258EE895AF9F6
                                          SHA-512:A970E049967A70A01FE8778AFFCED13B69F1B349EE3D9F9B690CCFBC81A0ED95E99A43544F027DBDDCEDB069215387A40D48DA8B24F16F75A3AE10484DB50C13
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................... !"..AB3$.......................!1..A".aqQ2B..Rb3....#.....r.$.................... !..1AQa...".....2....................!1AQaq... ......................3\....V.M.. tu'.G#.m%y].....nS)]G.l....8\..nL.#f.9.....4+E....d..Z..;X.b8AZ..#..3..s..P.|....+.No'K./A.^Z.a..0..Y..J..XJK?.".H...........Qm.^p.Y......k...1.1..Y._o(.sI.29.[.p.{.oO............!.."y.L.>_.[$|....5...ns..s.6....P.g...........M..:6E7..u.+..3.'..0.fE23...x..R......=..S.~.3...mbj.rJ@.._k`.........S..t.......uqU../P..N&.0k=NmJh.....b.R...&IP.M..E....q.l.$m.G.LFY..7..bMEue6<.;. ....#.i..>HA..O.oq...rC.ba........E.)K&.<Aq^?.....r1'.9.o....c.u..=.GD+|..|...f..p.......3.;...o.;.......Mm.j.D.a.....$..N..].-7l..7-.[

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To Egypt\is-QEBUU.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9146
                                          Entropy (8bit):5.025304413839002
                                          Encrypted:false
                                          SSDEEP:192:wwjNJZkLkkLrXjNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:wwjNJZkLkkLrXjNJhkLpkL7kLuvyCjqb
                                          MD5:E0FBB363B09D4F59D356A9EAA722CC81
                                          SHA1:5471BF9803B63B00DCA4A0569665E22AED7ECFB1
                                          SHA-256:0C8E2DEFE5152974C7789E7E4C653E844367EAA85C9E371F686C4715C5858668
                                          SHA-512:52864DF7373341A67EA8FD6A29DB3A2981422A71CF3DD8E95D6699A1F93A3C13F79BCB44238332654DE5A139397C9B2222C0BB61C5F0DE0C76B0A3F18B5E1DC7
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Travel To Egypt" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="3298397" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="380" y1="130" x2="650" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="380" y1="250" x2="650" y2="350"/>......<States>.......<

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To England\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9148
                                          Entropy (8bit):5.021925301381764
                                          Encrypted:false
                                          SSDEEP:192:SWhNJHkLIkLrrhNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:SUNJHkLIkLrlNJhkLpkL7kLuvyCjqw6N
                                          MD5:C80843685788D0C73300CC5F36E4FDD7
                                          SHA1:87810CA1F4C83AD4C7CF55214501EB1D0C2717C1
                                          SHA-256:0D06D1A19F887E44CE58B51429E332A1BF68B94A56B1DE86DAC5839311AED6AF
                                          SHA-512:D13741B0EF9428FD28514602B750F4BD82797E882718729EE307219BA121D735031547865763A21FDB48D0C965ADF651FE167DFF2DA5AE90E25AD54FF223CEF7
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Travel To England" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="11702215" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To England\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):154482
                                          Entropy (8bit):7.975342497808278
                                          Encrypted:false
                                          SSDEEP:3072:1oqt5brr2DNbQCqrrfnAoGlCRbp0c+QHzP9WIEIOAx/JsROZiEWkV:1oqt5bvkBQCqffnAcBp0pQTBEI5xJ0EX
                                          MD5:4F3792297D514C02563297A07E66FF9A
                                          SHA1:8AB3628EC4C2AD59D2899C6C1E8C4BB6524A31AF
                                          SHA-256:212286D38C3073DF82619FA03F8C7745E58CBBAE4BC34C5C345F55E4ECB23DB7
                                          SHA-512:74B83EA4877CE4A4AEC52807CF7542309103B8A0D3E288A361835D86482C3931C750E071251333006F4AE74154E9E3AF84688C4200C4DE36729B0D5D90A98273
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......F......Adobe.d...............................................................................................................................................................................................................................................!.1.A"..Qa.q..2...B#..Rb..3$...r.C.S4%....5&sc.Tdt.e6'......................!..1AQ"..aq..2.....BR..br#....3..$..CS.4.............?...O._P5.....FF.Q..`}...S....OQ..!.......C.................'.v..@.s..B.|c....+.C.<.....-C..... ......".xu.@d...hm..u...F.).u...>.......n..F..@3.5.:...W&+.Q........,..1...6. 1CL.g...t@p.v.$.*4.....la.....1..c..,C-.,..z.j.A.cM.&.!..X.D.t..`..$.U>=?.J......T.v....}.a....5.<.A.!.}..A.~...6.:.K#...RA...V..C.M.57.b@....B..=.eHR.+Mfc.[z.H(..J..u?v..a...iH2E...h...v....!.)..."@.:d...4.AB:..H..di..=:...}..m .G...KEN..A%)..mQ. cF.5$V$..|<....#E....j..I.P.N.X...~...b.3...A.8.;.o!...N..3.t..t\8=O.Gs...1.w.evA..F.q........Q....p.O....!'q]...O....Z..`..].

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To England\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3897
                                          Entropy (8bit):7.846551163164492
                                          Encrypted:false
                                          SSDEEP:96:8RpbYaX3rn9mSc5naDjbOXoS28kFCuD2eQhlGFO0xn/GUWbG:ju3r9t4E+XoS28kFCuD2Dl8O0xfWbG
                                          MD5:F7FEFAB3661F0EA99638641B3CC09E75
                                          SHA1:6966CA5976F50AE21FBA7B6A66A7F69BC83B85B4
                                          SHA-256:45BB83A17B4FC1FAA6DBCFBE8AE629EA18073FFD13EB38EFC9BFE28C7D5ECC74
                                          SHA-512:57E39C0B158FF9124A485C14CD596BD51D562004371054BB0B3D57ED71246EED1BAC19CFDE3FBF1623411DBC468FCA8B03C4536E1C4882FD316DE8BDB10EA66E
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............S...}...7......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."....................................................................................!..A..1"2# 3........................!.1".AQa.2#q.B...b3..r.Cc$....................!1A..Qa.. q......"r....................!1AQaq.......................b.hWs.kX..R.X.}......P.VW...-K........F.....l.O..f.RtQJ..M.k...R}..._.RV.....1.>..?_..C..D%...5...Y%c....u..J.X.i#....sv.N...m'................b d.......N.I.|.d.".....s..i.FX.w.d.ek1...S.....X.I......................<.9k...1....1a[/Z..k../..rr..`..-,.3.z.S._'..?..............R.....,>r...(.9"..6..i...U.......V..B..Mma....y...A.#{.............=....|.j.,.....\s].z,..b:.}n..k.....ZX)........?.n...X2.18....v.....&.L....J.vJ).-...&Yo.....E..5+.B.........[n...c..o.H!...*..5...i{..&g..*...n..>||....:Hu..>.8=:.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To England\Resources\is-BGO9I.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):154482
                                          Entropy (8bit):7.975342497808278
                                          Encrypted:false
                                          SSDEEP:3072:1oqt5brr2DNbQCqrrfnAoGlCRbp0c+QHzP9WIEIOAx/JsROZiEWkV:1oqt5bvkBQCqffnAcBp0pQTBEI5xJ0EX
                                          MD5:4F3792297D514C02563297A07E66FF9A
                                          SHA1:8AB3628EC4C2AD59D2899C6C1E8C4BB6524A31AF
                                          SHA-256:212286D38C3073DF82619FA03F8C7745E58CBBAE4BC34C5C345F55E4ECB23DB7
                                          SHA-512:74B83EA4877CE4A4AEC52807CF7542309103B8A0D3E288A361835D86482C3931C750E071251333006F4AE74154E9E3AF84688C4200C4DE36729B0D5D90A98273
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......F......Adobe.d...............................................................................................................................................................................................................................................!.1.A"..Qa.q..2...B#..Rb..3$...r.C.S4%....5&sc.Tdt.e6'......................!..1AQ"..aq..2.....BR..br#....3..$..CS.4.............?...O._P5.....FF.Q..`}...S....OQ..!.......C.................'.v..@.s..B.|c....+.C.<.....-C..... ......".xu.@d...hm..u...F.).u...>.......n..F..@3.5.:...W&+.Q........,..1...6. 1CL.g...t@p.v.$.*4.....la.....1..c..,C-.,..z.j.A.cM.&.!..X.D.t..`..$.U>=?.J......T.v....}.a....5.<.A.!.}..A.~...6.:.K#...RA...V..C.M.57.b@....B..=.eHR.+Mfc.[z.H(..J..u?v..a...iH2E...h...v....!.)..."@.:d...4.AB:..H..di..=:...}..m .G...KEN..A%)..mQ. cF.5$V$..|<....#E....j..I.P.N.X...~...b.3...A.8.;.o!...N..3.t..t\8=O.Gs...1.w.evA..F.q........Q....p.O....!'q]...O....Z..`..].

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To England\Resources\is-H25UV.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3897
                                          Entropy (8bit):7.846551163164492
                                          Encrypted:false
                                          SSDEEP:96:8RpbYaX3rn9mSc5naDjbOXoS28kFCuD2eQhlGFO0xn/GUWbG:ju3r9t4E+XoS28kFCuD2Dl8O0xfWbG
                                          MD5:F7FEFAB3661F0EA99638641B3CC09E75
                                          SHA1:6966CA5976F50AE21FBA7B6A66A7F69BC83B85B4
                                          SHA-256:45BB83A17B4FC1FAA6DBCFBE8AE629EA18073FFD13EB38EFC9BFE28C7D5ECC74
                                          SHA-512:57E39C0B158FF9124A485C14CD596BD51D562004371054BB0B3D57ED71246EED1BAC19CFDE3FBF1623411DBC468FCA8B03C4536E1C4882FD316DE8BDB10EA66E
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............S...}...7......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."....................................................................................!..A..1"2# 3........................!.1".AQa.2#q.B...b3..r.Cc$....................!1A..Qa.. q......"r....................!1AQaq.......................b.hWs.kX..R.X.}......P.VW...-K........F.....l.O..f.RtQJ..M.k...R}..._.RV.....1.>..?_..C..D%...5...Y%c....u..J.X.i#....sv.N...m'................b d.......N.I.|.d.".....s..i.FX.w.d.ek1...S.....X.I......................<.9k...1....1a[/Z..k../..rr..`..-,.3.z.S._'..?..............R.....,>r...(.9"..6..i...U.......V..B..Mma....y...A.#{.............=....|.j.,.....\s].z,..b:.}n..k.....ZX)........?.n...X2.18....v.....&.L....J.vJ).-...&Yo.....E..5+.B.........[n...c..o.H!...*..5...i{..&g..*...n..>||....:Hu..>.8=:.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To England\is-1CQ9A.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9148
                                          Entropy (8bit):5.021925301381764
                                          Encrypted:false
                                          SSDEEP:192:SWhNJHkLIkLrrhNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:SUNJHkLIkLrlNJhkLpkL7kLuvyCjqw6N
                                          MD5:C80843685788D0C73300CC5F36E4FDD7
                                          SHA1:87810CA1F4C83AD4C7CF55214501EB1D0C2717C1
                                          SHA-256:0D06D1A19F887E44CE58B51429E332A1BF68B94A56B1DE86DAC5839311AED6AF
                                          SHA-512:D13741B0EF9428FD28514602B750F4BD82797E882718729EE307219BA121D735031547865763A21FDB48D0C965ADF651FE167DFF2DA5AE90E25AD54FF223CEF7
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Travel To England" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="11702215" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To Russia\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9154
                                          Entropy (8bit):5.02432279846607
                                          Encrypted:false
                                          SSDEEP:192:qhNJ+skLFkLrqNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:qhNJFkLFkLrqNJhkLpkL7kLuvyCjqw6N
                                          MD5:D6A1C7AA5484AB5414A6E23D56C61E1A
                                          SHA1:F158F603DD49300824916F3FA55BF9154669017F
                                          SHA-256:0710FC33E47103DD173FF09BF344775948E72BB2B76C7A3EE205A3A50EDA5133
                                          SHA-512:A11DDBB55556A2992F595334CF2327E2D47C358A3C33598B3C827FE9BC1679B56432E3018A38CFEE7A22EE8FBDAEC6822E88A13792F11149E704360B91FD1FDF
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Travel To Russia" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="2368678" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To Russia\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):153244
                                          Entropy (8bit):7.986718544748748
                                          Encrypted:false
                                          SSDEEP:3072:wQJOYzD23SvTYlo5wsB/vV+i7sbNP2jXNPrf6AeAGPntRoIBcROfDz:wKD2ivTaoWeYysRP2jXNPrf6r/zJcRgP
                                          MD5:BE6FE69CE7F672850400778604D0057E
                                          SHA1:BE56B5094F676480AD81787DF972790A1B89B3AA
                                          SHA-256:0A54696BB7287BAFEB521CC080A8890F65FECBA7127F8D5C6689E28B659C30F0
                                          SHA-512:DD0123CC93EFB8300BC9C26C1CCB8F452BEF5F9DF43D47A7365E67C42F14DE8BAF851F6DF691BAACCCD027350294C9667FE102B6E739F99AD53C35F5634D68AB
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......K......Adobe.d...............................................................................................................................................................................................................................................!..1.AQ..a".q..2....B#...Rbr.3$.....Ss4.Cc5....%...Td..t&(.....................!.1A..Qa.q.."..2...B...Rbr.#3.......C4$.s.Sc...5&............?..UQD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E..0G....)!%.......k.Db..v'.u.&R...k...?........22."I...V.."...t=0...>?!..`..`.#...%.h...o8...A................../..w.?'Z.E.J.._lx.[.NA.O.>..O.ME7........sh.rW...~..5)..4=.."[.XQ.X.'_...?.....y.?.g.D..."..+.-..:....];.....kzy9D..-...df...X...../..4r..|ZXV.m.&..F.'.u=..s&..2G..2..P~.?......v.?.....i.^....eO..O.f.k.f.?l....wPL.v..}......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To Russia\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3168
                                          Entropy (8bit):7.7896865796532655
                                          Encrypted:false
                                          SSDEEP:48:9AsztnwuK3tOrxduXw8vN2+4DSXm5M51yWglzSGgTJqodbBavj0eCm9rqj:OutwuK9BKCyW4ze8Ikr0eHC
                                          MD5:936575795207C82FCCF28CB426A12BEF
                                          SHA1:92936FD72DFBFFDA7387E0484968C6F12955F2F1
                                          SHA-256:66A629D844B348173BCA57B32202BCD8B55961E2BE8A9D48C89BA2AD9DA1B811
                                          SHA-512:82CA618DDCA1D84D680F4FEA5215C01B2ED9AD92379D801A757A695CE5D0C9971C5B7971C48A627FF938165209FA340C5B7825335E5BFD09A38231CF40160A6B
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................W...^......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!1".A2#3.......................!1..A.Q".aq...23 .#..Br$...R....................!A1Q.. q...a."2B....R.....................!1AQaq........................,)+..H....7..YD..K/...k\.NV..6..;.....>.....Hw.)X....1H..W.....,..,>u)p.;....G..9^>... ..G'.A0.[..d.>.n3....KW.\.+..M.RIt..R....9.............O.....s.....<.s......y5.g.,..`=.....'.....................q.a......F...>.....,}..Y..!.`....Y.}x.b|C..<.|............m.......V.Z...p..q.C.\..1._...D~s...g8NI.K.....J~./\i.QaF....X.3..\#g....f....p1....)...X...M#.]}?..O.yN.c_r*=0'9.9.$.q.5..&...W_VKYZ...U..}.t..xurW-..J4h.D.+^....}....W...Aci..8......GBdc..0.e.......5l.nZ.n7....x.......m..m..]e..UiG.+..|.G;..m.Qeb.vn

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To Russia\Resources\is-6BHQQ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3168
                                          Entropy (8bit):7.7896865796532655
                                          Encrypted:false
                                          SSDEEP:48:9AsztnwuK3tOrxduXw8vN2+4DSXm5M51yWglzSGgTJqodbBavj0eCm9rqj:OutwuK9BKCyW4ze8Ikr0eHC
                                          MD5:936575795207C82FCCF28CB426A12BEF
                                          SHA1:92936FD72DFBFFDA7387E0484968C6F12955F2F1
                                          SHA-256:66A629D844B348173BCA57B32202BCD8B55961E2BE8A9D48C89BA2AD9DA1B811
                                          SHA-512:82CA618DDCA1D84D680F4FEA5215C01B2ED9AD92379D801A757A695CE5D0C9971C5B7971C48A627FF938165209FA340C5B7825335E5BFD09A38231CF40160A6B
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................W...^......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!1".A2#3.......................!1..A.Q".aq...23 .#..Br$...R....................!A1Q.. q...a."2B....R.....................!1AQaq........................,)+..H....7..YD..K/...k\.NV..6..;.....>.....Hw.)X....1H..W.....,..,>u)p.;....G..9^>... ..G'.A0.[..d.>.n3....KW.\.+..M.RIt..R....9.............O.....s.....<.s......y5.g.,..`=.....'.....................q.a......F...>.....,}..Y..!.`....Y.}x.b|C..<.|............m.......V.Z...p..q.C.\..1._...D~s...g8NI.K.....J~./\i.QaF....X.3..\#g....f....p1....)...X...M#.]}?..O.yN.c_r*=0'9.9.$.q.5..&...W_VKYZ...U..}.t..xurW-..J4h.D.+^....}....W...Aci..8......GBdc..0.e.......5l.nZ.n7....x.......m..m..]e..UiG.+..|.G;..m.Qeb.vn

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To Russia\Resources\is-TR9MK.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):153244
                                          Entropy (8bit):7.986718544748748
                                          Encrypted:false
                                          SSDEEP:3072:wQJOYzD23SvTYlo5wsB/vV+i7sbNP2jXNPrf6AeAGPntRoIBcROfDz:wKD2ivTaoWeYysRP2jXNPrf6r/zJcRgP
                                          MD5:BE6FE69CE7F672850400778604D0057E
                                          SHA1:BE56B5094F676480AD81787DF972790A1B89B3AA
                                          SHA-256:0A54696BB7287BAFEB521CC080A8890F65FECBA7127F8D5C6689E28B659C30F0
                                          SHA-512:DD0123CC93EFB8300BC9C26C1CCB8F452BEF5F9DF43D47A7365E67C42F14DE8BAF851F6DF691BAACCCD027350294C9667FE102B6E739F99AD53C35F5634D68AB
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......K......Adobe.d...............................................................................................................................................................................................................................................!..1.AQ..a".q..2....B#...Rbr.3$.....Ss4.Cc5....%...Td..t&(.....................!.1A..Qa.q.."..2...B...Rbr.#3.......C4$.s.Sc...5&............?..UQD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E.....B..TQ..!QD*(.E..0G....)!%.......k.Db..v'.u.&R...k...?........22."I...V.."...t=0...>?!..`..`.#...%.h...o8...A................../..w.?'Z.E.J.._lx.[.NA.O.>..O.ME7........sh.rW...~..5)..4=.."[.XQ.X.'_...?.....y.?.g.D..."..+.-..:....];.....kzy9D..-...df...X...../..4r..|ZXV.m.&..F.'.u=..s&..2G..2..P~.?......v.?.....i.^....eO..O.f.k.f.?l....wPL.v..}......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel To Russia\is-ER7Q8.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9154
                                          Entropy (8bit):5.02432279846607
                                          Encrypted:false
                                          SSDEEP:192:qhNJ+skLFkLrqNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:qhNJFkLFkLrqNJhkLpkL7kLuvyCjqw6N
                                          MD5:D6A1C7AA5484AB5414A6E23D56C61E1A
                                          SHA1:F158F603DD49300824916F3FA55BF9154669017F
                                          SHA-256:0710FC33E47103DD173FF09BF344775948E72BB2B76C7A3EE205A3A50EDA5133
                                          SHA-512:A11DDBB55556A2992F595334CF2327E2D47C358A3C33598B3C827FE9BC1679B56432E3018A38CFEE7A22EE8FBDAEC6822E88A13792F11149E704360B91FD1FDF
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Travel To Russia" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="2368678" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel to France\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9154
                                          Entropy (8bit):5.023121233913002
                                          Encrypted:false
                                          SSDEEP:192:0bNJ+skLFkLrANJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:0bNJFkLFkLrANJhkLpkL7kLuvyCjqw6N
                                          MD5:8A24BCD8EF60D3640286BD5D8C8B9041
                                          SHA1:3091C186DB9CB7FE18AE791CC70C5911B394E388
                                          SHA-256:158F3A601BD9B9865F293F1E31E1283E03CDA3719DFFDD3CE4AC023695DDBC11
                                          SHA-512:0046D5EA0CF1440EBECED6C8F4ED22C42787FD9A2CB2BDCAF68EABA31107E602C16D39F0A5C38E40B35EBF704684A68523B5622A5829999E83E962FA3D2EFFFD
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Travel to France" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="7116461" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel to France\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):146757
                                          Entropy (8bit):7.979324629871894
                                          Encrypted:false
                                          SSDEEP:3072:vPqTek29VMcGFVwmZMtvIaSkDZSa/CxwUq76CrQqP20CFtL/o/xSQ2k:ueknqIaSU9/KJqOCrQl0i6S1k
                                          MD5:7902EFDF28AFFD421EB33ACAEBF107A9
                                          SHA1:48F5023CDE15C7A93104C8441D96A6BB939E9B31
                                          SHA-256:C3DDAE5CF773B747D5D14E88CBA82F0899915D59D066CB92CF57B1D49B895E00
                                          SHA-512:AB473F3E1E079C3BD836E9C56D290024FEA478F32A4FA36302B6B973178AC0952446DD5446CB64103BDE9C82B2FE033AD98BA7E26464D39A3F71CFE8E06017C4
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......P......Adobe.d..............................................................................................................................................................................................................................................!...1.A".Qaq.....2.B#....R3...brC$.S..4%..c.5.....dV....EU6G.....................!1..AQ.a.q"........2...B#R..3.b...............?..(...qmqg..v..4q..ES.R...1...UN...y...9].. [K{Ko.IQ$..Z...#..\...*..0x..Ze.c.u....h........`..{.Lr.Cz....J.K$....F..........K."4.Mh.i..OP...b./...@.!...R.C..'..EQ..TE...9..|r.|p....-Q3$t4...._@............ r..K.....u%<.......D.2..J..3...)P0.....j_69)..S..a...V.e.0g....?........5....\y.t./.(.D...#U.Ei_.."k.d.YXj.B......12)..G.$.L. .......[P.5T.....)...a..i....$..T.mQ.<0.0N.kda.?..<....Lhz..#...@P18...*[(..zrEd.6^#.B...v [..........b}.N:dX.~xiw.}..on..4@...M-.4... ....;r.f.|......D....0.~.j....0.?.+R.....JW...@H%..d.*k..)#....0K.h.]M.89.u...S...4Q#.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel to France\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3104
                                          Entropy (8bit):7.76624435689059
                                          Encrypted:false
                                          SSDEEP:48:gAMAxuHup2wqtDkx3v30dgRFHKu9C8PKJuCiat5YLDwVavQzj5KVM3Nd7gccN:zMAxuO9gdg7lPxCig1cxOg
                                          MD5:0D28B2DBEBE4F1BD730E6B4A6D554980
                                          SHA1:3F95A2FA53F6789A70A09764DF2788BA7B1AFA35
                                          SHA-256:02749986D718E940EE4F38B810B147BD8077699C7DCCBE59387C7B19AEE6B029
                                          SHA-512:DCCE1751CFDA8058CA6064339306285FD030E595F6F19CA51BFD864005571F854307B2F999B519BBAF39E895EA0C4BAE446FA5636AB9F7AD5CA89AE098FA41D8
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!A. .0#.......................!..1AQ"...aq.2.# ....B.0.Rbr..3S$.%................... @..1.....................!1AQaq......................,~.#..v...9.T.JY....H....@..]>.......)>..........x.Q6..;.t.dr.G!:.i.6.M.....iH.t.'.A=..|......:.A#...'.P....u.G..%7s.0,*L.Q.&..Jt...........V.0E.../...>..r3.C.?....3...........H...dd|~9!.....c.............]c..C.u...:...W.?b.v'~.fZKVV-..6.6:.X..c.%....G.y.......[.~.h""q..c..8._..N....U....'x.d.._VI<HnD.JH...q2sM....`.h..<.....^9$.).)@.K*.......D&...5..X/..~.:.nA....v...G.`..w.JbmU....T........}.'.....V{.f.(.~.#l...man.k.5%..t.m._=.qjv..);18QlW)2..h..[Ulv..............R...G..."c.. 7Tc...+..\GS..Z"L...i...S..?........?.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel to France\Resources\is-CKEO0.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3104
                                          Entropy (8bit):7.76624435689059
                                          Encrypted:false
                                          SSDEEP:48:gAMAxuHup2wqtDkx3v30dgRFHKu9C8PKJuCiat5YLDwVavQzj5KVM3Nd7gccN:zMAxuO9gdg7lPxCig1cxOg
                                          MD5:0D28B2DBEBE4F1BD730E6B4A6D554980
                                          SHA1:3F95A2FA53F6789A70A09764DF2788BA7B1AFA35
                                          SHA-256:02749986D718E940EE4F38B810B147BD8077699C7DCCBE59387C7B19AEE6B029
                                          SHA-512:DCCE1751CFDA8058CA6064339306285FD030E595F6F19CA51BFD864005571F854307B2F999B519BBAF39E895EA0C4BAE446FA5636AB9F7AD5CA89AE098FA41D8
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".......................................................................................!A. .0#.......................!..1AQ"...aq.2.# ....B.0.Rbr..3S$.%................... @..1.....................!1AQaq......................,~.#..v...9.T.JY....H....@..]>.......)>..........x.Q6..;.t.dr.G!:.i.6.M.....iH.t.'.A=..|......:.A#...'.P....u.G..%7s.0,*L.Q.&..Jt...........V.0E.../...>..r3.C.?....3...........H...dd|~9!.....c.............]c..C.u...:...W.?b.v'~.fZKVV-..6.6:.X..c.%....G.y.......[.~.h""q..c..8._..N....U....'x.d.._VI<HnD.JH...q2sM....`.h..<.....^9$.).)@.K*.......D&...5..X/..~.:.nA....v...G.`..w.JbmU....T........}.'.....V{.f.(.~.#l...man.k.5%..t.m._=.qjv..);18QlW)2..h..[Ulv..............R...G..."c.. 7Tc...+..\GS..Z"L...i...S..?........?.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel to France\Resources\is-EKJQQ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):146757
                                          Entropy (8bit):7.979324629871894
                                          Encrypted:false
                                          SSDEEP:3072:vPqTek29VMcGFVwmZMtvIaSkDZSa/CxwUq76CrQqP20CFtL/o/xSQ2k:ueknqIaSU9/KJqOCrQl0i6S1k
                                          MD5:7902EFDF28AFFD421EB33ACAEBF107A9
                                          SHA1:48F5023CDE15C7A93104C8441D96A6BB939E9B31
                                          SHA-256:C3DDAE5CF773B747D5D14E88CBA82F0899915D59D066CB92CF57B1D49B895E00
                                          SHA-512:AB473F3E1E079C3BD836E9C56D290024FEA478F32A4FA36302B6B973178AC0952446DD5446CB64103BDE9C82B2FE033AD98BA7E26464D39A3F71CFE8E06017C4
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......P......Adobe.d..............................................................................................................................................................................................................................................!...1.A".Qaq.....2.B#....R3...brC$.S..4%..c.5.....dV....EU6G.....................!1..AQ.a.q"........2...B#R..3.b...............?..(...qmqg..v..4q..ES.R...1...UN...y...9].. [K{Ko.IQ$..Z...#..\...*..0x..Ze.c.u....h........`..{.Lr.Cz....J.K$....F..........K."4.Mh.i..OP...b./...@.!...R.C..'..EQ..TE...9..|r.|p....-Q3$t4...._@............ r..K.....u%<.......D.2..J..3...)P0.....j_69)..S..a...V.e.0g....?........5....\y.t./.(.D...#U.Ei_.."k.d.YXj.B......12)..G.$.L. .......[P.5T.....)...a..i....$..T.mQ.<0.0N.kda.?..<....Lhz..#...@P18...*[(..zrEd.6^#.B...v [..........b}.N:dX.~xiw.}..on..4@...M-.4... ....;r.f.|......D....0.~.j....0.?.+R.....JW...@H%..d.*k..)#....0K.h.]M.89.u...S...4Q#.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel to France\is-RA8F7.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9154
                                          Entropy (8bit):5.023121233913002
                                          Encrypted:false
                                          SSDEEP:192:0bNJ+skLFkLrANJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:0bNJFkLFkLrANJhkLpkL7kLuvyCjqw6N
                                          MD5:8A24BCD8EF60D3640286BD5D8C8B9041
                                          SHA1:3091C186DB9CB7FE18AE791CC70C5911B394E388
                                          SHA-256:158F3A601BD9B9865F293F1E31E1283E03CDA3719DFFDD3CE4AC023695DDBC11
                                          SHA-512:0046D5EA0CF1440EBECED6C8F4ED22C42787FD9A2CB2BDCAF68EABA31107E602C16D39F0A5C38E40B35EBF704684A68523B5622A5829999E83E962FA3D2EFFFD
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Travel to France" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="7116461" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9144
                                          Entropy (8bit):5.021566603269306
                                          Encrypted:false
                                          SSDEEP:192:knNJ+skLFkLrQNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:knNJFkLFkLrQNJhkLpkL7kLuvyCjqw6N
                                          MD5:EF533C319B6D03EF64150132EA868758
                                          SHA1:E865ED1F0101147D6E8FBB61F737AE67BCAD4C7E
                                          SHA-256:B376BAC9E4E7232B1020D98CF861548D5DB2D59BBC3BA871EFB637670C2E9295
                                          SHA-512:3FD79EDF43763023D5CF954597BB749286FCE5767093AA0BD65709A6EDD20C1ECFC9BD9979AA5A17527F99040DE37A2B37364B1B729FF7461D0C84158332DBCF
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Travel" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="2440770" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<De

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):152623
                                          Entropy (8bit):7.970618786050284
                                          Encrypted:false
                                          SSDEEP:3072:ReqVmxMh11L3XGjUtfM9hlrDQxAwAmh+BqpBJPbgY4Jd:oMmUtfM9h9QxfDh+wDgr
                                          MD5:96C3EADDA4BAA0B0E9D62726B2C0B0C1
                                          SHA1:5D07C54D6986556D9D718DD62F4CF92DEFDF65BF
                                          SHA-256:C45D5E992AAA9EEEBA8DC8F84C69FA4879970A3C7679CA00AD2BDC761BCEE9C5
                                          SHA-512:D328BF88D986E97A8971C5A8F445F2D87C05196EACEE24FF7574CA8FDDEA12EE256D3C2AF35A5BA8F43344A0FC38BDC5D24C10B6737D1E83FEEDB29A31771169
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......8......Adobe.d................................................................""""""""""................""""""""""""""""""""""""""""""""""""""""""""""""".................................................................................................!..1A".Qa2.q.B..#...Rb3...$..r...C.S...4c.s..T%..D5..&......................!1.AQ.aq"2........B...Rb#.r3..CS.....c$s............?..z..=.jUC....T.4....Lr....V....6i.H..[l...$..c.+..q4..fZi...<..y.....V.^.]..[=..o...qD.7N..)c.Z...Y.......J.%..k.5-.x>.{.....@..\F......D....UFm..!.....=..l.........nL-wwp.n.f.iVpj...+...-_M.Q.$.."..g.Qee#L.YVj.,Ad,..O......T..:...yKG%.I....H..*x.!j:.1.T^^.?..:.54....T.5...n.wkyom.....x...z.2i.f.)X.-.Z_.5..%...M4...b,sG..../?..."D ....meO.i..nB.QJ(.N......*^...).p..%..i;[...J..G]p..;..2.|q\.MS....MjT.t.P.........AXF.....5...^...._...O.l...p.lT.+.P5...q...K....o.....i..X.*.n.u#*..y.z.u_<au3...s|........Miu ?...b.~t$...L......w..\.+..o.-d..7.N..&.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):4005
                                          Entropy (8bit):7.836184426762773
                                          Encrypted:false
                                          SSDEEP:96:GF5FYqAEKqCWybEAuoFrfs5F+sQeQLVATwMT/68n+37M5TdB1DkH:IYJXWyIAPfmQveQpsT+Gv1M
                                          MD5:44FA2C3B7B0DDF3B4BA75C5EB741831B
                                          SHA1:9E73F1FC9BCBFB3E55F1BE7E9907CB9F899C8B22
                                          SHA-256:7978B08B3385B628A1FA2D998853153342FBF143026EF49D1F7C286C6CC80D41
                                          SHA-512:CCB0584898EA3B223A4DAA4AF13D8222A0C03F49B1C5C935EDF0C1034FB69F65576D7AC76346F077592183FB54B853EFF2031D32B5B4DB1F7744DA52539B87CD
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............I...}..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."........................................................................................!1"2.AB#.......................!1A.Qaq"...2BR#......r..CS...3.....................!.1Aa...Qq ...".........................!1AQaq.........................>..&.Lm..8#.Q!.4..iE z..^..o.,..3.Z.`.o..O.....=|3..J46e.......={...O.!96.Ics.hN[^...*.....i..{[..{"..j......IRg72Q&.N.4.:n. .....wE................*`..+..9.U8..R....7....&..a..|*.....&...?..2^8~..y...........X.C....8#8....8d`.B.!.y..0.$S.W...c.H.....}r.............h...[y,.-.g....#z.&3....I....bD...a8vQ....F...[.1.C2...I.o.W.^....I.xd.rf}Xb1.Hn......6.C$.c#`.x......r.9X.......j.......Ib+..z,!.W....+.6q0.Q.....|..E.2...8.a.....X.m.4../.XmGz6....z..\2.X..:...b..E..V#...[...a..K$.[..T.......2mu....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel\Resources\is-NQ6US.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):152623
                                          Entropy (8bit):7.970618786050284
                                          Encrypted:false
                                          SSDEEP:3072:ReqVmxMh11L3XGjUtfM9hlrDQxAwAmh+BqpBJPbgY4Jd:oMmUtfM9h9QxfDh+wDgr
                                          MD5:96C3EADDA4BAA0B0E9D62726B2C0B0C1
                                          SHA1:5D07C54D6986556D9D718DD62F4CF92DEFDF65BF
                                          SHA-256:C45D5E992AAA9EEEBA8DC8F84C69FA4879970A3C7679CA00AD2BDC761BCEE9C5
                                          SHA-512:D328BF88D986E97A8971C5A8F445F2D87C05196EACEE24FF7574CA8FDDEA12EE256D3C2AF35A5BA8F43344A0FC38BDC5D24C10B6737D1E83FEEDB29A31771169
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......8......Adobe.d................................................................""""""""""................""""""""""""""""""""""""""""""""""""""""""""""""".................................................................................................!..1A".Qa2.q.B..#...Rb3...$..r...C.S...4c.s..T%..D5..&......................!1.AQ.aq"2........B...Rb#.r3..CS.....c$s............?..z..=.jUC....T.4....Lr....V....6i.H..[l...$..c.+..q4..fZi...<..y.....V.^.]..[=..o...qD.7N..)c.Z...Y.......J.%..k.5-.x>.{.....@..\F......D....UFm..!.....=..l.........nL-wwp.n.f.iVpj...+...-_M.Q.$.."..g.Qee#L.YVj.,Ad,..O......T..:...yKG%.I....H..*x.!j:.1.T^^.?..:.54....T.5...n.wkyom.....x...z.2i.f.)X.-.Z_.5..%...M4...b,sG..../?..."D ....meO.i..nB.QJ(.N......*^...).p..%..i;[...J..G]p..;..2.|q\.MS....MjT.t.P.........AXF.....5...^...._...O.l...p.lT.+.P5...q...K....o.....i..X.*.n.u#*..y.z.u_<au3...s|........Miu ?...b.~t$...L......w..\.+..o.-d..7.N..&.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel\Resources\is-USBNC.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):4005
                                          Entropy (8bit):7.836184426762773
                                          Encrypted:false
                                          SSDEEP:96:GF5FYqAEKqCWybEAuoFrfs5F+sQeQLVATwMT/68n+37M5TdB1DkH:IYJXWyIAPfmQveQpsT+Gv1M
                                          MD5:44FA2C3B7B0DDF3B4BA75C5EB741831B
                                          SHA1:9E73F1FC9BCBFB3E55F1BE7E9907CB9F899C8B22
                                          SHA-256:7978B08B3385B628A1FA2D998853153342FBF143026EF49D1F7C286C6CC80D41
                                          SHA-512:CCB0584898EA3B223A4DAA4AF13D8222A0C03F49B1C5C935EDF0C1034FB69F65576D7AC76346F077592183FB54B853EFF2031D32B5B4DB1F7744DA52539B87CD
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............I...}..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."........................................................................................!1"2.AB#.......................!1A.Qaq"...2BR#......r..CS...3.....................!.1Aa...Qq ...".........................!1AQaq.........................>..&.Lm..8#.Q!.4..iE z..^..o.,..3.Z.`.o..O.....=|3..J46e.......={...O.!96.Ics.hN[^...*.....i..{[..{"..j......IRg72Q&.N.4.:n. .....wE................*`..+..9.U8..R....7....&..a..|*.....&...?..2^8~..y...........X.C....8#8....8d`.B.!.y..0.$S.W...c.H.....}r.............h...[y,.-.g....#z.&3....I....bD...a8vQ....F...[.1.C2...I.o.W.^....I.xd.rf}Xb1.Hn......6.C$.c#`.x......r.9X.......j.......Ib+..z,!.W....+.6q0.Q.....|..E.2...8.a.....X.m.4../.XmGz6....z..\2.X..:...b..E..V#...[...a..K$.[..T.......2mu....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Travel\is-4J608.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9144
                                          Entropy (8bit):5.021566603269306
                                          Encrypted:false
                                          SSDEEP:192:knNJ+skLFkLrQNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:knNJFkLFkLrQNJhkLpkL7kLuvyCjqw6N
                                          MD5:EF533C319B6D03EF64150132EA868758
                                          SHA1:E865ED1F0101147D6E8FBB61F737AE67BCAD4C7E
                                          SHA-256:B376BAC9E4E7232B1020D98CF861548D5DB2D59BBC3BA871EFB637670C2E9295
                                          SHA-512:3FD79EDF43763023D5CF954597BB749286FCE5767093AA0BD65709A6EDD20C1ECFC9BD9979AA5A17527F99040DE37A2B37364B1B729FF7461D0C84158332DBCF
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Travel" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="2440770" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.......<De

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Traveling around the World\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9153
                                          Entropy (8bit):5.021765305623065
                                          Encrypted:false
                                          SSDEEP:192:N8PNJHkLIkLryNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:N8PNJHkLIkLryNJhkLpkL7kLuvyCjqwW
                                          MD5:C974E6D35AEE79FA43376644EF759EE0
                                          SHA1:C3523FFB05F1565C27E6D61DD5726738EE9FE2A5
                                          SHA-256:A9371C0CBF2216CFE41B04D5BDF2391A39A910C8030444866D299FAF8B9C4251
                                          SHA-512:D5602B6944FB296045FF987285C02B2E746E0BCC3CDD1044EFD602CAF6150E075006202BA2F9556C32FDE92CB6129787E3414007F832FAB60B73421892729B24
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Traveling around the World" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="201137" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Traveling around the World\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):144385
                                          Entropy (8bit):7.986985389049584
                                          Encrypted:false
                                          SSDEEP:3072:vFZuj2q6vdNvvComcqhXk7HR1HMtcJluMt+X9V7:vHUOPHCuqh41HIkuPNt
                                          MD5:00CD510C64F04329BEEF59FA199C4F91
                                          SHA1:277A5446254AAE239F6184BA860CCF2D06F9D676
                                          SHA-256:450FFBC8CDF010570910F4525036613F892073F27D80D2F450F170D7DE2F9FD6
                                          SHA-512:74FF9C99DD45F63A9D64D5DF63E38A864EB732940A0CF340DB223417773E733450D64C0E20A7794A4770C70966FF36D289BBC500890D8A88B5A06661DFC865D3
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............k...T...3.......................................................#"""#''''''''''..................................................!! !!''''''''''..........."........................................................................................!. 1"A#..023$C4@BD%......................!.1.A"..Qa2q.B......R#.br3......$.C. .Ss40c....5..%....................1.! Q.0Aaq@....."2.P......BR#r.4....................!1AQaq.......... 0................g.=z.r..1$g...U.V..r.-L *.ap....Z...............K.v..(MKOG.l.ed....;u..lW..zK....RHui-&.......F.=.y.ij)..S...b.W.g.|...|....2..*n.&..L...s.+..u.5..<r.6....T..G@;.gKs..9u.....d.R.S..E.Uue..}%....mC6.L.:.5^..pu...E...,.F.$..E.[.Fq..T\.g_b/.aHJR. 2.t.KiNZ......J.I0.Q...acUvs...0.....Xh..-.Mm....].Z.i........A.D..U....&`..8.:d.Tp...Y.L.$)i....o....2*.....mg..y5.H....b.&-....ef..lZU*.....;a..*...4..XW...UH....F.Y..+g...f<X&X........V....J...L....".~...i..1CLnT./.....E

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Traveling around the World\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3633
                                          Entropy (8bit):7.795672859429695
                                          Encrypted:false
                                          SSDEEP:48:+Ak5Kryd09hrTQXEv1NCNWTl8rt9wwGOY1QLtOFvXk2k1Fw1HhpZHodLfnERDDWl:hk5KZtJN0Ql8aQ5gvyw1X9srnERDAv
                                          MD5:8C7AA77CF07AFD48A50A6103B0B15D8D
                                          SHA1:DBFD31C617FC78CA0CB2E599953BE20CD26F5C01
                                          SHA-256:118BE19CC8E78C76A0FAC7281F272B01AD3001A37BCC5CDED0B09B98851A4593
                                          SHA-512:0913DC8C14776700DD258664D2CEE04A54654374C57AD4E517C9BB8D5465E74759F61701B4F58525F1C81FC3494CD3A3E37D81BE001C66D14E1820FC978E58E2
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................9.../......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."....................................................................................!.1"..2 #....................!...1A".Qa2.q..#...B...R.3$......................!. 1Qq.A...."....................!1AQaq.......................1gr... ....}..B$x.4....V.,'.*5.x"..R.n.:....;X.5..d....#b.....].%4..s..>.....g.P....Y...)D.1.t.Q......E..i.2@I.D1$..$...G.............G.fLS...q10'&R........|...0....?..-.............3#....BL..3..@.p9,'>...<C.....O....e...........S..V..|V....}f..1b......6.z...iU%.V....kNT.*.O.j......n..uu.J;`......a"..qS.kqg..\.^....W.u....tB.N..w-Q.Z....]m.....`.rw.v?.z.N...}.WA?-.....UZ[.^....f....rln_..i..sBV..\.;*..-........f.0X.N.^...V..c.....6..:.UsV...{....<...V...mZ.T55.....|......>_%-k......:}F.IU......-.....L..b?M._dK..U...+.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Traveling around the World\Resources\is-EET4F.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3633
                                          Entropy (8bit):7.795672859429695
                                          Encrypted:false
                                          SSDEEP:48:+Ak5Kryd09hrTQXEv1NCNWTl8rt9wwGOY1QLtOFvXk2k1Fw1HhpZHodLfnERDDWl:hk5KZtJN0Ql8aQ5gvyw1X9srnERDAv
                                          MD5:8C7AA77CF07AFD48A50A6103B0B15D8D
                                          SHA1:DBFD31C617FC78CA0CB2E599953BE20CD26F5C01
                                          SHA-256:118BE19CC8E78C76A0FAC7281F272B01AD3001A37BCC5CDED0B09B98851A4593
                                          SHA-512:0913DC8C14776700DD258664D2CEE04A54654374C57AD4E517C9BB8D5465E74759F61701B4F58525F1C81FC3494CD3A3E37D81BE001C66D14E1820FC978E58E2
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................9.../......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."....................................................................................!.1"..2 #....................!...1A".Qa2.q..#...B...R.3$......................!. 1Qq.A...."....................!1AQaq.......................1gr... ....}..B$x.4....V.,'.*5.x"..R.n.:....;X.5..d....#b.....].%4..s..>.....g.P....Y...)D.1.t.Q......E..i.2@I.D1$..$...G.............G.fLS...q10'&R........|...0....?..-.............3#....BL..3..@.p9,'>...<C.....O....e...........S..V..|V....}f..1b......6.z...iU%.V....kNT.*.O.j......n..uu.J;`......a"..qS.kqg..\.^....W.u....tB.N..w-Q.Z....]m.....`.rw.v?.z.N...}.WA?-.....UZ[.^....f....rln_..i..sBV..\.;*..-........f.0X.N.^...V..c.....6..:.UsV...{....<...V...mZ.T55.....|......>_%-k......:}F.IU......-.....L..b?M._dK..U...+.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Traveling around the World\Resources\is-J4U0D.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):144385
                                          Entropy (8bit):7.986985389049584
                                          Encrypted:false
                                          SSDEEP:3072:vFZuj2q6vdNvvComcqhXk7HR1HMtcJluMt+X9V7:vHUOPHCuqh41HIkuPNt
                                          MD5:00CD510C64F04329BEEF59FA199C4F91
                                          SHA1:277A5446254AAE239F6184BA860CCF2D06F9D676
                                          SHA-256:450FFBC8CDF010570910F4525036613F892073F27D80D2F450F170D7DE2F9FD6
                                          SHA-512:74FF9C99DD45F63A9D64D5DF63E38A864EB732940A0CF340DB223417773E733450D64C0E20A7794A4770C70966FF36D289BBC500890D8A88B5A06661DFC865D3
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............k...T...3.......................................................#"""#''''''''''..................................................!! !!''''''''''..........."........................................................................................!. 1"A#..023$C4@BD%......................!.1.A"..Qa2q.B......R#.br3......$.C. .Ss40c....5..%....................1.! Q.0Aaq@....."2.P......BR#r.4....................!1AQaq.......... 0................g.=z.r..1$g...U.V..r.-L *.ap....Z...............K.v..(MKOG.l.ed....;u..lW..zK....RHui-&.......F.=.y.ij)..S...b.W.g.|...|....2..*n.&..L...s.+..u.5..<r.6....T..G@;.gKs..9u.....d.R.S..E.Uue..}%....mC6.L.:.5^..pu...E...,.F.$..E.[.Fq..T\.g_b/.aHJR. 2.t.KiNZ......J.I0.Q...acUvs...0.....Xh..-.Mm....].Z.i........A.D..U....&`..8.:d.Tp...Y.L.$)i....o....2*.....mg..y5.H....b.&-....ef..lZU*.....;a..*...4..XW...UH....F.Y..+g...f<X&X........V....J...L....".~...i..1CLnT./.....E

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Traveling around the World\is-TARV1.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9153
                                          Entropy (8bit):5.021765305623065
                                          Encrypted:false
                                          SSDEEP:192:N8PNJHkLIkLryNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:N8PNJHkLIkLryNJhkLpkL7kLuvyCjqwW
                                          MD5:C974E6D35AEE79FA43376644EF759EE0
                                          SHA1:C3523FFB05F1565C27E6D61DD5726738EE9FE2A5
                                          SHA-256:A9371C0CBF2216CFE41B04D5BDF2391A39A910C8030444866D299FAF8B9C4251
                                          SHA-512:D5602B6944FB296045FF987285C02B2E746E0BCC3CDD1044EFD602CAF6150E075006202BA2F9556C32FDE92CB6129787E3414007F832FAB60B73421892729B24
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Traveling around the World" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="201137" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Wedding Rings\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9153
                                          Entropy (8bit):5.024845276532473
                                          Encrypted:false
                                          SSDEEP:192:thNJ+skLFkLrMNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:thNJFkLFkLrMNJhkLpkL7kLuvyCjqw6N
                                          MD5:E29E6641F4E3C549B2C90B1334050BCF
                                          SHA1:1D08DBBC6551004C567B25F77BE565603288A8E7
                                          SHA-256:09514F71587989753900F2133391CE94215B38851A15CBB35CFB0C08EF130760
                                          SHA-512:753F57D4150716C4FD7AA43A6C769D9771AD21429347613E2911FF478A7FB88FC1B7EFFE3E8763A95CFBB574F45C2EA464DEB1EC8A7FA80A42617E7689955395
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Wedding Rings" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="14532863" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Wedding Rings\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):151898
                                          Entropy (8bit):7.962685137752119
                                          Encrypted:false
                                          SSDEEP:3072:Q+o8SrIoFXJ1GviZU1MURqxomyUv+/rQzkeqOaJQxk8AYW16:Q+gXC6++UwxoXUz0JQxJRW16
                                          MD5:231AA681C14F554C72EB46F874AC00D3
                                          SHA1:EC74B95EED2108FFB989D36192BC308508AD5279
                                          SHA-256:48FFD4DDB08B59EEB7763AC77D8514D242B95B35D8D6C0C2100F4E6691567875
                                          SHA-512:9F01FE77AFE90568E05EEC7D17949FD6E769294793D496026EFE9210794E3EE60B14AD960922F7BD003D5504B865BB499E7483826A8D25354C6874D271565B86
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......V......Adobe.d.............................................................................................................................................................................................................................................!..1..AQ..a"..q.2..B#.......R3.br.C$...S4%.....cs&..D5U........................!.1A.Qaq......"2......B#.R.br3..C$.S..............?....q#.j[@..[....DE?,h..3.....y..p.?Kh..Nr;.......5....m{..6....M.-.O...V6..tw.9.-.......K..-l..."l`6.n.QbiPy.W.7....f.................%.76A,..r.C.Q.9b:.&.h.~.w.r]..O.R....s..H..X[..9.~l.u..)G......IL\P.."....%.H....U....WWa...s....-w...#..A..[.....$....Gynh.4..R...S.....j...F........n.mr..kP....(9..KA..D..rU.@.f..S.T........-%...V.T.?p..IWx....u......1...<..:.gxc<.5H._n.B.......~Xu.........:..........OP.o......~......0J.d...x.P).......?..R(....W20...v.8.....REZ.)....O.x`.-.y.1...lmn.J..qr.$X.s.^....r5...WCG..)....j......!x..bP.*YLL.Zd...`.O

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Wedding Rings\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2881
                                          Entropy (8bit):7.728114254942315
                                          Encrypted:false
                                          SSDEEP:48:/AvAbaJEUFplWDdOv6dMPZUcYExk454XZpIN0kZFieDUUSpZ2U5oeMfzmMQ9AOMN:YxJUR+PZx3x3SZpIb7ieD25OrLQ9JQig
                                          MD5:E16F8B0281FC4DB92D5AC42081544895
                                          SHA1:67E4D505F4A6C785C3524DD239AD77DF56232F52
                                          SHA-256:45901646B8E26563879809E6CEEDE243F6151910A9D1CA0B0733474DA8FBAB31
                                          SHA-512:E716F5F32819361198A6E0351D2216E280C091F7CC085ACD005E97971352CA76A8C4F1AD9E67513A19A5A8C9E92B8F3269BB37400453A40F93EB016E9BDF507D
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................?......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................... A".0!#........................!1Q..Aa".q.2# ..Bb.0.....C.$....................!.1..A 0..q.......................!1AQ.aq... .......................R.....nw..EI}.P.....q....1.yp...].c8...5..V..{../...9.ze...q,.....P..y..I..m.....OWw....tM...R..q.@L......Q-..`G............ w...s.\.d=./80.GfxI...'1..._.............)9........)...8~A.............s..>p+...w.z.4.f.ei..R..v?.5.....%...<..';.?....(...MZ..du..........q.a..<.$PR$..".b.(..Q.......:..h..5..}.V..E5o.5...t.#.".t'.(....m.+}k.._....].%...Q...e......h.l.3&..D.=.~S..."./Q..KY.2.Q.7+L.....lR...A....g@..W.4!.E...L.]...Y$.[$a.4.......c67..q..........?...v..[...C.......b.s`..H........$t.y...$....,.f....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Wedding Rings\Resources\is-6BQDR.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2881
                                          Entropy (8bit):7.728114254942315
                                          Encrypted:false
                                          SSDEEP:48:/AvAbaJEUFplWDdOv6dMPZUcYExk454XZpIN0kZFieDUUSpZ2U5oeMfzmMQ9AOMN:YxJUR+PZx3x3SZpIb7ieD25OrLQ9JQig
                                          MD5:E16F8B0281FC4DB92D5AC42081544895
                                          SHA1:67E4D505F4A6C785C3524DD239AD77DF56232F52
                                          SHA-256:45901646B8E26563879809E6CEEDE243F6151910A9D1CA0B0733474DA8FBAB31
                                          SHA-512:E716F5F32819361198A6E0351D2216E280C091F7CC085ACD005E97971352CA76A8C4F1AD9E67513A19A5A8C9E92B8F3269BB37400453A40F93EB016E9BDF507D
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d.......................?......................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................... A".0!#........................!1Q..Aa".q.2# ..Bb.0.....C.$....................!.1..A 0..q.......................!1AQ.aq... .......................R.....nw..EI}.P.....q....1.yp...].c8...5..V..{../...9.ze...q,.....P..y..I..m.....OWw....tM...R..q.@L......Q-..`G............ w...s.\.d=./80.GfxI...'1..._.............)9........)...8~A.............s..>p+...w.z.4.f.ei..R..v?.5.....%...<..';.?....(...MZ..du..........q.a..<.$PR$..".b.(..Q.......:..h..5..}.V..E5o.5...t.#.".t'.(....m.+}k.._....].%...Q...e......h.l.3&..D.=.~S..."./Q..KY.2.Q.7+L.....lR...A....g@..W.4!.E...L.]...Y$.[$a.4.......c67..q..........?...v..[...C.......b.s`..H........$t.y...$....,.f....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Wedding Rings\Resources\is-6N1HC.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):151898
                                          Entropy (8bit):7.962685137752119
                                          Encrypted:false
                                          SSDEEP:3072:Q+o8SrIoFXJ1GviZU1MURqxomyUv+/rQzkeqOaJQxk8AYW16:Q+gXC6++UwxoXUz0JQxJRW16
                                          MD5:231AA681C14F554C72EB46F874AC00D3
                                          SHA1:EC74B95EED2108FFB989D36192BC308508AD5279
                                          SHA-256:48FFD4DDB08B59EEB7763AC77D8514D242B95B35D8D6C0C2100F4E6691567875
                                          SHA-512:9F01FE77AFE90568E05EEC7D17949FD6E769294793D496026EFE9210794E3EE60B14AD960922F7BD003D5504B865BB499E7483826A8D25354C6874D271565B86
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......V......Adobe.d.............................................................................................................................................................................................................................................!..1..AQ..a"..q.2..B#.......R3.br.C$...S4%.....cs&..D5U........................!.1A.Qaq......"2......B#.R.br3..C$.S..............?....q#.j[@..[....DE?,h..3.....y..p.?Kh..Nr;.......5....m{..6....M.-.O...V6..tw.9.-.......K..-l..."l`6.n.QbiPy.W.7....f.................%.76A,..r.C.Q.9b:.&.h.~.w.r]..O.R....s..H..X[..9.~l.u..)G......IL\P.."....%.H....U....WWa...s....-w...#..A..[.....$....Gynh.4..R...S.....j...F........n.mr..kP....(9..KA..D..rU.@.f..S.T........-%...V.T.?p..IWx....u......1...<..:.gxc<.5H._n.B.......~Xu.........:..........OP.o......~......0J.d...x.P).......?..R(....W20...v.8.....REZ.)....O.x`.-.y.1...lmn.J..qr.$X.s.^....r5...WCG..)....j......!x..bP.*YLL.Zd...`.O

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Wedding Rings\is-EKIJH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9153
                                          Entropy (8bit):5.024845276532473
                                          Encrypted:false
                                          SSDEEP:192:thNJ+skLFkLrMNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:thNJFkLFkLrMNJhkLpkL7kLuvyCjqw6N
                                          MD5:E29E6641F4E3C549B2C90B1334050BCF
                                          SHA1:1D08DBBC6551004C567B25F77BE565603288A8E7
                                          SHA-256:09514F71587989753900F2133391CE94215B38851A15CBB35CFB0C08EF130760
                                          SHA-512:753F57D4150716C4FD7AA43A6C769D9771AD21429347613E2911FF478A7FB88FC1B7EFFE3E8763A95CFBB574F45C2EA464DEB1EC8A7FA80A42617E7689955395
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Wedding Rings" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="14532863" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Wedding\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9136
                                          Entropy (8bit):5.022270071824001
                                          Encrypted:false
                                          SSDEEP:192:uzFNJHkLIkLrqNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:SFNJHkLIkLrqNJhkLpkL7kLuvyCjqw6N
                                          MD5:5DF9DDAC8297D0797CBB03E2469C30DA
                                          SHA1:516DC44A3AA5C09EFC994B66B13CFB8956FEC555
                                          SHA-256:5D9E78861800D9FA6285A74216BE4B378074298874A66626C744F0A536586FC7
                                          SHA-512:C7CEF30421D365E6CDF6A3BB438C5D8BB408218C8BCA967DC43CF9A74A05DD385A263E76525D77FE52A6ED79BA3CDE40E2D2C72A7ABA352FE838B83FE763CCD7
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Wedding" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="9720350" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......<Default ty

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Wedding\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):24416
                                          Entropy (8bit):7.965388140015908
                                          Encrypted:false
                                          SSDEEP:384:YRg45wfjOqx9qlWUXd4LEXpLbH3ExGO6bwA2bHtHWRQFzGLIpByINa9FC:5fqWsXd4L4P0vA6CQlw6A9FC
                                          MD5:B42B2D343968A51B5F221ECB7A56B604
                                          SHA1:334AC7A95818590C3E20318648950944404D3A0C
                                          SHA-256:BC6705AC78D61F908B31A43CE5DCBE9C77C6DC342C3D3D2FECC9081AE9EFEE10
                                          SHA-512:0E17013EE7492B8219F2F553C1F73072D4432CB7873AD685BC1C044F7F600E9F9679702C32E1DBE991A2106D77D8DBE5738C81F101DBF3B08F3E77A367741C4E
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............!}..1s.._^......................................................#"""#''''''''''..................................................!! !!''''''''''..........."..................................................................................... 0!1.@P".2.A3.p4.`.#$B%5.....................!1A...Qaq" 0P...2.....BR`..br#..S@...3..c...Cs.4T..5..................P.!.1A. Q.."`p..q...2....................!1.AQ aq...0@....P.p................KXsSM...&..d.J.....J.*.(L....iIi......2E....%j..D...*f.p.&K%...d1...Z..x..T.L.L!....%..E..!sIaX.4R.7.LjV.cu6S.,MRb .$Rh..2.M..6.D..t+....)nE`.t,.(.C...!C!T.P.T#.VX....&Z.m.....rU.T.:k..*....T....(P\..@S..B..5..%....@..&e1.9....4.&..ZY....k..0.......#1*,Yp.dMJ......*.8...e......Hr\..pVBj. .*.."..j......M....(.cvR..I+..QD.DST5....4M&.8I...h..)..bd.TRF.*`'@....cc.......S.....`.#..,.@.B2$...*h\M...h.`...2.b.E$..(...6 q*...4..i..L%.HE6...bj...D.L.b.F.M@.....PZ.....Ynj....#..T..#1.SIe...a%

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Wedding\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):1992
                                          Entropy (8bit):7.532409376751779
                                          Encrypted:false
                                          SSDEEP:48:zKAdD/NzkESJ3Odz7vnfejd68Zq4DONcjXRIK1tMWKzTpPYZ:zddJpG3CvfejVCgmKH7r
                                          MD5:DEE26F41021553A8538DB23983215DBA
                                          SHA1:54926B3236F917823936DCAAAC2FE83307F90EE4
                                          SHA-256:E42C5ABFD4E84712BC66B3DF356F12E97C434C310E5F53BCA5FF0F848A2E5E91
                                          SHA-512:F007399BA0867CCDF252FAB0118C0A8E4DA0058988C11675CB2C313071B6F162D07ABDB5D28864E0D9FF13DAF296976F76C1AAAFCDD4BF46BE14393D2390652F
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................F..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."................................................................................ .....0!1".#.....................!.1.AQ"..a2 q....0.R@...r..3.................... 0..!1a..."....................!1AQ aq..........................bF.A......&V....$`%....\[.7_......._.L...bjp_B..t.[_.s....'......f..<{.&...io.{....(.".._................H.3.....y)..M.D..h.............v..t.m...:..1................{.f....I...`y.~..:...........1.|.d.{Kd4....s....e....P>r...*z..u.x1.._.....v.^_r.....Y..a".%e..V.P....R.......+.`...k......H.P..^W%...8.daS..x.J...".$..........?.F..K.........C........?.F.............?.....# ;.Q..zt.....G.Vo.(..k&.../3.R....9r.TU}....`.Xt....f*{9P..T.8.>N.0.4..q*L...$..d.I.|.."..y.s@.}.0.O.Rb....( .kA..I....Z3..9.U..m.7?w.......)..Y.....T.*N....zr)S.a.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Wedding\Resources\is-9R6T7.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):1992
                                          Entropy (8bit):7.532409376751779
                                          Encrypted:false
                                          SSDEEP:48:zKAdD/NzkESJ3Odz7vnfejd68Zq4DONcjXRIK1tMWKzTpPYZ:zddJpG3CvfejVCgmKH7r
                                          MD5:DEE26F41021553A8538DB23983215DBA
                                          SHA1:54926B3236F917823936DCAAAC2FE83307F90EE4
                                          SHA-256:E42C5ABFD4E84712BC66B3DF356F12E97C434C310E5F53BCA5FF0F848A2E5E91
                                          SHA-512:F007399BA0867CCDF252FAB0118C0A8E4DA0058988C11675CB2C313071B6F162D07ABDB5D28864E0D9FF13DAF296976F76C1AAAFCDD4BF46BE14393D2390652F
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...................F..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."................................................................................ .....0!1".#.....................!.1.AQ"..a2 q....0.R@...r..3.................... 0..!1a..."....................!1AQ aq..........................bF.A......&V....$`%....\[.7_......._.L...bjp_B..t.[_.s....'......f..<{.&...io.{....(.".._................H.3.....y)..M.D..h.............v..t.m...:..1................{.f....I...`y.~..:...........1.|.d.{Kd4....s....e....P>r...*z..u.x1.._.....v.^_r.....Y..a".%e..V.P....R.......+.`...k......H.P..^W%...8.daS..x.J...".$..........?.F..K.........C........?.F.............?.....# ;.Q..zt.....G.Vo.(..k&.../3.R....9r.TU}....`.Xt....f*{9P..T.8.>N.0.4..q*L...$..d.I.|.."..y.s@.}.0.O.Rb....( .kA..I....Z3..9.U..m.7?w.......)..Y.....T.*N....zr)S.a.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Wedding\Resources\is-RJ17D.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):24416
                                          Entropy (8bit):7.965388140015908
                                          Encrypted:false
                                          SSDEEP:384:YRg45wfjOqx9qlWUXd4LEXpLbH3ExGO6bwA2bHtHWRQFzGLIpByINa9FC:5fqWsXd4L4P0vA6CQlw6A9FC
                                          MD5:B42B2D343968A51B5F221ECB7A56B604
                                          SHA1:334AC7A95818590C3E20318648950944404D3A0C
                                          SHA-256:BC6705AC78D61F908B31A43CE5DCBE9C77C6DC342C3D3D2FECC9081AE9EFEE10
                                          SHA-512:0E17013EE7492B8219F2F553C1F73072D4432CB7873AD685BC1C044F7F600E9F9679702C32E1DBE991A2106D77D8DBE5738C81F101DBF3B08F3E77A367741C4E
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............!}..1s.._^......................................................#"""#''''''''''..................................................!! !!''''''''''..........."..................................................................................... 0!1.@P".2.A3.p4.`.#$B%5.....................!1A...Qaq" 0P...2.....BR`..br#..S@...3..c...Cs.4T..5..................P.!.1A. Q.."`p..q...2....................!1.AQ aq...0@....P.p................KXsSM...&..d.J.....J.*.(L....iIi......2E....%j..D...*f.p.&K%...d1...Z..x..T.L.L!....%..E..!sIaX.4R.7.LjV.cu6S.,MRb .$Rh..2.M..6.D..t+....)nE`.t,.(.C...!C!T.P.T#.VX....&Z.m.....rU.T.:k..*....T....(P\..@S..B..5..%....@..&e1.9....4.&..ZY....k..0.......#1*,Yp.dMJ......*.8...e......Hr\..pVBj. .*.."..j......M....(.cvR..I+..QD.DST5....4M&.8I...h..)..bd.TRF.*`'@....cc.......S.....`.#..,.@.B2$...*h\M...h.`...2.b.E$..(...6 q*...4..i..L%.HE6...bj...D.L.b.F.M@.....PZ.....Ynj....#..T..#1.SIe...a%

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Wedding\is-4C9B3.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9136
                                          Entropy (8bit):5.022270071824001
                                          Encrypted:false
                                          SSDEEP:192:uzFNJHkLIkLrqNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:SFNJHkLIkLrqNJhkLpkL7kLuvyCjqw6N
                                          MD5:5DF9DDAC8297D0797CBB03E2469C30DA
                                          SHA1:516DC44A3AA5C09EFC994B66B13CFB8956FEC555
                                          SHA-256:5D9E78861800D9FA6285A74216BE4B378074298874A66626C744F0A536586FC7
                                          SHA-512:C7CEF30421D365E6CDF6A3BB438C5D8BB408218C8BCA967DC43CF9A74A05DD385A263E76525D77FE52A6ED79BA3CDE40E2D2C72A7ABA352FE838B83FE763CCD7
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Wedding" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="9720350" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="70" y1="130" x2="340" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="70" y1="250" x2="340" y2="350"/>......<States>.......<Default ty

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Winter Ice\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9148
                                          Entropy (8bit):5.023081638375015
                                          Encrypted:false
                                          SSDEEP:192:+FNJ+skLFkLrqNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:+FNJFkLFkLrqNJhkLpkL7kLuvyCjqw6N
                                          MD5:B10212372ACE703EFED396F2B547B821
                                          SHA1:31E69016FA1F048E4CC17DB36539ED7A627E0D5E
                                          SHA-256:C7FBAF381EB34AFE4C771021248ABC4EAEFC5A74029256D422E4828E69F57B84
                                          SHA-512:958A0D0B55E6B1E55595915C63D3E01A02E087651D9BDAA2F5BF20968B48E064A8046C132545704F8A6B49E5AE98D3A7ACC33A9C92BE313958B4E530B3571C45
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Winter Ice" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="9720350" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Winter Ice\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):42159
                                          Entropy (8bit):7.970439712634987
                                          Encrypted:false
                                          SSDEEP:768:naCkeIWIHgbbbDrr2AoU5ldK+vCbRV2+YvIfEmVP6CVTO46m9smfr0+l2yd8tnAI:an/gbbvrqBU5ld16n2+qXAYQ1z0+kydO
                                          MD5:44A4F815BDC0E65B64464D72536F72E7
                                          SHA1:67B3F909199B8D9EB10D958FEC979114574B736B
                                          SHA-256:C9FBC6A1808CC982BE8C7636836F5E95CAE61A72EF539F50AD0131BD7CF62CD5
                                          SHA-512:A19CB8E41A6C76EE1C0E413AE0E9E671334B22E3CB8A2CD6167B317FE8E0D2AB66E092A8F799750891FB81E56950055C166C92B1BF0FA58DCB1530877AFB2A50
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............9X..X@..........................................................#"""#''''''''''..................................................!! !!''''''''''..........."...................................................................................!..1". @..A0P2#3.`B..4$.....................!1.A..Qa" q.2.P..B.0..Rb#@...3.r..C.$..c4....................!.1 0@PAQa.q.....2...`p..b....................!1AQa.q.... @..0..P...............dy.~..u.W....Z.c$I.*.<._<..J.2.s..j.RR5.($.......2[..U..-..nd.l..+d&...(...qB:.\IJJ.C....R2 ..f.!!5.H.............<5..g5.:....=.....Ky}Y....3.L..Z.F.C.)U.k.efx.|Ebk..ZV./...vt...h...a..j`b..Y}.:..DT..h.`....2Vf.. .... .......Q...k....&/U.Vm...p.....j.wsm.v.~F&:..{x..4W...B.&.|i........).Ysv.g.s..Y..3.N.8._AN.....wc.1.V+X.R..f$&&&b.3P........... . ....=............{.Y..r.s.*.g....V.:J...o3m.:.....rf.F.....Y.sy.../-GUx.Zj.4.d]..a..1.l..oy+...f"..p.]_".J.p(d....... ........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Winter Ice\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2541
                                          Entropy (8bit):7.692634292610343
                                          Encrypted:false
                                          SSDEEP:48:aAnu+2EgWN3hCvsY16sX4lLbOF8DKKDtpRU1B4SfuKLG1xBEbHI:tRdj9Y16xHOB8oG1gbo
                                          MD5:2E585BA24711EF8D7BCE1C472F91E373
                                          SHA1:59083FB22C37EEF09728E71DF77AD6A4BBD82B42
                                          SHA-256:25613FAF0AAE6378DFCFD6F95D768A57EE1084D10E196CD075D9EE5B8E55912E
                                          SHA-512:44665A486F177CD8ECD7E11605B6F36D861F7801F738B9BB3DF0B79E5A16C3E686EA694090323B785C6F99C9BDDEBC56A005B80297DADC4C9207418C5D2148AD
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............4...T..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".................................................................................. .!..01.".....................!.1.AQa."2. q.....BR....br..#3S..................0.!1 ...A......................!1AQaq...... .0..................t.k.?..0:7?1..>.#O...P.][X.N~....X{6...@..[..h.4.9...9.J.C...x-+v^...=..'g....NIj.AiP...]......f.5..k..................{D...D&fdr.?..............q..>.=f......>a..............9UG...............!}`..\....D....<?b.b.= N.....c.Y...bGs...ck.M.x<qz.....1....I...X.q{zF.c...X..w.mk.m.4.oV.W.....=k.3`.{.Ev.4%.'0.......:.....Z>...z.8.............ugYc\....;N..GW.:....U.........?.B4.6.O.(t!............?.Bv^0X..........?.,Ki.z.i....'Qom...0.y..N8...Q.3_.Q..o.x....Wt7mhG.qP$...."..\.Oy...;&.Gm.$\...".M.M.D].J..u.5 ...A.U...5>.;.,.6....v....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Winter Ice\Resources\is-AVJII.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):42159
                                          Entropy (8bit):7.970439712634987
                                          Encrypted:false
                                          SSDEEP:768:naCkeIWIHgbbbDrr2AoU5ldK+vCbRV2+YvIfEmVP6CVTO46m9smfr0+l2yd8tnAI:an/gbbvrqBU5ld16n2+qXAYQ1z0+kydO
                                          MD5:44A4F815BDC0E65B64464D72536F72E7
                                          SHA1:67B3F909199B8D9EB10D958FEC979114574B736B
                                          SHA-256:C9FBC6A1808CC982BE8C7636836F5E95CAE61A72EF539F50AD0131BD7CF62CD5
                                          SHA-512:A19CB8E41A6C76EE1C0E413AE0E9E671334B22E3CB8A2CD6167B317FE8E0D2AB66E092A8F799750891FB81E56950055C166C92B1BF0FA58DCB1530877AFB2A50
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............9X..X@..........................................................#"""#''''''''''..................................................!! !!''''''''''..........."...................................................................................!..1". @..A0P2#3.`B..4$.....................!1.A..Qa" q.2.P..B.0..Rb#@...3.r..C.$..c4....................!.1 0@PAQa.q.....2...`p..b....................!1AQa.q.... @..0..P...............dy.~..u.W....Z.c$I.*.<._<..J.2.s..j.RR5.($.......2[..U..-..nd.l..+d&...(...qB:.\IJJ.C....R2 ..f.!!5.H.............<5..g5.:....=.....Ky}Y....3.L..Z.F.C.)U.k.efx.|Ebk..ZV./...vt...h...a..j`b..Y}.:..DT..h.`....2Vf.. .... .......Q...k....&/U.Vm...p.....j.wsm.v.~F&:..{x..4W...B.&.|i........).Ysv.g.s..Y..3.N.8._AN.....wc.1.V+X.R..f$&&&b.3P........... . ....=............{.Y..r.s.*.g....V.:J...o3m.:.....rf.F.....Y.sy.../-GUx.Zj.4.d]..a..1.l..oy+...f"..p.]_".J.p(d....... ........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Winter Ice\Resources\is-GJ1NE.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):2541
                                          Entropy (8bit):7.692634292610343
                                          Encrypted:false
                                          SSDEEP:48:aAnu+2EgWN3hCvsY16sX4lLbOF8DKKDtpRU1B4SfuKLG1xBEbHI:tRdj9Y16xHOB8oG1gbo
                                          MD5:2E585BA24711EF8D7BCE1C472F91E373
                                          SHA1:59083FB22C37EEF09728E71DF77AD6A4BBD82B42
                                          SHA-256:25613FAF0AAE6378DFCFD6F95D768A57EE1084D10E196CD075D9EE5B8E55912E
                                          SHA-512:44665A486F177CD8ECD7E11605B6F36D861F7801F738B9BB3DF0B79E5A16C3E686EA694090323B785C6F99C9BDDEBC56A005B80297DADC4C9207418C5D2148AD
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d...............4...T..........................................................#"""#''''''''''..................................................!! !!''''''''''......H.`..".................................................................................. .!..01.".....................!.1.AQa."2. q.....BR....br..#3S..................0.!1 ...A......................!1AQaq...... .0..................t.k.?..0:7?1..>.#O...P.][X.N~....X{6...@..[..h.4.9...9.J.C...x-+v^...=..'g....NIj.AiP...]......f.5..k..................{D...D&fdr.?..............q..>.=f......>a..............9UG...............!}`..\....D....<?b.b.= N.....c.Y...bGs...ck.M.x<qz.....1....I...X.q{zF.c...X..w.mk.m.4.oV.W.....=k.3`.{.Ev.4%.'0.......:.....Z>...z.8.............ugYc\....;N..GW.:....U.........?.B4.6.O.(t!............?.Bv^0X..........?.,Ki.z.i....'Qom...0.y..N8...Q.3_.Q..o.x....Wt7mhG.qP$...."..\.Oy...;&.Gm.$\...".M.M.D].J..u.5 ...A.U...5>.;.,.6....v....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Winter Ice\is-ID60E.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9148
                                          Entropy (8bit):5.023081638375015
                                          Encrypted:false
                                          SSDEEP:192:+FNJ+skLFkLrqNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:+FNJFkLFkLrqNJhkLpkL7kLuvyCjqw6N
                                          MD5:B10212372ACE703EFED396F2B547B821
                                          SHA1:31E69016FA1F048E4CC17DB36539ED7A627E0D5E
                                          SHA-256:C7FBAF381EB34AFE4C771021248ABC4EAEFC5A74029256D422E4828E69F57B84
                                          SHA-512:958A0D0B55E6B1E55595915C63D3E01A02E087651D9BDAA2F5BF20968B48E064A8046C132545704F8A6B49E5AE98D3A7ACC33A9C92BE313958B4E530B3571C45
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Winter Ice" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="9720350" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Winter Lake\Preset.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9149
                                          Entropy (8bit):5.0238175236315525
                                          Encrypted:false
                                          SSDEEP:192:2TNJ+skLFkLrgNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:2TNJFkLFkLrgNJhkLpkL7kLuvyCjqw6N
                                          MD5:EBA18AA6B1656476D467C29F54844BDA
                                          SHA1:5F99CEE26969BF6484E7DD04804DFAA05C4E7B4F
                                          SHA-256:63A44B35C6C625D0E8613314CBD573C1A06243CF447B7F73A0B6D54B3CC6E66A
                                          SHA-512:CF431DA450506F8B4E585E63BDFBA4C71574B77B38370A4CC63199168FCDED95C3CD65FF3C0F6D7C9AD01FD84CD734E9F65E5274B4C234AE45CD53EA5CF691FA
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Winter Lake" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="6831910" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Winter Lake\Resources\Background.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):90794
                                          Entropy (8bit):7.983504359297241
                                          Encrypted:false
                                          SSDEEP:1536:0jQ9AemI2v24fHOajpvLWPYbV1Nm+pz93xOOL7AR:/mI+maVvn3Nm+bxe
                                          MD5:CAB459D40385BB81092EDAA4F14CE88C
                                          SHA1:2ABFCCC6E9398C8EEB0F50720D9AA3432B3F9F94
                                          SHA-256:16AE8F608DBBB18399EC3F5C72701C3541C5429BBBB0511B2DD2723E04A2F284
                                          SHA-512:7CCD77565FF1E18583AC13FAD85444182CB5B841ED62492BAA197F979C95DFE0590B74FDD95108170928322466D7B76515F15C4D99BD5D019E67F18D18D4E662
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............M....'..b.......................................................#"""#''''''''''..................................................!! !!''''''''''..........."......................................................................................!. 1"0..@PA#2$3.`.Bp4.....................!.1.AQ".aq2..B.....R#..b3 ...r...C0P..S$@..c4.`..s.T%.................. .!1.0.@PQ`.Aapq........................!1AQaq.... .0.....@P`p...............t..BI.....@...".RBE..*A...j.....".....RB .I.$ .B.R@D..$..P.BH.$.P..I.$$..B.R..$..PC.AH..aAR.S.0.k...9.%)@.!E%...!.........P!-!@.%.$ U.H...BE.$..$...I.$$..@E I.%A$ @Z@.TPAA.$.$.[. .r9..j.S.PPH.AIRs]....V.T.DX.AAJKHKHH!@.%..$..@.BH...P.@E.$$.HA@.!b...S.PP.ARA!A.$$....Z'5.....$..p..59........CC...<.N@O.S.."H.%."..$..BIBI.$$...PB.#.PBm..B.....PBI.."....]!.$...J9.P. %..@)BH..$R.P.@E.8.8.....LNP.$.KP...A)A#.JP0.@E...Z...B..A..$...9...#R...H..&.R+$z@$.K....E....zM.A..TP.HD.. ......(..$....k."...R..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Winter Lake\Resources\Thumbnail.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3032
                                          Entropy (8bit):7.754688779330086
                                          Encrypted:false
                                          SSDEEP:48:1AIbbB/PP0t6d/M1Lmy2vVtb1fHvFSHsrgy3ssAKtZh3wgYkjywfTk3GMu6b1Jwk:mIXBXGw/MNEtlvgHEgSdXPjLfTOtJEhG
                                          MD5:84F248825D3C1C4529528C484A133A23
                                          SHA1:A768D2D43AD69124FDA1BF61A68522E25C519AF2
                                          SHA-256:FF16A57C6014DAD43BEFD07492B529DA30273806A9500D27EAA75AA3203FF95B
                                          SHA-512:B7A703453997DF916C5E3865CA73F02C5D8A0FF6B739526D5D6CFFB5B8ADE8F105AF6582E1042A71154322CE60641AE7A779625DB287F5D3CDDE286C172671B2
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................!"... .A....................!...1A"..Qa2#q..rB...Rb.3. @....C.................. 1.0@.....................!1AQa.q.... ...............g1.+.tbs...Xiy."..+.{..o.\$@./m.Z......v.r83.y...u..Qy.... .........I4..p.....X.FG...\..<1........Ha9,.d.A.*...U6..p............m}0...-.VYoe..S>...c^..u............nm2...Z.a......nY..]4..........u.eu..ea6..E.B.P. yG......Wm7&.y'.3{!uj...c....-..4.J.$.kV3..F...!.f..(Yl4....w<...5.u.A...-b..N..rB.....{..^.ze9"3.....r..P.j.8..O1@TC|.......\......Z.A.......G...Y.T.~=&a..y.x...tRL.W$.>Z1D.)].[.+....$.E..|.....]Jre;...Ob.....!.:.u..I.qBVmE...(..)H}..&.p/Z..8.{c....L.........?...*;o........?..........?...re`.7c.,h.x.....>..J....M.5'.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Winter Lake\Resources\is-HQP48.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 96x72, components 3
                                          Category:dropped
                                          Size (bytes):3032
                                          Entropy (8bit):7.754688779330086
                                          Encrypted:false
                                          SSDEEP:48:1AIbbB/PP0t6d/M1Lmy2vVtb1fHvFSHsrgy3ssAKtZh3wgYkjywfTk3GMu6b1Jwk:mIXBXGw/MNEtlvgHEgSdXPjLfTOtJEhG
                                          MD5:84F248825D3C1C4529528C484A133A23
                                          SHA1:A768D2D43AD69124FDA1BF61A68522E25C519AF2
                                          SHA-256:FF16A57C6014DAD43BEFD07492B529DA30273806A9500D27EAA75AA3203FF95B
                                          SHA-512:B7A703453997DF916C5E3865CA73F02C5D8A0FF6B739526D5D6CFFB5B8ADE8F105AF6582E1042A71154322CE60641AE7A779625DB287F5D3CDDE286C172671B2
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............................................................................#"""#''''''''''..................................................!! !!''''''''''......H.`.."...................................................................................!"... .A....................!...1A"..Qa2#q..rB...Rb.3. @....C.................. 1.0@.....................!1AQa.q.... ...............g1.+.tbs...Xiy."..+.{..o.\$@./m.Z......v.r83.y...u..Qy.... .........I4..p.....X.FG...\..<1........Ha9,.d.A.*...U6..p............m}0...-.VYoe..S>...c^..u............nm2...Z.a......nY..]4..........u.eu..ea6..E.B.P. yG......Wm7&.y'.3{!uj...c....-..4.J.$.kV3..F...!.f..(Yl4....w<...5.u.A...-b..N..rB.....{..^.ze9"3.....r..P.j.8..O1@TC|.......\......Z.A.......G...Y.T.~=&a..y.x...tRL.W$.>Z1D.)].[.+....$.E..|.....]Jre;...Ob.....!.:.u..I.qBVmE...(..)H}..&.p/Z..8.{c....L.........?...*;o........?..........?...re`.7c.,h.x.....>..J....M.5'.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Winter Lake\Resources\is-O11TO.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 720x540, components 3
                                          Category:dropped
                                          Size (bytes):90794
                                          Entropy (8bit):7.983504359297241
                                          Encrypted:false
                                          SSDEEP:1536:0jQ9AemI2v24fHOajpvLWPYbV1Nm+pz93xOOL7AR:/mI+maVvn3Nm+bxe
                                          MD5:CAB459D40385BB81092EDAA4F14CE88C
                                          SHA1:2ABFCCC6E9398C8EEB0F50720D9AA3432B3F9F94
                                          SHA-256:16AE8F608DBBB18399EC3F5C72701C3541C5429BBBB0511B2DD2723E04A2F284
                                          SHA-512:7CCD77565FF1E18583AC13FAD85444182CB5B841ED62492BAA197F979C95DFE0590B74FDD95108170928322466D7B76515F15C4D99BD5D019E67F18D18D4E662
                                          Malicious:false
                                          Preview:......JFIF.....d.d......Ducky.......2.....!Adobe.d..............M....'..b.......................................................#"""#''''''''''..................................................!! !!''''''''''..........."......................................................................................!. 1"0..@PA#2$3.`.Bp4.....................!.1.AQ".aq2..B.....R#..b3 ...r...C0P..S$@..c4.`..s.T%.................. .!1.0.@PQ`.Aapq........................!1AQaq.... .0.....@P`p...............t..BI.....@...".RBE..*A...j.....".....RB .I.$ .B.R@D..$..P.BH.$.P..I.$$..B.R..$..PC.AH..aAR.S.0.k...9.%)@.!E%...!.........P!-!@.%.$ U.H...BE.$..$...I.$$..@E I.%A$ @Z@.TPAA.$.$.[. .r9..j.S.PPH.AIRs]....V.T.DX.AAJKHKHH!@.%..$..@.BH...P.@E.$$.HA@.!b...S.PP.ARA!A.$$....Z'5.....$..p..59........CC...<.N@O.S.."H.%."..$..BIBI.$$...PB.#.PBm..B.....PBI.."....]!.$...J9.P. %..@)BH..$R.P.@E.8.8.....LNP.$.KP...A)A#.JP0.@E...Z...B..A..$...9...#R...H..&.R+$z@$.K....E....zM.A..TP.HD.. ......(..$....k."...R..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\DVDMenuStyles\Winter Lake\is-QR434.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9149
                                          Entropy (8bit):5.0238175236315525
                                          Encrypted:false
                                          SSDEEP:192:2TNJ+skLFkLrgNJhkLpkL7kLuvyCjqw6vyCjqw8fkp6kQ6DB:2TNJFkLFkLrgNJhkLpkL7kLuvyCjqw6N
                                          MD5:EBA18AA6B1656476D467C29F54844BDA
                                          SHA1:5F99CEE26969BF6484E7DD04804DFAA05C4E7B4F
                                          SHA-256:63A44B35C6C625D0E8613314CBD573C1A06243CF447B7F73A0B6D54B3CC6E66A
                                          SHA-512:CF431DA450506F8B4E585E63BDFBA4C71574B77B38370A4CC63199168FCDED95C3CD65FF3C0F6D7C9AD01FD84CD734E9F65E5274B4C234AE45CD53EA5CF691FA
                                          Malicious:false
                                          Preview:<MenuPreset preset_thumbpath="$basepath$\Resources\Thumbnail.jpg" preset_name="Winter Lake" menuwidth="720" menuheight="480">...<SimpleMenu.MainPage>....<Mask typeid="#1000" type="0" color="6831910" alpha="255" size="7"/>....<Objects>.....<SimpleMenu.Background>......<Content>.......<DrawObject typeid="#0401" metric="3" path="$basepath$\Resources\Background.jpg">........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>.......</DrawObject>......</Content>......<Rect typeid="#0200" x1="0" y1="0" x2="720" y2="480"/>.....</SimpleMenu.Background>.....<SimpleMenu.PlayButton>......<Rect x1="225" y1="130" x2="495" y2="230"/>......<States>.......<Default typeid="#80B">........<DrawObject typeid="#0401" metric="3" path="$basepath$\..\COMMON\Play Center.png">.........<Rect typeid="#0200" x1="0" y1="0" x2="1" y2="1"/>........</DrawObject>.......</Default>......</States>.....</SimpleMenu.PlayButton>.....<SimpleMenu.ChaptersButton>......<Rect x1="225" y1="250" x2="495" y2="350"/>......<States>.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\About.rtf (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                          Category:dropped
                                          Size (bytes):891
                                          Entropy (8bit):4.851908879701474
                                          Encrypted:false
                                          SSDEEP:24:5B0LPfskihCKXhiVDcBBP2q7EihNe7/MWK/EEijb7GQ4X2:5B0LPfKvXhA+2WEQ1tyw2
                                          MD5:74C3EB470580B5019FAF78408A2036DE
                                          SHA1:35645700D3BD473E0F70E67E1A93969D9101DC2B
                                          SHA-256:F8AD8A975DDF34D05135AC7F871754529DEE4862306B2507B892FD808957EB51
                                          SHA-512:3EDE680637F1EA2B5C963ED17481DF7A1EF989286ECBD4C34645C1CA3CBACB8BF83B36C991D1EF07070883DB5BF597C1F7D5E0F57166162A272048FD55583A0E
                                          Malicious:false
                                          Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fswiss\fcharset204{\*\fname Arial;}Arial CYR;}}..{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 AVS Video Editor helps you arrange your video collection or make a home movie quickly and easily.\par..You can edit video of almost all video formats, experiment with over 300 video/audio effects and transitions, burn movie DVDs and export your collections to mobile devices! AVS Video Editor is designed specifically for PC beginners to maximum simplify and speed up home video creation.\par..\par..No Time limits! No feature limits! Fully functional!\par..The only limitation is the AVS Logo on the output video of the compiled projects.\par..So, now, when you decide to make your purchase \endash you won\rquote t need to re-do your trial version projects \endash just recompile them to get rid of the logo!\par..}...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\DrawImage.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 280 x 210, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):25852
                                          Entropy (8bit):7.9790020959609524
                                          Encrypted:false
                                          SSDEEP:384:dTZT6+ay5bDkhZf4p51h9Nc22VUYcO2Mb3vcHFkITZZCwdWujjVuKn0WjY4:rTaQMhR4H7fdYch8kH6ITZYwYYz0EV
                                          MD5:98F028B04E4B84E20985FA0850024FA1
                                          SHA1:D2BF1A5273910989F7B7FD7C73F42856B7C5D76E
                                          SHA-256:38F6D1B6175F553928CC700B07BC0C6E532FACF0210BB59B1D41BC3146019B0B
                                          SHA-512:E28CCEE3969C2B3FD11BB3270EC4120EE99AF5C8B1303B8199D6EE37003CA222B4DF86C5485C20952B5A2CCD206113FC43D6C3044D85C85F14AFFCCEE760F4AC
                                          Malicious:false
                                          Preview:.PNG........IHDR.....................bKGD..............pHYs.................tIME.....6...h... .IDATx..Y.d.y..;..r.....7.74.....)Q..6IY.#.....b.~.bb^<...P.=..'.g4#[.,..d..P..4.%.h..)...............-deg..`.Dw..DVf...........(U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.>.D......>..G}?8.v=....Z...j..B..b= ...?..GR..R...........\f.mZk..8.u....-....x.....Q..t..>...0..B.u...r.\..J.8.vnY..e.J.t2MS.8&.c:..T..R...<.<._....M..Sj.......D)..r.V@.x.0Cf.`..%MS....v.v.t:.:..Q..h42.._8...-GVi...R...2J.]p..h..wi$...-.2.1$I.......<O.a.........?.~..U%`J.,....m.4..y.!3l....v.U.e.i....!..ZVWW9r...&`..Y/GW..RC.L....G.0.9..;.K..Z..i6..z=.0T.............U..`.wh.y..3...=*...}3j.eY...&Q.Q..d...9......?.~..e%`J...f....<.q..5*............T*.q.........o.?.~..e%`.9.W.q)..d.=...}R|...~.]..s.V....V..S..Rr................q%`.y.f.\....@....a.....p.[J..'.Bp....8.~}ii...?...h+..H.a..\.m.;`.Y-..2..h8n..t..4M.}..'O............/.?....{.$.].C.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\FinalSound.wav (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
                                          Category:dropped
                                          Size (bytes):171100
                                          Entropy (8bit):6.658114279944232
                                          Encrypted:false
                                          SSDEEP:3072:UPMdhhOGabiHJUQC2HQwbvZfHGg2WHdEUOSmg5vrXPBm0riKIEBA61M4zOvAuTXO:lB1usvJR3djOuY0yKzOI2O
                                          MD5:1F30373A52DE55D0D07A4422299B2522
                                          SHA1:D2C87EBE888D3377A74DEA4252CC201E94DE00F6
                                          SHA-256:18BC62150EDBB6BC61908D59222F44729FA60292F4ACE7C615A6667CE6BDF676
                                          SHA-512:A93BA1E32A127EEE90A90D96974ECF589A954B2FD11B2179B954D58F9987AF6D2BE672C8BC77CBD9EFC2CFA35E8C01DC0CF273FE8055F6F54984AC928DD57F74
                                          Malicious:false
                                          Preview:RIFFT...WAVEfmt ........"V...X......data........................................................................................................................................................................................................................4.3.d.d.p.r.|.~.....................z...........z.v.L.E.....7.$.....................t.y.R.W.G.J.D.F.7.:.........S.T.............A.@.....5.......(...=.@.................................g.h.........'.#.................'...&.....v.............Z.X.H.I...(.........:.Z.........?.f.].......b.m.{.......................b.J.....".......i.l...............6...&...6.........m.P.............h.>.m.~.(.8.g..._.v...............................................f.].X.{...........s.J.....c.a.............?.@.z.o.............g.x.J.e.y.........6...].......6.V.J...2...............L.......c.$.*.....v...".L.....i......./.....u...................4.....;...........l.............9.}...+.....6.................s.......%.........[...|...).(.[...............D.J.t.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\License Agreement.rtf (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                          Category:dropped
                                          Size (bytes):6926
                                          Entropy (8bit):5.033161562552018
                                          Encrypted:false
                                          SSDEEP:96:5BwfNhYifQnHpXeGxYwTxOd4yk4nkkyG8lUPC2CP/CMcNVr/TIjVmDqGsKrZKPdW:EfhQgyGc/ioQ7KFZ3JHJ/uE2
                                          MD5:AB39FD4B43A42A4187ED29BE0413A30D
                                          SHA1:F804B2B6797713DFA4522205848818951C81E9E8
                                          SHA-256:B7D70F2854C7F2BD7D1D6052032B7597311DAF32C65C73504BADAF68A02B5142
                                          SHA-512:916EB3E494FF61E1B4ACA3193E12AC69940A8676AFA14E43073AFF1D4C9D67CD4F19554313B1597828F20ED2FE8032355C9391EC9DE313B18E9BA46A20CE8162
                                          Malicious:false
                                          Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fswiss\fcharset204{\*\fname Arial;}Arial CYR;}{\f1\fswiss\fcharset0 Arial;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\f0\fs20 END-USER LICENSE AGREEMENT FOR SOFTWARE PRODUCTS OF ONLINE MEDIA TECHNOLOGIES LTD.\par..\par..IMPORTANT-READ CAREFULLY: This End-User License Agreement is a legal Agreement between you and Online Media Technologies Ltd for the applicable Software Products of Online Media Technologies Ltd. Do not copy, install, or use the Software Products provided under this license agreement ("Agreement"), until you have carefully read the following terms and conditions.\par..\par..Any reproduction or redistribution of Software Products or any of its components not in accordance with the End-User License Agreement is expressly prohibited by law, and may result in severe civil and criminal penalties. \par..\par..Definitions: Software Products shall mean and include AVS4YOU Software and AVSMedia Software. \pa

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\MediaLibrary.vec

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):74100
                                          Entropy (8bit):5.9571227235145825
                                          Encrypted:false
                                          SSDEEP:1536:1PMr8AhJEclTiolrOpZNccTZ++/X+gQkov:ihl8olqxbZtIv
                                          MD5:AC7ADB05E265A3C81E8071504BB3C71D
                                          SHA1:B07EA9E93ADA9E618C7199D2516207017ECC1CFA
                                          SHA-256:155CE7E7BC018BE325D511374AD8E0F11AD8F32A56CC240F1EDD3E23154B9BCC
                                          SHA-512:4CE9BD14B73E5B6D5196D307D727DADA0D746ED277B333FBA3492F22C488D0F4261788CDDA6CDB31465D124A78D9732D8082D61AD711FDB66BECF31288089ACC
                                          Malicious:false
                                          Preview:<MediaCollection>.. <MediaCollectionItem>.. <Type>-1</Type>.. <Caption>Video</Caption>.. <Content></Content>.. <TimeStart>0</TimeStart>.. <TimeEnd>0</TimeEnd>.. <VideoTrackNumber>-1</VideoTrackNumber>.. <AudioTrackNumber>-1</AudioTrackNumber>.. <Properties></Properties>.. <MediaCollectionItem>.. <Type>0</Type>.. <Caption>Sample</Caption>.. <Content>C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Sample.avi</Content>.. <TimeStart>0</TimeStart>.. <TimeEnd>19565</TimeEnd>.. <VideoTrackNumber>0</VideoTrackNumber>.. <AudioTrackNumber>0</AudioTrackNumber>.. <Properties>Video - 720 x 536; 720 : 536; 25 fps; 1543,555 kbps; MPEG4 (DivX/XviD compatible). Audio - Channels: 1; 8 kHz; 8 kbps; MP3.</Properties>.. <Image>iVBORw0KGgoAAAANSUhEUgAAADwAAAAtCAIAAAB9FJ8bAAAXR0lEQVR42tV5ebReVXn+u/eZz/nG..Ow+5SW5CEkhIhFgkJioFwaZgtaUOdblsq7alP5aWltpfhbaKQwcHrLqsIhUVKYIMKgEZLUQSyJyQ..kOQOubk3d/zuN49n3kPfc6Hzf/2nq99a967vnPOdc9797ud9n+fZ

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\PreviewAudio.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 320 x 240, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):117717
                                          Entropy (8bit):7.980089841111828
                                          Encrypted:false
                                          SSDEEP:3072:qTn0OqhrAa5c8uG/mBrAKryGSpyZQoHwp7ua8E0yUm0:qDOAgcEeBrAcyUQw30UX
                                          MD5:3EA8117348D2224C42F337A7B15E221E
                                          SHA1:CF09EFC33CE9F6F6515225606CE9A8B4ECA7D99A
                                          SHA-256:D39C494384AD010A263D74E865323C86BE2EE785C00404F711CA6523A88F3E79
                                          SHA-512:ADD8C9847B9AEE64680D9F6AED6FD80CE92E3579180F5B29FC69933F7CF14DDD3B572E6F8DF520024229838C7DDEF73B731F5E13F51F2908EF0BF28F280D5C77
                                          Malicious:false
                                          Preview:.PNG........IHDR...@..........O*<....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx^...x.W....;....{Nw.S.c.cf.d1333333Z.Qfffv....u.c..;..J.....|.K;.l.]o.1a...a.......o.~.....o]....o].q........%:...p....%.......~.:..9..>...~ .....?..N..."M..S._.;..wu...._....'......................~......>.....\...[..../~]..w.Y.Q.?....N.1......x..._........[..................?.E.B..%.~.w^....._.~..m...?O_....?.....o...w.......o._.U.....O..T.S>..?..d.........|..t.......................~....|........._B.*...N...K..U....;p5..S..O....@.....|*..........W/..W....3..w\I...w...?.=./........D...'~.rM...........v...n........~..._/..`..}....$...0a...=:q{........0v....s..6/z......d.._?;l.bf..k..B...^=#.uz.i.+.S..O.[>.g)........<.....?q.CLp...j.S.8....c.......)B....a.3.D7........p4H;.(.A..........2O.f.B.e.F..1.;.a.....S.Y.E.i.e..+...W..[..,..a^v...:,+n#.*.*Qy..U.=....xh[..k....-.,x...+>.QF../9.VQ..~.+BV.....'.P.~+N.......m.W.._

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\PreviewEffect.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 320 x 240, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):60185
                                          Entropy (8bit):7.996110372815282
                                          Encrypted:true
                                          SSDEEP:1536:1n/L25m+BXfIZdY2OzcvLKaPtdJ9OduvfgCRzhsqft:N/Sw+VAYjYjPt9OmTRzhRft
                                          MD5:8A37BC8BA4AB332EA510C96ECC7C3338
                                          SHA1:E4F62B0577F1A64E068EA08BD483A4B251E4CA2F
                                          SHA-256:5E1C6B0FDD14456F3490642E08DB6D4C64EB7A388FE61B1FB6C377A372AB08FB
                                          SHA-512:D82A174FCDF50032EEC166305E354B00FAF9CD5D27487DF5C212D72AD0EA9C8B4E9F756F72BF3AE3319456C9360C45ADA1FEF7FF2C2DF34163165D196546B89D
                                          Malicious:false
                                          Preview:.PNG........IHDR...@..........O*<....tEXtSoftware.Adobe ImageReadyq.e<...IDATx..i.d.q%.~_Df.^@..}.H.... ..I..Z3.i.....n.../.a...|....zz$...").%...ZZ.........Q......>...~......R.d!+322.{...?.8.....$$"...........z...[?......./-.......'y.u}..s.........._..S.).E._......y>.......t....x...WV?Y...U....?!...?..._B...G..s...K`?^...i.T.S_F..r5...D....}..._..g.wyl..0.../SH...l}....zk.....K.<$...}.r.....n....G.M.......eVou.....m...%g_.a..?+.........K..8u)-...x...t.....xL..........1{<<J.....t.....Rsgu!.]e.,..$.oX.`..Lv..o.B..i..=._.....[.v...0...I.7)sY[L...,..rA...o..U...|.\...._..}.....i..U3.Q.L...E.O;.e........;..L\^|.hzz...\.M...>._.o@.m\.Y..OyO\..yw....f....>..{...e......\./...q&..(.....s.e...}..s....._$"..7//p.9......^.Y..._.I.b.N.A@....ig...d..V.H]S..+W..W....r.'v.p..I-.Ua[.....................u%J...T.!?...=...>.g.%..V.mR/.....m..#.}%..u..R[..z.x.....a........B.....bu..,[`.U.z....p8.o.....v...g}.....E...._6.D...,..&)#.3........".N./..w.|.z..m.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\PreviewText.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 320 x 240, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):2224
                                          Entropy (8bit):7.315641924068623
                                          Encrypted:false
                                          SSDEEP:48:jHHaazGuLMmAxKGF5ozGuJmXuy13p36MKxa0cFoRc9GjJEh:zaazGuIm+7YGuJ2f0MKxRtc9GWh
                                          MD5:517CA8729860247EFBC782D3DBFFC120
                                          SHA1:05CC3D2E1CE157DE2FA2E439B70D03C351AB037F
                                          SHA-256:EEAD363B77BE50AD2BDD6BD86D4EA3CC5EB234322C709844ED801DBC63173067
                                          SHA-512:44DCF31AF6AAF4D52720421D85CC1F19AA15FFCDB5A9E2D6519EC00A3D8C6E6C6015E6A1885EEC9155F8B4002B3A035ECC38C300C49B08B82EA11B566BE1ACEB
                                          Malicious:false
                                          Preview:.PNG........IHDR...@..........O*<....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx^..An.0.DQ..}... ........*.B..........o....................3.......~....._...=.......P.z2...O....X........w)x..CQ.......`...:9A..|...nk.q:.:.!...5.E....0.}.........Y[..}..:..\..;.Bw.z{..K...K.."..l......`...f..0s.s...).....B!.g.=..l......`...f...[{...y.R...,.B.......H.1....p.`6.....i.W.E..V..&......F..Q..0....a...=.m.W.W..V..&......F..Q..0....a.(6.k...a..^....'..l......`...f.......S..a...~`Nkx...5Rx..0..\...c.N...g=..B..W.....F.`.[#..(....e..06l.....a...@5.......F..Q..0....a..lj7..B...x].j....5Rx..0..\...c..s..?O.B...0..9......H.1....p.`6..;.....\F..V_..^.S....l......`...f......B......`....0vL.u`...8!V...K....<.^. p..0..c.....2.7.....{O.s)tX}..a.0....c.....2.l..6u>...a...@5.......F..Q..0....a..eS.9..:.....T..0....c.....2.l.....s..y..:......i.....F..Q..0....al.i.....2R..*..B....`k....`....0..M..7<..:..7.......$..c............^./........0..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\PreviewTransitionA.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 320 x 240, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):60039
                                          Entropy (8bit):7.993937774135706
                                          Encrypted:true
                                          SSDEEP:1536:tBaOEt0H6mP2lkbCZxiy2U/bBhu6Mo1wcoeSRA0TuWMFdHH:196m+ubSNvu6dCU0KW6n
                                          MD5:14BE46270A1BF3A0EAB2BE31BB846391
                                          SHA1:C9161397A480E6E5C76CDF66A9C06DC88D690DAB
                                          SHA-256:593C153C5E7E9C8A39CACEDEEAF14EF5E55F5A70ACD7CEE27077AD0D9D3668E2
                                          SHA-512:99EF78846CF9F20F520D617238F7727815BA51DCFF8CEDEBC47AFC128B9897F49DEB6255CC65BA818788CAC8BA3D799F1905BEE6AE795232F3611B49B9CC276E
                                          Malicious:false
                                          Preview:.PNG........IHDR...@..........O*<....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..k.]W.%.q.M."E..^.(..DQR........f../...../...0`.006l...0...`.........=F.tK*=).J..[.#...D...wD...$K.....U.Jf..s....b........*L..d.S.j..._<..~T....o..._.......C.:}5}cz...N?....cw..~a...;$.x...'...j.*o.y...7:}.....'...o....I.a....FyP}D<....}..W..$=..........~j.G.W..O...1.w..w{3......x.......)..7....y....la...wb1...................6.h...........}.Q.....?d...W.....j..lI............2+..d.5S.../.....z...2...zw.K.....S...5..J..7.......j.v]4n..^...~.v."..|...j.oH.B..{...<.k.B.*...,.[q.N..\..`.n..-F"..m..G.n..f...".]...m...r}..b.|{...]..O..s[...=..<6...[.<.Loc....}.0..]'.n..i...p....}..m.W.`s...A...........#.%..[..[.;.......".....t.....i/.0...........y.v..E...Po.....v..2-[...Kt=.Ju...x4.o`h...?.x.)....QV......?\........c..[..+..z{..|.?*..s.L..F...!...zn....J.3.`7..x}C...f.....>\.V...G.G,..2.D.....:.w.Dn....L.[..Xq..Z.:.....(..;.$,..<...X`.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\PreviewTransitionZ.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 320 x 240, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):83029
                                          Entropy (8bit):7.9743384980501615
                                          Encrypted:false
                                          SSDEEP:1536:IKkKcDGj3ZCzV74+YO2m+42+T8Tg6yhkVZIa86bzXEt+reML:I0uGj3M5YOHmJTg6y+eAbzXE8ig
                                          MD5:4F4786DC9CC5233DC341E5D9F1B0693E
                                          SHA1:0F2F80552F2EDCF7DD8CD575ECCFF63999852485
                                          SHA-256:19B0311E595C2BC873681BAB91AA6047AE925DEE2FAA8378179A6D2C796DD83F
                                          SHA-512:A39D2CFFF74DB3F6FE67F9A0D091040366E5A12954E1D6F3AA5EFDC3EE920A6865AA6C552368A986535B685383AC44D8F5F8ABC95B3CDD15BC176F3AAF932DC4
                                          Malicious:false
                                          Preview:.PNG........IHDR...@..........O*<....gAMA....7.......tEXtSoftware.Paint.NET v3.30@.G.....IDATx^....]..n5... ..S...*UU.Tj.JV.RK".......t.....%5..d@`..."4969c2..s..L24n.o~s..9...{....1...>...g..7.\s.=../W..U....=.Ec@U.........a..~.~......d..jOq..A...h...i....m:.j....`.W|.lc?...m.O....g./..G......v......D._'....ag..j..._).......;.-.7u..]..M/..>...l.@..L.Z.....{..z.[.{oU...m...j...E.Q[....i{x...uz.........~.o........6._.........R.K..i_...X......=W..l.3.......2{...f.W.?..H.>....V....o.}._...]...w.....[..o..uc.....Uo\[.qM....6V.]U.zE.....k.?]S......^.....o.}.z..m..}.z....?..a.>.G..?..I.>.a?...<....i....*.......T..~.b......^....?T....7/..[..>$.k......M.N_Y.t6.\......-L'Y'<.?..9.../..O.. ..A..O._\..:.z.....W.....Zv.W7.S..*v0t3..7.g.{..m...-.o......b.E.E......>P........... ...,0.#.M.J...4.........R......&.BW..^......D.>,.~..}..>X...../..>.......y...M<}...2......z...+.?..^.,....G.'.....w..N.E.,{..e....0..Z.\.........-..0..>.}.....-.k.T..[.J.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Sample 1.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=14, manufacturer=Canon, model=Canon EOS DIGITAL REBEL XTi, orientation=upper-left, xresolution=216, yresolution=224, resolutionunit=2, software=Paint.NET v3.30, datetime=2008:07:07 11:07:10], baseline, precision 8, 1024x768, components 3
                                          Category:dropped
                                          Size (bytes):195328
                                          Entropy (8bit):7.921633456627926
                                          Encrypted:false
                                          SSDEEP:3072:3DIx6ZVhkVBqSsEoTKokBpX46Zui5FXaj1nwqUkREgm8ft0MOO:3sxkTg8tKLIarXqj1NRzm8ft02
                                          MD5:6E87BC05B587C89189176C2F359727C6
                                          SHA1:15306873827AB58D1CD1512913457A5F03EC066D
                                          SHA-256:D948EB316DE9186B0BC6145055148A42472205F55FC6D7D88E1205CDE40328B5
                                          SHA-512:0266EC7CA0717FD63706E0FDB1238EDD56458D08FC5F2AB8AB77D5F548774DADD6B53D75887ED7FCB0B493CF6BE9F411D66967376893B524E4EEABE196EDA081
                                          Malicious:false
                                          Preview:......JFIF.....H.H......Exif..II*...................................................................(...........1...........2.......................i...............................................................Canon.Canon EOS DIGITAL REBEL XTi.H.......H.......Paint.NET v3.30.2008:07:07 11:07:10...........&..............."...........'...................0221........6...........J.......................^...........f...........n...................................v...|.......~.......................0100....................0........... ...................................................8.......2008:07:07 11:07:10.2008:07:07 11:07:10.>.......................7.............................H...........P......."...X....... ........... ........... .................H....................4...........6.......................L...............................................T.......@...v....................................................................................................@...........@....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Sample 2.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=13, manufacturer=Canon, model=Canon EOS 20D, orientation=upper-left, xresolution=190, yresolution=198, resolutionunit=2, software=Paint.NET v3.30, datetime=2007:04:14 17:36:01], baseline, precision 8, 1024x768, components 3
                                          Category:dropped
                                          Size (bytes):331456
                                          Entropy (8bit):7.951617652547573
                                          Encrypted:false
                                          SSDEEP:6144:Su79hEN9DutQVGOz84CEuMCSbzREfLBZ3KIDYGWRpCVMnz7o9:phQ9DKQVGOz810CuREl+GgQVMnzE9
                                          MD5:19E7D56312874F1A289F3CE02D498A5D
                                          SHA1:BCB3F4A8A862735CE2B0B4D51E27C61E3A6078F2
                                          SHA-256:27DE15788D19B02DB786EF302D2CB78D023D23AFA17181D8AE47299B101452A7
                                          SHA-512:475A9306FE131853AEAA813758621811E7B2B656CB121739421868957DD364DA7B40783B664932B6CF4A6704D023EF7E1CD331DE7ADE246995B679FC036BA9CB
                                          Malicious:false
                                          Preview:......JFIF.....,.,......Exif..II*...................................................................(..........N1...........2...........i...........................................................8...Canon.Canon EOS 20D.,.......,.......Paint.NET v3.30.2007:04:14 17:36:01..........................."...........'.......d............................................................................................... ...............................................(...........0.......................@...-.......2007:04:14 12:41:15.2007:04:14 12:41:15.........W..............,........w5.u.....#.N.........................................(.......................................H.......H.............JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................k...."................?..........................................................................3......!.1.AQa."q.2..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Sample 3.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=19, description= , manufacturer=SONY, model=DSC-H2, orientation=upper-left, xresolution=288, yresolution=296, resolutionunit=2, software=Paint.NET v3.30, datetime=2008:06:21 22:12:47], baseline, precision 8, 1024x768, components 3
                                          Category:dropped
                                          Size (bytes):248375
                                          Entropy (8bit):7.973226617333487
                                          Encrypted:false
                                          SSDEEP:6144:KBGSZYYBpwx2a2SYbUAsALdAgEM4wg+1EhlkZN:KBZZdBeAa/mUzbgL4b+Whl0
                                          MD5:80FB773A86949BACDE59BCA7DF62200F
                                          SHA1:A58FDAD63E6106603F710F5D2A1E7C2C15927281
                                          SHA-256:41E502D2D0B86E944936FCD904B3ABE41DFF1A1FDA99E86E5B0F9AAC130FAFC6
                                          SHA-512:B1456DE54DC908821D49DF40F30781C303B396C1DD1C909EBCC6D85F33EABA15B9C786519D275E1BDEE13D325AEBC20FC79E4ABBBB71BA3A59BA2E3897F06FD5
                                          Malicious:false
                                          Preview:......JFIF.....H.H......Exif..II*........... ................................................... ...........(...(...........1.......0...2.......@...............i.......p...............................................................................................T....... .SONY..DSC-H2..H.......H.......Paint.NET v3.30.2008:06:21 22:12:47.PrintIM.0300..........................r...........z..."...........'...................0221................................................................................................................................0100................................@.......................................8.......2008:06:20 17:18:08.2008:06:20 17:18:08.................0.......<......................................... ...(...................(...................H.......H.............JFIF.....H.H......Adobe_CM......Adobe.d.....................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Sample.avi (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:RIFF (little-endian) data, AVI, 720 x 536, 25.00 fps, video: XviD, audio: MPEG-1 Layer 3 (mono, 8000 Hz)
                                          Category:dropped
                                          Size (bytes):3907490
                                          Entropy (8bit):7.982737391778191
                                          Encrypted:false
                                          SSDEEP:98304:7JvpabBHikCgAqSvJtmZEm2Py9UgYjUY2uG:1vpadCkDA9JIKQXbVuG
                                          MD5:061BE82905F812EB355790A2613FBCA2
                                          SHA1:3180A6F3FB75D5DC279E45A1CA9AE4BB9DFD22EF
                                          SHA-256:DC623682DED627FFB511885D2F87EDD1BEBE5B9D0D9D58E71F02032398DFEC57
                                          SHA-512:F713F44C9E1B93D3C645E36AB227E44AF25061BC05330D567FAEA6F45924304CCC65825861436B8C6F9869B0901A742EAF1DD553C9CC001C747AB107B3245579
                                          Malicious:false
                                          Preview:RIFF..;.AVI LIST~"..hdrlavih8...@.......................................................LIST....strlstrh8...vidsXVID.................a..............................strf(...(...............XVID....................JUNK................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Sample.wma (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:Microsoft ASF
                                          Category:dropped
                                          Size (bytes):2876273
                                          Entropy (8bit):7.934041551689149
                                          Encrypted:false
                                          SSDEEP:49152:gH1UjdxKMbhPdX4G/60ZP04wXCbhh6dP/wjGvH39bvz+RQKg:gVfMbNdX4G/q10g/wjG5vz+WT
                                          MD5:4D0745DA973B200D78595A45CF747AF7
                                          SHA1:9C9F5205CDBA2B39E89E689CE7B9E3E57276E19F
                                          SHA-256:93DDD3809F1FAD5E7B1F56A71EDD7A13AF2AD8AA4790EDAE20FCA54CD0149D80
                                          SHA-512:AD956F63B56CE8C788C1812A12EBBDA8AB37E7D4EF95B298300D99E07A3D716BBE909FAC6EA2D4CE3BDE6055DCE6164FE1206F591C3C66042D227B302FA65089
                                          Malicious:false
                                          Preview:0&.u.f.......b.l..............3&.u.f.......b.lR.................T.r.a.c.k. .1.7...U.n.k.n.o.w.n. .A.r.t.i.s.t...@............^.P............W.M./.T.r.a.c.k.............W.M.F.S.D.K.V.e.r.s.i.o.n.......7...0.1...0.0...3.0.5.5.....W.M.F.S.D.K.N.e.e.d.e.d.......0...0...0...0.0.0.0.....W.M./.T.r.a.c.k.N.u.m.b.e.r.............W.M./.G.e.n.r.e.......U.n.k.n.o.w.n.....W.M./.A.l.b.u.m.T.i.t.l.e.....H.U.n.k.n.o.w.n. .A.l.b.u.m. .(.3.0...1.1...2.0.0.2. .1.0.:.2.0.:.2.0.).....W.M./.M.C.D.I.......1.1.+.9.6.+.1.A.5.4.+.5.6.5.4.+.8.6.B.D.+.9.9.8.B.+.C.6.A.2.+.1.2.5.2.3.+.1.4.B.3.5.+.1.E.7.7.B.+.2.3.4.E.6.+.2.C.D.5.6.+.3.2.0.7.F.+.3.9.C.2.C.+.4.1.7.E.7.+.4.3.0.3.B.+.4.5.2.C.3.+.4.A.5.6.7.+.4.D.9.9.8.....P.e.a.k.V.a.l.u.e.......{{....A.v.e.r.a.g.e.L.e.v.e.l............u.{.F.....`... ..................G........ Seh............jiM......sq.+......G&#B.............k....p.Jj....(...........V...V.........._......... Se!................... Se........#D...I.A..NEpT......................W.M./.M.e.d.i.a.C.l.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\1321.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):85090
                                          Entropy (8bit):7.9472066403433885
                                          Encrypted:false
                                          SSDEEP:1536:EmQQSnPlJ0/v7nXXWEwobLmi14BHuvveusKnQhizsE8sDVoqY4ddZwebJ4Yk:55SPv0/DnTwobhbqrEzbvDVof4ddC245
                                          MD5:3F8062BAB604B06F6D140DA6DB70486D
                                          SHA1:7DC04C3B444C5F27522FB9DF3B959620376B434D
                                          SHA-256:C6D285B0E8A7AAF129A172281EDC4D2AC5DDCD1C18B3A781B81F702101DDBD66
                                          SHA-512:FD8A7ED0FFFD41930BE5B0E8DA27D2CC36E002D0001BCF5BBD54FC492878D89EB1EB5BBF3658C446959728EA6D07FF2E0E64F0234EA96B8BF069B544BFA00919
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......~...x.27..#x~U.|#v3......O...=8.....I'.lT.[.1..(....q.=..z^.u..........A..f...J.x.).....M........*a....# ..|...[.^..".....it...I..'..6G?..$...U}WV."8R....`~..5.+am..g.I..>%.......H..).v...,<Z..vo..i.....O.....]N. OE...x..-.s...^k.t#...6.a<ic.._...y......%.9`...K.)$...mq.`G..jh.........z.H........BMk.(...$.9.q...8.../.9.@?.1R.K.J.}Nh........=..^?...?....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\235.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):123387
                                          Entropy (8bit):7.972206042228806
                                          Encrypted:false
                                          SSDEEP:3072:6isKuiDMkahtqvflOTPSsCXFGUj59OwokiUPPP7V2tfw4ccnAJ:UKuiTOmflOzqGA9bfiUHP7Vmnccm
                                          MD5:30949EADDE146D05A0DD98695013A311
                                          SHA1:8950A0AED9964B515E5D25935C4C789B1A0F9A0E
                                          SHA-256:395DCA6859F228215382E79AFFE9D3D9893547D5581FFFD4CC07A894645507F3
                                          SHA-512:2962D1BEAF67FB5A93B6424DA92E80CC1AAA2CBD67964B383A72EACB6731F4E8404515D7770C8E03311BEC6BEAC6518BD9CAA4A419DEAB0294F6FE22015F38F2
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...I..N.:..;...m.{.F=:....i....Oqy)..J...q...;z.jms......A...9....7..F.........o..).G.....#....^l..zGu.iz....j.;..kf.e.....?.$.'.lW..O....<.;R..9.cK.ie.4..7!.....l..v.^.S. .J..#o,.X....:.8......Ek....k.6.Z..kM..6...g.....|1....Fpk.St.$.gu8F.'...g.Y_.w.......9"...l-.(.#......y..!..we,9...q.6..............Q.4m0H.>YA.+c...87+"cS.:...6..w.KO.-...`.....d...) ....C

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\284.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):83829
                                          Entropy (8bit):7.94742976689129
                                          Encrypted:false
                                          SSDEEP:1536:EWZ7lr6dGD+bK5eacQVLjAQ9UBy/vhiIxfJO7ZsFFWA2R6zwH:NmASbQV/A345VxfcdIFWlAwH
                                          MD5:F9936ECB1CDB92202C113B00469CFEB5
                                          SHA1:DE043248A930C44960A899E1E3B58E3A1876DFEA
                                          SHA-256:C1155E7BE0FF808A1AC4C41D9A990411FDA6AABDCC5DE6DFB3F6879DFF841EB1
                                          SHA-512:AE62C0C30F3B3EAEBD7469BF22034F185E222F764C1B9779F56B035773B95EACB4A2CA3237989CBE37A12B7BF7C8FA00028AB4E17FD49B0CCFFE3B63DD715BB7
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......f...a.`....q.....5..k/..n.k...w..1....\%/.\..P...0+..a0....i....="|~.......c...?.i.q1.......Er.@.....Z...W>..^}.i<U....Lm..ZC.5...|..$..}j.........$ovb..\B...8.b.1\.1"...Ejh@....X.+-.........}.....3..0...gU...#...|+...j.I.M>.y...(a...`....Hw..1....|D..D.rJ....8..s.G...2.....g..]_.D.mfWP.&...92............UQ..$......u-fa..Zv.....sG>....$...+.w.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\333-v5.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):135999
                                          Entropy (8bit):7.970436852406621
                                          Encrypted:false
                                          SSDEEP:3072:FgO4UJY0JwtRXlcx9haQMmbxve5BbRQ7bytkUY7oy6:FWUJKpQMevOE7kul6
                                          MD5:D53F966DA2DAFAD479BECE0937F37D0B
                                          SHA1:D1EB48F61EE891C258C8A9F61D840B11E466E178
                                          SHA-256:A54CA66104673B6E36161A38724DBAF47E3FE74F53129972DDB293D08EE3C488
                                          SHA-512:9D3D356E89EA6053C2E55C0552C435F42A357E40B7288B5C02031B25E3FF1168F7382C043337ED659DDC468BEC8999EDA2E79256D186901DE01E4A7B492D41E8
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...G.P..?.?...xZI.H!.#..3..x9..=..m....F.;..7$..q......v4.;A.'.d3..'....V...$.@.~...c.9l...'.9e`?....S......9....[.4n.y......z......04K..S_......Y...........F..:.uKk.v..]..SyL.d..T.6..7=F.8..._....+Y..EPT......X..d......sM...U......V.d......`.p>....1...c5~.1..V.i'.....SKN...3.%.q.hw|....@'#.....f.m..+Io..}.Q.i\..pXn.. .<...T.s.....E..i..:.o.../.1.{..JK.kM.d.;M:.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\333-v6.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):145480
                                          Entropy (8bit):7.960654699710433
                                          Encrypted:false
                                          SSDEEP:3072:3/pfgnzzaCb0DZLObqCrH5mlzggo4ChG2wwJm:RE/a9FLOeMZocgxCh0
                                          MD5:17B1C04CB5ADE89C534792400275D8E2
                                          SHA1:9D7FBF40CBBAEA86A0792E02378BD7F6F379962B
                                          SHA-256:D3863A57A98FD61F2F743FE1473F0ED190189E0EF3BA60B81D2EF31F66EF1EBC
                                          SHA-512:E9227AD8FDFD5AEE73AC83F54C47AFBA656470C91666C92837C70C50EB835DFFA3BE9D3EC2EF9D8D1F4E071E0C66A1607CE19969654F2B7DF95AB77902918A5C
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...|....J.T....`.....t..~V..pA.v##<.Ep..tk_.h3>...E...B.Ax!b.......$`..b@-....C{..i.|6...yit...RG@...J.......#.r...J...*..P.u.......%."R.#pRT.\.ld.F.s..u.S..|.n.....$pn.e......pW....58.e...-.?.X........QF.W.C(8.#~......+..{.+...%e..+.2..Bc;....m..'.m~8.....f...ed....4.....w.9$..9.].).]|3./..Z..t.cf.+i.......S8L3....$80K....~.&..........S..k.K.l.$.9........M

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\333.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):127903
                                          Entropy (8bit):7.951270828860192
                                          Encrypted:false
                                          SSDEEP:3072:djwThy9pZmnTJxovExD9/2JmGbTUcWd/dElu6sAI5P:+mpZqTJivyDQ4XcyOspP
                                          MD5:5883739F8FED117A006D08C7634A3147
                                          SHA1:F57198902954444D6C0BEDEBDF98A1DF55AB8F87
                                          SHA-256:680C0B006E93979FDBED1460262529FD57A55513CEF13EC9770D070D3E85D3C6
                                          SHA-512:DB564217062C37E673EC5EF79708F8C7B63E446B1A4E7C11C8E226D2A116CFE0CCB05A6690A480E230650005283D3C604D6E77CE1ABC5B305E6542AF375CE0F5
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...K{.n...I..'.7.#.$.s....&.YO.X..K..4..?e..T...~c..s....v7.nZ..M.v..U..p....cZV.".bcV.Nc.`.=.@.'.{g.~,..../%...Y.{_.....3.W...~,...r...r....pp.....$...X..3.q?2)..............Y...O9.~;.sYz..D.;r.E.y....1...^*.+.'.I}..Y..}....j\......s.0.,..P@#...1.K......H\...\>y$d..\...5.6.Ux$ey.1.g.O..Z...QD....t. ?N2.<.p2.k...$..W.^_.....F.0...t.....|.U.@.v.9.g.]......}w

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\4701.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):166322
                                          Entropy (8bit):7.920920958577026
                                          Encrypted:false
                                          SSDEEP:3072:VyB4tQIuDkjEKniMuAi+uwNe64oZCAeyBr7Ec6O87rrOH+8MJbTie:FhuIliMuAbuR6VFeyBroc6l3rOL6Oe
                                          MD5:B311889C8066D48C35ECC6F2845F39BD
                                          SHA1:97A8DAD983BF8575869FEBD0308004EA058B302C
                                          SHA-256:779C38EC6A84D60CAE655C3CD8E506E6232D4CCF106325E5D4EE437E8E53AF93
                                          SHA-512:D4409D78E1049F5F5F2632B20B92CB6E1B3310670BF569069DE67AB938DB2CA9D2519221013283C88F338D5C64D6364BBECFBCF4B89FFEAF615DFC0C966BD757
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......g..W...u/....|.\.+K...o....u#[DY.Co#H.I%..I.5.I.0~.:.......K.)....z.[@......^......../..c_.@......X..a.@$0=z.W].xh..z..KWl...v.S..:..........I|O..~......n+e...'.........k.oB..p.k.....yK.......&hv.5/.>...L...v....9...H.>.|8..I.|T.C..v.....R.G..f..>.|!.~O..d[.&=M..N.u...2.3..../.~..f..G+5.....<.....H.ij...*..m......J.......Nm+..............H:u..in.....-.T.,x.N

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\890.jpg (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):172207
                                          Entropy (8bit):7.938325670941505
                                          Encrypted:false
                                          SSDEEP:3072:6KkjPVyS/Wkxc1YGCqKbd0mIQGX7UGw/PSQVzvhBnSQKLK51yG0pqf:6KkjWkWxu01rMzvhtXmKF0S
                                          MD5:65DA93E2141E4A25C674E9B938C569AB
                                          SHA1:8EABB021BA5F89C1463CB8E8A45B1C5939BF31AD
                                          SHA-256:C9997E9CFD9F51410047DBBCEFD0A8011F1CC38F212C7D986A67805B1D7A3A98
                                          SHA-512:E871783D78A7DDC4C55E4526B21CE72C574BA03C63255A31E211D730DB57C40CC09E15A1406201A3B3887538825BF13AFDB791580B9DEB65369E8245189D2287
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..?.:M.......T+..=.....'.lN..C..o.....J....W............R.....v.....o.q.!\..kg.p3^.........+...OR.E..1>d,:. $.u.G....5i...........B.6.n...o......r......:..s^-.2...+~>~.~%.h..BM/...Wwrx.^.........*....{..Q...U........V....ZKy6.>..I...\.0.!.F8.....g..._xc._....+..S...72.M..{#@E.%.E.pB.^I.84-...&.K.............~..a.O(.s"..|....0T3K(@...*. UP.W...^.....|....._.]."k

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\balloons1.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 633 x 498, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):39154
                                          Entropy (8bit):7.944667042867273
                                          Encrypted:false
                                          SSDEEP:768:m35sV8OS9Mzt41CcoSBShM/XPtI9mtb9fPWbaW0H4gMrVMmVfm4eywIE:5V8X+ztMjoKXRb9H50Mmk5PIE
                                          MD5:3403338112A26EFFDBBC23559C6A3EC6
                                          SHA1:58133DF7AE80B88A5491D4DB6E4C0873709981F2
                                          SHA-256:3DF5C032064B5CBAA55C9B873940AEB92570909D1E6BE277296D0B10613B3823
                                          SHA-512:8626D5A9D5042171939C53CD15FA84CE85B7454992DD9B754F3158B1FE0CFF1848604AAAA3264A01568904CF1413C3E7373E4850B3011F87089110EE8CFF758C
                                          Malicious:false
                                          Preview:.PNG........IHDR...y............'....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\balloons2.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 633 x 498, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):39203
                                          Entropy (8bit):7.945612626934056
                                          Encrypted:false
                                          SSDEEP:768:m354cHuu3PhBNGZrcKHxSejmQ+gaMZvooHJki0kaUUSiSty+l:JcH/3PhzG9AejmQ+BnMJk/LOtyk
                                          MD5:B82B367F8643CF725A2CD0FA93E406DA
                                          SHA1:23B96190E68ECC07BF0C13CCC30DC74DECF91CF1
                                          SHA-256:08E344CFA1CF60CF1C7657739C3985482CD54BBE525A27168E48FCD23D244281
                                          SHA-512:FA895A48A31D296AA4831FD3774217C018527379BEBA63C9A2C5AE9656E899E9B5F34EE778FF213C87884E30CD89865985FF65E1DE5208E7C1CFEE1A6D3DAE5C
                                          Malicious:false
                                          Preview:.PNG........IHDR...y............'....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\balloons3.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 702 x 571, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):44940
                                          Entropy (8bit):7.904675656724733
                                          Encrypted:false
                                          SSDEEP:768:bKCk+dqjNukkzr9K6XqlwHdmODfNiQNiT/8u9IYsWr5vL6+7Z3g1QuccyyfV:N3YZuRf9K66Q8On29IYnR3EQrc/V
                                          MD5:7BEB7B8157F1D1555565CADDEB63C24F
                                          SHA1:478B9333310777BDA6FE5FE65BB028B2CEEF6B71
                                          SHA-256:2DA6BF1915EF7C9FCF640E9991DE9834A28BBFBF2E90725BF5B0154CFFF3B54C
                                          SHA-512:9EA1743DFFCA68A274A90890F95BC0CA6C0341156DB7648E241DE85B87B0B988AE46760573C039F0AAD4390490689F8E4B38756AA7D419FB543A4408598D8E27
                                          Malicious:false
                                          Preview:.PNG........IHDR.......;.............tEXtSoftware.Adobe ImageReadyq.e<....IDATx....\U...n.. $...).....H.1.... 6..H...QT..QQ.......4.vc.:OZ|(..P..;..b.i.H .L..#!..;..)N...........U.S.9U.;..^.T.T...@.Q*..&...[.z%..K.S..%.m].'.....M.s......k^.........0h..Z.,..o.v.....2.p...Ur.O.............`p....W...J...G. .%.hV<.kzn...Fm..:..@...".....W.:>...^.r.,....ky%by~.$...B\...........k....AH^WE ...5.n.q....(.E......@.I.Fx%.^..,...\..%..s0..&Iy.........Q*...j%.zR.v.Lh^....rz.#....6..I.K..T,.-H.!........Rzm.$.L..&}.1.^....G..<.I0........p..Iolj.D.}2^.x.yQ5I.kyI ..reI..._....@r.76..L*.!...yt.3..K....&..(....D}.v=.......\.}K..Da9.>..I}..IZ. .>.....oL../._....@v..^"}..Dq.a.k ....z]..B.....o.........].}...+.".!.......Dzm.i....~..m.rf......&..r....b/.$8.}.E{m....Bnm...H.!......v..t1.HqL].RA.].G.....d.'..z...I'...;@|........%.cW$U2.M"..H.6.......+..Om..:.B.%.-|.,.......n.......l..j%6U.....t...5.3..[."..B|........j.......j....$..J.e.G{]"lk.azN.&..9.^......@'Joh

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\balloons4.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 702 x 571, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):45729
                                          Entropy (8bit):7.91251771475654
                                          Encrypted:false
                                          SSDEEP:768:Om+VlpFd3Yqfkzae3AUgyoQcl8jb0Chp5SUrHyr3Pov2kqOZbDVK:B+Dpn3Yq82O1jNjQChnSCyijbc
                                          MD5:22D4B70FD26FB1DAD316101BCBEBA431
                                          SHA1:7C3FCDE4D4C3699260D8976D8D69FABFDAA5FB4F
                                          SHA-256:B68F21D3CDE8002BE500397424644800AD2F137203330095ECC36D5631B702DE
                                          SHA-512:BD6F79BB0627B3D5C48DAA5D7778D405F1898D6B21B077B48D774C760E381245788A7C092B0CA7C92BFB9D02007467CFF3250C72A6438FA0801AC5ED81EF0318
                                          Malicious:false
                                          Preview:.PNG........IHDR.......;.............tEXtSoftware.Adobe ImageReadyq.e<...CIDATx.....U....;d!...@ .....@H......Ax.d.A.Q10ln..#...,....8.88y...A...... ...D.....N0......r.so......<......?u..s"R...Hp>.,..^.9..t.R...eu.m......t..5..z.z..y..p!...)..R."..+.O...#._.......b@.D.$.6....u....N..D.9.,2.YD5.........W.MQYr.X...,'.r......s,.].{.u.....Q.....|..+.6..H.n}IT...#.I..3d...w.../......%._.]....M.]d1D..E.!..../...L....<..J.......3.U9...Y.T-7...>....3...G.`.......F...LXs.\.a6=O.u.eS..iY.p....y.Tz.]..Pb.....7|#..`..Dz.bL.1v}-........./.,#.mu._R... ......W....u]..X...$.4"lz~.i.*....V...i$.T..t...j+........DHmi...h.e>.u..{~6l.+......t.E.|.!..a.J.R......T..m.CH.o...kT.6.".D.F.]...eY.4.<.9.-..........M.l..|/.Lz.='.P.:..-r..V. .B.U.K....>nhQ.........7.X'"Y..Iz+BAV...W.$.9...rVLm..t..n.P...).(..........H.:.nc+u...X"...@..R...]....._..J.......@O....."...5.:H'....f.M.g=....?..$..j.u..J.F..`.0....zB|%Ri.....V...2.7+....\!....8I..D.U"\...(.......DX#....G."..r.....J.J.t..\/.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\balloons5.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 554 x 530, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):49104
                                          Entropy (8bit):7.957457973246009
                                          Encrypted:false
                                          SSDEEP:768:A350LnsjJ08vTGI7ZLY4ivZZeG/8u6uapKBLHX2HQ3CvYiHyCtgBxmqx:zLnsjJ0cKIQb8uEIxBCACUxmqx
                                          MD5:17D1520C03CEFD716BA65751A7046D60
                                          SHA1:EF56CD270278FE2044446D83A2129F0A47552819
                                          SHA-256:A16F4AF7E2EA7277C626B775F3CA17D29D97FC0A7C489A5AD892BDAB49BC17EC
                                          SHA-512:307AD38AAC60AE45C4264A9EBF5C36A971425AA0F856BC5BEBE986DBD92A0363B148A1093AC82D6553ABC530B46B19A2C43C3DED190F1B7990347CAD57C73FF4
                                          Malicious:false
                                          Preview:.PNG........IHDR...*............s....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\balloons6.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 554 x 530, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):48026
                                          Entropy (8bit):7.9554159742984245
                                          Encrypted:false
                                          SSDEEP:768:A35v4vkb1sra5QBmABNESRsk4welArt7OB8MUyB7kUABQP+yXm8bvsp:rcb1sraMEssk4wel8tDPy2UABQCKUp
                                          MD5:BC156596AE5D9E382E04A425F7D831B9
                                          SHA1:0EAE1194C7D616C24C23A31C4765987FA6C2F579
                                          SHA-256:D0058BBFF65E52243E2760199D162B45B88F347CB88A103D987DF3D0988B8CB3
                                          SHA-512:4A64047FFEDFAB09AEA644F12698712AE37027726F4A3CBD3475CBC23BC3A368EB533E126D4A5A9E76FBC446413B4F23B0449303BCF2B39C57A589F801D3549F
                                          Malicious:false
                                          Preview:.PNG........IHDR...*............s....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\balloons7.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 561 x 413, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):19328
                                          Entropy (8bit):7.82079084968758
                                          Encrypted:false
                                          SSDEEP:384:fJXE054moywHDQ82iEaX7u4dMFJlRVTXMrouAmAL6ZCnvCz7:d354mpwjx2qu4dMvbtXMrzAmGn2
                                          MD5:3D621FCF3E6CB00562F985A706A66B30
                                          SHA1:5777F1F266D4D36C74D4889EE59E8385782AB123
                                          SHA-256:2D9BCC27201535C16B678BD62D003D70BEB02C6A81855421E0D3C5E3D1039A58
                                          SHA-512:0409F39C78BD39D44E7882C462BF0830B852B5F75966DC337DF12BA502114CD9A8FAA54F132217B2B4C2E91C38DB194F0D768A63304A5CBA62C57B858071B73D
                                          Malicious:false
                                          Preview:.PNG........IHDR...1..........Y".....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\balloons8.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 561 x 413, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):18914
                                          Entropy (8bit):7.804915058677732
                                          Encrypted:false
                                          SSDEEP:384:fJXE05zBQaGge37SuUZ63/P7BVAAtjRDdnA55D:d35t1e37Xj/1VFjdnA55D
                                          MD5:07155900EBFF39476ADF7A9E13FD5229
                                          SHA1:50E52330D3CFA12837C95C904E8FD5F78C4B2F08
                                          SHA-256:B431A682CCD7421D2C34AA93772B0C5FDB4447B1C340C7EDF71AFB690E6615EA
                                          SHA-512:1DA959A1CF8BC333816A6BA9AC531738AEE2142431D18F08BBFD8AB3C0D25CBDBBC860940355ABB08498CA2B7B1971A6C11066C3177A06DF707FE1759E801843
                                          Malicious:false
                                          Preview:.PNG........IHDR...1..........Y".....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\fire.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 1908 x 644, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):223599
                                          Entropy (8bit):7.972609203346843
                                          Encrypted:false
                                          SSDEEP:6144:CK1QttSIX5tmi7ARGzjMO1gr2PXiHJt7ix1fhr3X/GxW:kX5dsRWirwX6JJ21fh9
                                          MD5:96529007F115A2648AAF95DB3DAC945C
                                          SHA1:5EB85F381FF699F6240CEC62DACA8C585B39B244
                                          SHA-256:8BE73D7F74AD221CC5657AE0BE4D6D756DECC0A2B603FDCD967646E1C00760EE
                                          SHA-512:68FEC6C122C4ABD9E093212DF93325BE6A6611B5FFAF929CC6B479DC1F1B79F2348DB91EE5F11703E91C32CB0D4CA35767EF48D3C6E39A3F5BB827B9D8156B67
                                          Malicious:false
                                          Preview:.PNG........IHDR...t.................tEXtSoftware.Adobe ImageReadyq.e<..i.IDATx..K..W..w...$...J.R..Z5S...Vu. .k..Q.e..B..]3.4`x....Z....m..xa....m.=..<.w.W.l.CJ...K...ER|e2...#n......w^...."yo<N..q....;EY...................@zLp.................. M t................. Q t................. Q t................. Q t................. Q t................. Q t................. Q t................. Q t................. Q6.,p.................. 5..D........................................$....................$....................$....................$....................$....................$....................$....................$....................$....................$..N........+Fq...J|....................rd,.5...a............p.B.......,>g. .............=......... ................A..........c.v!............H..]............/...........Q.....0. l....................]...y.Y.@..S._.......................{......................a.7C.l...O@.............kl.c9d....$....c0f.%J...S. .....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-02GAR.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):83829
                                          Entropy (8bit):7.94742976689129
                                          Encrypted:false
                                          SSDEEP:1536:EWZ7lr6dGD+bK5eacQVLjAQ9UBy/vhiIxfJO7ZsFFWA2R6zwH:NmASbQV/A345VxfcdIFWlAwH
                                          MD5:F9936ECB1CDB92202C113B00469CFEB5
                                          SHA1:DE043248A930C44960A899E1E3B58E3A1876DFEA
                                          SHA-256:C1155E7BE0FF808A1AC4C41D9A990411FDA6AABDCC5DE6DFB3F6879DFF841EB1
                                          SHA-512:AE62C0C30F3B3EAEBD7469BF22034F185E222F764C1B9779F56B035773B95EACB4A2CA3237989CBE37A12B7BF7C8FA00028AB4E17FD49B0CCFFE3B63DD715BB7
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......f...a.`....q.....5..k/..n.k...w..1....\%/.\..P...0+..a0....i....="|~.......c...?.i.q1.......Er.@.....Z...W>..^}.i<U....Lm..ZC.5...|..$..}j.........$ovb..\B...8.b.1\.1"...Ejh@....X.+-.........}.....3..0...gU...#...|+...j.I.M>.y...(a...`....Hw..1....|D..D.rJ....8..s.G...2.....g..]_.D.mfWP.&...92............UQ..$......u-fa..Zv.....sG>....$...+.w.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-5HCN1.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):172207
                                          Entropy (8bit):7.938325670941505
                                          Encrypted:false
                                          SSDEEP:3072:6KkjPVyS/Wkxc1YGCqKbd0mIQGX7UGw/PSQVzvhBnSQKLK51yG0pqf:6KkjWkWxu01rMzvhtXmKF0S
                                          MD5:65DA93E2141E4A25C674E9B938C569AB
                                          SHA1:8EABB021BA5F89C1463CB8E8A45B1C5939BF31AD
                                          SHA-256:C9997E9CFD9F51410047DBBCEFD0A8011F1CC38F212C7D986A67805B1D7A3A98
                                          SHA-512:E871783D78A7DDC4C55E4526B21CE72C574BA03C63255A31E211D730DB57C40CC09E15A1406201A3B3887538825BF13AFDB791580B9DEB65369E8245189D2287
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..?.:M.......T+..=.....'.lN..C..o.....J....W............R.....v.....o.q.!\..kg.p3^.........+...OR.E..1>d,:. $.u.G....5i...........B.6.n...o......r......:..s^-.2...+~>~.~%.h..BM/...Wwrx.^.........*....{..Q...U........V....ZKy6.>..I...\.0.!.F8.....g..._xc._....+..S...72.M..{#@E.%.E.pB.^I.84-...&.K.............~..a.O(.s"..|....0T3K(@...*. UP.W...^.....|....._.]."k

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-9U8ME.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):135999
                                          Entropy (8bit):7.970436852406621
                                          Encrypted:false
                                          SSDEEP:3072:FgO4UJY0JwtRXlcx9haQMmbxve5BbRQ7bytkUY7oy6:FWUJKpQMevOE7kul6
                                          MD5:D53F966DA2DAFAD479BECE0937F37D0B
                                          SHA1:D1EB48F61EE891C258C8A9F61D840B11E466E178
                                          SHA-256:A54CA66104673B6E36161A38724DBAF47E3FE74F53129972DDB293D08EE3C488
                                          SHA-512:9D3D356E89EA6053C2E55C0552C435F42A357E40B7288B5C02031B25E3FF1168F7382C043337ED659DDC468BEC8999EDA2E79256D186901DE01E4A7B492D41E8
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...G.P..?.?...xZI.H!.#..3..x9..=..m....F.;..7$..q......v4.;A.'.d3..'....V...$.@.~...c.9l...'.9e`?....S......9....[.4n.y......z......04K..S_......Y...........F..:.uKk.v..]..SyL.d..T.6..7=F.8..._....+Y..EPT......X..d......sM...U......V.d......`.p>....1...c5~.1..V.i'.....SKN...3.%.q.hw|....@'#.....f.m..+Io..}.Q.i\..pXn.. .<...T.s.....E..i..:.o.../.1.{..JK.kM.d.;M:.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-B064A.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 702 x 571, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):44940
                                          Entropy (8bit):7.904675656724733
                                          Encrypted:false
                                          SSDEEP:768:bKCk+dqjNukkzr9K6XqlwHdmODfNiQNiT/8u9IYsWr5vL6+7Z3g1QuccyyfV:N3YZuRf9K66Q8On29IYnR3EQrc/V
                                          MD5:7BEB7B8157F1D1555565CADDEB63C24F
                                          SHA1:478B9333310777BDA6FE5FE65BB028B2CEEF6B71
                                          SHA-256:2DA6BF1915EF7C9FCF640E9991DE9834A28BBFBF2E90725BF5B0154CFFF3B54C
                                          SHA-512:9EA1743DFFCA68A274A90890F95BC0CA6C0341156DB7648E241DE85B87B0B988AE46760573C039F0AAD4390490689F8E4B38756AA7D419FB543A4408598D8E27
                                          Malicious:false
                                          Preview:.PNG........IHDR.......;.............tEXtSoftware.Adobe ImageReadyq.e<....IDATx....\U...n.. $...).....H.1.... 6..H...QT..QQ.......4.vc.:OZ|(..P..;..b.i.H .L..#!..;..)N...........U.S.9U.;..^.T.T...@.Q*..&...[.z%..K.S..%.m].'.....M.s......k^.........0h..Z.,..o.v.....2.p...Ur.O.............`p....W...J...G. .%.hV<.kzn...Fm..:..@...".....W.:>...^.r.,....ky%by~.$...B\...........k....AH^WE ...5.n.q....(.E......@.I.Fx%.^..,...\..%..s0..&Iy.........Q*...j%.zR.v.Lh^....rz.#....6..I.K..T,.-H.!........Rzm.$.L..&}.1.^....G..<.I0........p..Iolj.D.}2^.x.yQ5I.kyI ..reI..._....@r.76..L*.!...yt.3..K....&..(....D}.v=.......\.}K..Da9.>..I}..IZ. .>.....oL../._....@v..^"}..Dq.a.k ....z]..B.....o.........].}...+.".!.......Dzm.i....~..m.rf......&..r....b/.$8.}.E{m....Bnm...H.!......v..t1.HqL].RA.].G.....d.'..z...I'...;@|........%.cW$U2.M"..H.6.......+..Om..:.B.%.-|.,.......n.......l..j%6U.....t...5.3..[."..B|........j.......j....$..J.e.G{]"lk.azN.&..9.^......@'Joh

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-D1FN1.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 561 x 413, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):19328
                                          Entropy (8bit):7.82079084968758
                                          Encrypted:false
                                          SSDEEP:384:fJXE054moywHDQ82iEaX7u4dMFJlRVTXMrouAmAL6ZCnvCz7:d354mpwjx2qu4dMvbtXMrzAmGn2
                                          MD5:3D621FCF3E6CB00562F985A706A66B30
                                          SHA1:5777F1F266D4D36C74D4889EE59E8385782AB123
                                          SHA-256:2D9BCC27201535C16B678BD62D003D70BEB02C6A81855421E0D3C5E3D1039A58
                                          SHA-512:0409F39C78BD39D44E7882C462BF0830B852B5F75966DC337DF12BA502114CD9A8FAA54F132217B2B4C2E91C38DB194F0D768A63304A5CBA62C57B858071B73D
                                          Malicious:false
                                          Preview:.PNG........IHDR...1..........Y".....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-FQVCE.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 1908 x 644, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):90939
                                          Entropy (8bit):7.950084351912887
                                          Encrypted:false
                                          SSDEEP:1536:9p9b1bjp88m64GowwRL39FthBSNxULg+kVCAwODC3XmAtIajgIxx9lLERNi:9p7988ibrRxQssCB3XtTxzR
                                          MD5:744015CA96B734031DFD43DBB9D2B36A
                                          SHA1:1852D3D456C993190BB323A5B034B2A3EAA95E21
                                          SHA-256:56CB4C63568B59FF47F48FA2F516BC1AD2281DC6887FDC8F5C21A558CB6AB2D4
                                          SHA-512:C559276A533499C36620C594811561B01818840B98F9F3F8CA43B3009DFB299E0ECE2032F0960E9A91BB891A42B84B79EF815960F23435D746BD05944A59955D
                                          Malicious:false
                                          Preview:.PNG........IHDR...t.................tEXtSoftware.Adobe ImageReadyq.e<..b.IDATx...q.\../....K.9. ..X...()....b.x.X.b.D,.%.$.".C..$$D.HD1(..P.T*..(...*.EQ..T.p.r..o.r.....w.}....^.g..Z.?.xh.f.5k.L........I.......4.........@3.t........J.........P.].................4.@...................%........h(........@C.t........J.........P.].................4.@...................%........h(........@C.t........J.........P.].................4.@.........~4E.ee.[...d..-y..s-....r.w.........2M...\..x.X.w*.gU.....\..x.\..8...>.+=.[..>.+......,.....L....\Kz<.q..s..g?Ks}.ku.......y.s=...Gr]...<.]R.........c.,......,.....;....n...-.{.;......|...}..!..sS....]......`q....u...].A{q..m.._..k...xo.......sb..KS.....W.....\.........8LC..]....tg...N........^........}.......V......`.LC.n...V..Z......r..|.Uc:n...a.-......,.........Fp.........=.=...L.\......XT..C7TY..S..;.....W*>/..ux...}^...t.~.........S..)y..t..`.X.vi*...</.q....{.c.....\......Xd..C7DH...*n.......?...\.....\.Gt..r/.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-FRCKJ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 800 x 714, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):633228
                                          Entropy (8bit):7.997395879983726
                                          Encrypted:true
                                          SSDEEP:12288:0xqTWBnYgwnVGgwdE6v3M9E8Va/3aaobBCDcWSn7pHDAb+7yZLWaJ:0oCBYgMKFv3IVaSUf8lDd7yRWaJ
                                          MD5:BE5CEBD01C6DE565E66561B245BB27C6
                                          SHA1:B5EF4EB14E87FA06717A49BD93659BC515B23685
                                          SHA-256:08C20EF6578D680296961F3454B88DF457BAB9D00889AC3A67249F3DD0332681
                                          SHA-512:D64C85EE590CAC729148340A4C1E85097CDD5BA28E18B91AA0E8F7BBCE24306B38728FE472344B4066FE5A0FF8D8CABB88C081409508EB961FC051AA608B4ED7
                                          Malicious:false
                                          Preview:.PNG........IHDR... ...........58....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..m.n.U.6.\.}..9...{ml0......NI.@..JQ.".Z.(....*U...j...Q+.gUUBj.GC.A.B>D.Ac..6`S.............c.g.9..!..Q;.9.s.~?.k.1...<#.Rh.1..c.1..c.1.........1..c.1..c.1..#..c.1..c.1..c.1F.2..c.1..c.1..c.1..1..c.1..c.1..c. c.1..c.1..c.1..#..c.1..c.1..c.1F.2..c.1..c.1..c..d.1..c.1..c.1..c. c.1..c.1..c.1..@..c.1..c.1..c.1F.2..c.1..c.1..c..d.1..c.1..c.1.....c.1..c.1..c.1..@..c.1..c.1..c....1..c.1..c.1..c..d.1..c.1..c.1.....c.1..c.1..c.1..1..c.1..c.1..c....1..c.1..c.1..#..c.1..c.1..c.1.....c.1..c.1..c.1..1..c.1..c.1..c. c.1..c.1..c.1..#..c.1..c.1..c.1F.2..c.1..c.1..c.1..1..c.1..c.1..c. c.1..c.1..c.1..@..c.1..c.1..c.1F.2..c.1..c.1..c..k.c.t....k8...Q^.........B%'.].........R_[(..6/........51L.Y.t.X.W.......?7.X?..'..9..I.....\..?...Bw..w...^K}.\oN...M.;...H..N^+.~ONI./t.V...6..._.s.....9.......{..V.rO:ox..[.}L.....K...!.oK.......z.>.=.|...\..T....Y...Z..}6...c...s.......\J......+T.G....+.Y.u.Kx.yM..3~.\w.... .

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-FSAOD.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 554 x 530, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):48026
                                          Entropy (8bit):7.9554159742984245
                                          Encrypted:false
                                          SSDEEP:768:A35v4vkb1sra5QBmABNESRsk4welArt7OB8MUyB7kUABQP+yXm8bvsp:rcb1sraMEssk4wel8tDPy2UABQCKUp
                                          MD5:BC156596AE5D9E382E04A425F7D831B9
                                          SHA1:0EAE1194C7D616C24C23A31C4765987FA6C2F579
                                          SHA-256:D0058BBFF65E52243E2760199D162B45B88F347CB88A103D987DF3D0988B8CB3
                                          SHA-512:4A64047FFEDFAB09AEA644F12698712AE37027726F4A3CBD3475CBC23BC3A368EB533E126D4A5A9E76FBC446413B4F23B0449303BCF2B39C57A589F801D3549F
                                          Malicious:false
                                          Preview:.PNG........IHDR...*............s....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-GMI1R.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 720 x 540, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):192118
                                          Entropy (8bit):7.99413788875094
                                          Encrypted:true
                                          SSDEEP:3072:VplKTyHeBS7Ij7h51xFcrq+bieG9mu4rrvWt/fjbwCp4hJMTFmN8Vgh6PcfhFEXo:VpQW+BS0jjBmbiee1Wrq/YCp4hJMTFM7
                                          MD5:5AB883F9D423D0EE116336CF07C62DEE
                                          SHA1:365626A7C8510E0860747FCC8FEB7AF7D619D136
                                          SHA-256:6801D427A90031E83773AA3035A4EAC56D95264A16E9F9FC2917858B5884AC1B
                                          SHA-512:132245CC6B8F8015FD35CCFBD57ED0924C8D615EEC54BE60081ECFDB1CBA51938D8F4EF54769F6CA88249B3B2E66E1C1A9B0C0A0EDA8D69FD06FBD7997B8C72D
                                          Malicious:false
                                          Preview:.PNG........IHDR..............}.S....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...$Y..wUTDt....r...&....>.../B..".h.\p....W....nH6.Qdu..*."#c...F.ET..w.\3uu5s...\...if:.J.7_...?.?....U.:M..pG.eac..<o.....=..v.|...o.........=.}..l...w^...\.......O..=?......\i...J.......wh...'..t......c.}k/}g.~...+{...=&..s.n}{.f....B.!.....Lp3wH$.)..+B.."..7t.0W......"<.3.si...E..=...{7.x........=...e....s...:..........t...ji6..?+...^.....O.,..B.!.p..&...ra..........k..8#..d:.\f.Q.zm..\n.H/..$..=.d7.]k..._C..n..!..G...po~.<...=...o63..?v%:...DK...B.!...h&.q..1....d..N..j ..'...<.....q..O..V...".K.L.1W.}...|*MD..6B...:~.s.|.Sk..(.._T...<.J.....Y.!..B.a..{.8Mt.........v.-.=..cL.g.L\.o..?..[.,w\........z..n.Q.x.I.=..${.#..O.2L.....h...B.!....M..C~L.....#.)....+...?.............2.A..2..Z.a#....d........{...l..|..X...f.. ....O.7.g.B.!....@g.{N.g@fo.*Jqp.f...\2..g.nD.....+.....4j..2.g..n.h.|...#....is.......<..5......8.w$zw...Z.g!..B...h$...v.M.].Y....v.M.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-HIGBI.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 633 x 498, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):39154
                                          Entropy (8bit):7.944667042867273
                                          Encrypted:false
                                          SSDEEP:768:m35sV8OS9Mzt41CcoSBShM/XPtI9mtb9fPWbaW0H4gMrVMmVfm4eywIE:5V8X+ztMjoKXRb9H50Mmk5PIE
                                          MD5:3403338112A26EFFDBBC23559C6A3EC6
                                          SHA1:58133DF7AE80B88A5491D4DB6E4C0873709981F2
                                          SHA-256:3DF5C032064B5CBAA55C9B873940AEB92570909D1E6BE277296D0B10613B3823
                                          SHA-512:8626D5A9D5042171939C53CD15FA84CE85B7454992DD9B754F3158B1FE0CFF1848604AAAA3264A01568904CF1413C3E7373E4850B3011F87089110EE8CFF758C
                                          Malicious:false
                                          Preview:.PNG........IHDR...y............'....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-I8F46.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 1908 x 644, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):223599
                                          Entropy (8bit):7.972609203346843
                                          Encrypted:false
                                          SSDEEP:6144:CK1QttSIX5tmi7ARGzjMO1gr2PXiHJt7ix1fhr3X/GxW:kX5dsRWirwX6JJ21fh9
                                          MD5:96529007F115A2648AAF95DB3DAC945C
                                          SHA1:5EB85F381FF699F6240CEC62DACA8C585B39B244
                                          SHA-256:8BE73D7F74AD221CC5657AE0BE4D6D756DECC0A2B603FDCD967646E1C00760EE
                                          SHA-512:68FEC6C122C4ABD9E093212DF93325BE6A6611B5FFAF929CC6B479DC1F1B79F2348DB91EE5F11703E91C32CB0D4CA35767EF48D3C6E39A3F5BB827B9D8156B67
                                          Malicious:false
                                          Preview:.PNG........IHDR...t.................tEXtSoftware.Adobe ImageReadyq.e<..i.IDATx..K..W..w...$...J.R..Z5S...Vu. .k..Q.e..B..]3.4`x....Z....m..xa....m.=..<.w.W.l.CJ...K...ER|e2...#n......w^...."yo<N..q....;EY...................@zLp.................. M t................. Q t................. Q t................. Q t................. Q t................. Q t................. Q t................. Q t................. Q6.,p.................. 5..D........................................$....................$....................$....................$....................$....................$....................$....................$....................$....................$..N........+Fq...J|....................rd,.5...a............p.B.......,>g. .............=......... ................A..........c.v!............H..]............/...........Q.....0. l....................]...y.Y.@..S._.......................{......................a.7C.l...O@.............kl.c9d....$....c0f.%J...S. .....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-IO6O1.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):127903
                                          Entropy (8bit):7.951270828860192
                                          Encrypted:false
                                          SSDEEP:3072:djwThy9pZmnTJxovExD9/2JmGbTUcWd/dElu6sAI5P:+mpZqTJivyDQ4XcyOspP
                                          MD5:5883739F8FED117A006D08C7634A3147
                                          SHA1:F57198902954444D6C0BEDEBDF98A1DF55AB8F87
                                          SHA-256:680C0B006E93979FDBED1460262529FD57A55513CEF13EC9770D070D3E85D3C6
                                          SHA-512:DB564217062C37E673EC5EF79708F8C7B63E446B1A4E7C11C8E226D2A116CFE0CCB05A6690A480E230650005283D3C604D6E77CE1ABC5B305E6542AF375CE0F5
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...K{.n...I..'.7.#.$.s....&.YO.X..K..4..?e..T...~c..s....v7.nZ..M.v..U..p....cZV.".bcV.Nc.`.=.@.'.{g.~,..../%...Y.{_.....3.W...~,...r...r....pp.....$...X..3.q?2)..............Y...O9.~;.sYz..D.;r.E.y....1...^*.+.'.I}..Y..}....j\......s.0.,..P@#...1.K......H\...\>y$d..\...5.6.Ux$ey.1.g.O..Z...QD....t. ?N2.<.p2.k...$..W.^_.....F.0...t.....|.U.@.v.9.g.]......}w

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-KCDTK.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 1200 x 448, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):190417
                                          Entropy (8bit):7.992076544835265
                                          Encrypted:true
                                          SSDEEP:3072:lwQShRwneEH01POaBMXz+PKqpt9TT8dC0GjLCJCSIc96lMHVVDY6zocK3wb:GphRwE1PtBMD+PKqCdzACJIc96lqzYK5
                                          MD5:826B1D7FBB0F3A1F8007163CDD84B451
                                          SHA1:EFABED9056DD307370375059070D8F7BB3144120
                                          SHA-256:D699D306A7F4811EFDB90CFBADFBA912E12BFAE9FE6CDF809F8C0F16CD341A14
                                          SHA-512:C27A16D0FAE7E44331E7799E79A079816BBF42BA32BC059DB668D3454A6DCDE8CF1CCAABB548D45052C242EBE2F821F779DA6A86851F92168CD1C76A2BA7ECE7
                                          Malicious:false
                                          Preview:.PNG........IHDR..............;......tEXtSoftware.Adobe ImageReadyq.e<...sIDATx....%G}.........4..J.]e....$.dr..`.....E...........6.c..F.l.. ..c.%@..@ P@Z..6..N...^..wfvg......s.v.....g...N....!..B.!..B.9\...B.!..B.!..r8C...B.!..B.!...P."..B.!..B.!.51...v|S..]K$..:..d....H.....].{.]...#..B.!..B...X..F._... ......S6..?..B.!..B.!....&G6.......Y.>.].*..^......#!..B.!....P."G6M....A..$......HV.uV..B.!..B.!...,r...zy.]Wz.x.....@.......B.!..B.YD.W79rq.2.qc-..JV..........6YwA.,3$..B.!..B.1...I.."....#0.....Ck(.T{.X..U=.hl..."..B.!..B~...C..V ..@..A....d-..]hk.4.R.-.z#T.q.9y.VT..;.4..3m.se..BSZh2..pe......H..*.x.B.!..B.!...,r.aD.+N.Q..T.^M\)....[....w......Z...>...U...tC....l..y1.YS_w..w.PK.....n"Y...cCz.....}.n~.cL.!..B.!.......G../X..*..W..U....I...sF..j..b.pm..?.V:....A(.}.v.......E..Q...@u..>......B.....dr;..B.!..B.9.(`......J....f.3..t....s..Zx...z...e.,{^6.4{.T.%s.c.2#...7U.Xe.6.e.kC...E..E.!..B.!.....wr....L.N...WT8g...l.Te..2...^3w..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-NEPSF.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 633 x 498, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):39203
                                          Entropy (8bit):7.945612626934056
                                          Encrypted:false
                                          SSDEEP:768:m354cHuu3PhBNGZrcKHxSejmQ+gaMZvooHJki0kaUUSiSty+l:JcH/3PhzG9AejmQ+BnMJk/LOtyk
                                          MD5:B82B367F8643CF725A2CD0FA93E406DA
                                          SHA1:23B96190E68ECC07BF0C13CCC30DC74DECF91CF1
                                          SHA-256:08E344CFA1CF60CF1C7657739C3985482CD54BBE525A27168E48FCD23D244281
                                          SHA-512:FA895A48A31D296AA4831FD3774217C018527379BEBA63C9A2C5AE9656E899E9B5F34EE778FF213C87884E30CD89865985FF65E1DE5208E7C1CFEE1A6D3DAE5C
                                          Malicious:false
                                          Preview:.PNG........IHDR...y............'....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-O1PPO.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):85090
                                          Entropy (8bit):7.9472066403433885
                                          Encrypted:false
                                          SSDEEP:1536:EmQQSnPlJ0/v7nXXWEwobLmi14BHuvveusKnQhizsE8sDVoqY4ddZwebJ4Yk:55SPv0/DnTwobhbqrEzbvDVof4ddC245
                                          MD5:3F8062BAB604B06F6D140DA6DB70486D
                                          SHA1:7DC04C3B444C5F27522FB9DF3B959620376B434D
                                          SHA-256:C6D285B0E8A7AAF129A172281EDC4D2AC5DDCD1C18B3A781B81F702101DDBD66
                                          SHA-512:FD8A7ED0FFFD41930BE5B0E8DA27D2CC36E002D0001BCF5BBD54FC492878D89EB1EB5BBF3658C446959728EA6D07FF2E0E64F0234EA96B8BF069B544BFA00919
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......~...x.27..#x~U.|#v3......O...=8.....I'.lT.[.1..(....q.=..z^.u..........A..f...J.x.).....M........*a....# ..|...[.^..".....it...I..'..6G?..$...U}WV."8R....`~..5.+am..g.I..>%.......H..).v...,<Z..vo..i.....O.....]N. OE...x..-.s...^k.t#...6.a<ic.._...y......%.9`...K.)$...mq.`G..jh.........z.H........BMk.(...$.9.q...8.../.9.@?.1R.K.J.}Nh........=..^?...?....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-P1HN5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):166322
                                          Entropy (8bit):7.920920958577026
                                          Encrypted:false
                                          SSDEEP:3072:VyB4tQIuDkjEKniMuAi+uwNe64oZCAeyBr7Ec6O87rrOH+8MJbTie:FhuIliMuAbuR6VFeyBroc6l3rOL6Oe
                                          MD5:B311889C8066D48C35ECC6F2845F39BD
                                          SHA1:97A8DAD983BF8575869FEBD0308004EA058B302C
                                          SHA-256:779C38EC6A84D60CAE655C3CD8E506E6232D4CCF106325E5D4EE437E8E53AF93
                                          SHA-512:D4409D78E1049F5F5F2632B20B92CB6E1B3310670BF569069DE67AB938DB2CA9D2519221013283C88F338D5C64D6364BBECFBCF4B89FFEAF615DFC0C966BD757
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......g..W...u/....|.\.+K...o....u#[DY.Co#H.I%..I.5.I.0~.:.......K.)....z.[@......^......../..c_.@......X..a.@$0=z.W].xh..z..KWl...v.S..:..........I|O..~......n+e...'.........k.oB..p.k.....yK.......&hv.5/.>...L...v....9...H.>.|8..I.|T.C..v.....R.G..f..>.|!.~O..d[.&=M..N.u...2.3..../.~..f..G+5.....<.....H.ij...*..m......J.......Nm+..............H:u..in.....-.T.,x.N

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-QC8TC.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):123387
                                          Entropy (8bit):7.972206042228806
                                          Encrypted:false
                                          SSDEEP:3072:6isKuiDMkahtqvflOTPSsCXFGUj59OwokiUPPP7V2tfw4ccnAJ:UKuiTOmflOzqGA9bfiUHP7Vmnccm
                                          MD5:30949EADDE146D05A0DD98695013A311
                                          SHA1:8950A0AED9964B515E5D25935C4C789B1A0F9A0E
                                          SHA-256:395DCA6859F228215382E79AFFE9D3D9893547D5581FFFD4CC07A894645507F3
                                          SHA-512:2962D1BEAF67FB5A93B6424DA92E80CC1AAA2CBD67964B383A72EACB6731F4E8404515D7770C8E03311BEC6BEAC6518BD9CAA4A419DEAB0294F6FE22015F38F2
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...I..N.:..;...m.{.F=:....i....Oqy)..J...q...;z.jms......A...9....7..F.........o..).G.....#....^l..zGu.iz....j.;..kf.e.....?.$.'.lW..O....<.;R..9.cK.ie.4..7!.....l..v.^.S. .J..#o,.X....:.8......Ek....k.6.Z..kM..6...g.....|1....Fpk.St.$.gu8F.'...g.Y_.w.......9"...l-.(.#......y..!..we,9...q.6..............Q.4m0H.>YA.+c...87+"cS.:...6..w.KO.-...`.....d...) ....C

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-R9D83.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 1200 x 675, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):303283
                                          Entropy (8bit):7.9919096015964115
                                          Encrypted:true
                                          SSDEEP:6144:3YktJhD8QtK8f0OOaaDqKG3tTcvXFT7CT1TFcZVncC6cB:ZtJDtJMOOaOq33RcNCgVc4
                                          MD5:73BC1258ED2BAE548091298494AE7D4C
                                          SHA1:789A062CC2BD79CB4D2C76A30215F7A204E93570
                                          SHA-256:22B4977E4D948D05AB78728E8EDCB65687640EB62ED058224C3C1A88515F48B9
                                          SHA-512:7905EE33C08D1C18281B6C17359C17D469269D92F9C422A2FF7C539EAE826807A7C5688627AA21D315B871502DA83AC34087E0791E0A4916113B55B2C29574A6
                                          Malicious:false
                                          Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...UIDATx....miU..7"..<B&."..H)j)JiY........Z...-T..U..R.z-..v)%.`...U("2%BB.3d&IN...p..}..{........2.{......s.w..D........!..B.!..B.!..]@.!..B.!..B.3...!..B.!..B....!..B.!..B...P."..B.!..B.!...X..B.!..B.!d[C...B.!..B.!.lk(`.B.!..B.!..m..,B.!..B.!......E.!..B.!..B.5...!..B.!..B....!..B.!..B...P."..B.!..B.!...X..B.!..B.!d[C...B.!..B.!.lk(`.B.!..B.!..m..,B.!..B.!......E.!..B.!..B.5...!..B.!..B....!..B.!..B...P."..B.!..B.!...X..B.!..B.!d[C...B.!..B.!.lk(`.B.!..B.!..m..,B.!..B.!......E.!..B.!..B.5...!..B.!..B....!..B.!..B......{.lw6'.n.s.....WrJ.B.!..B....E......S.%..B.!..B.)...(...=....8G&5Eg>_....g.!..B.!...@...mr-..`..C...)......bZ........_..B.!..B......,QD.t.Y..T>..2..)..5+$..u4.~q...6....64...B.!..B.9.u.S.TJ.s..:.X,QH..Ym*.gf_.yXi..h.:m,..g.....!..B.!.....Xg....U...j.|^f..%h.'.t.#O...I+.A.(.......=W1..i#!..B.!..rFC...&..L'?...&^..1+z..#.|.;......m.I....;.....hK...X..B.!..B.Z(`..t..<

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-RJQI5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 554 x 530, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):49104
                                          Entropy (8bit):7.957457973246009
                                          Encrypted:false
                                          SSDEEP:768:A350LnsjJ08vTGI7ZLY4ivZZeG/8u6uapKBLHX2HQ3CvYiHyCtgBxmqx:zLnsjJ0cKIQb8uEIxBCACUxmqx
                                          MD5:17D1520C03CEFD716BA65751A7046D60
                                          SHA1:EF56CD270278FE2044446D83A2129F0A47552819
                                          SHA-256:A16F4AF7E2EA7277C626B775F3CA17D29D97FC0A7C489A5AD892BDAB49BC17EC
                                          SHA-512:307AD38AAC60AE45C4264A9EBF5C36A971425AA0F856BC5BEBE986DBD92A0363B148A1093AC82D6553ABC530B46B19A2C43C3DED190F1B7990347CAD57C73FF4
                                          Malicious:false
                                          Preview:.PNG........IHDR...*............s....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-T7KCB.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 561 x 413, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):18914
                                          Entropy (8bit):7.804915058677732
                                          Encrypted:false
                                          SSDEEP:384:fJXE05zBQaGge37SuUZ63/P7BVAAtjRDdnA55D:d35t1e37Xj/1VFjdnA55D
                                          MD5:07155900EBFF39476ADF7A9E13FD5229
                                          SHA1:50E52330D3CFA12837C95C904E8FD5F78C4B2F08
                                          SHA-256:B431A682CCD7421D2C34AA93772B0C5FDB4447B1C340C7EDF71AFB690E6615EA
                                          SHA-512:1DA959A1CF8BC333816A6BA9AC531738AEE2142431D18F08BBFD8AB3C0D25CBDBBC860940355ABB08498CA2B7B1971A6C11066C3177A06DF707FE1759E801843
                                          Malicious:false
                                          Preview:.PNG........IHDR...1..........Y".....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-TOAPL.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 512x512, components 3
                                          Category:dropped
                                          Size (bytes):145480
                                          Entropy (8bit):7.960654699710433
                                          Encrypted:false
                                          SSDEEP:3072:3/pfgnzzaCb0DZLObqCrH5mlzggo4ChG2wwJm:RE/a9FLOeMZocgxCh0
                                          MD5:17B1C04CB5ADE89C534792400275D8E2
                                          SHA1:9D7FBF40CBBAEA86A0792E02378BD7F6F379962B
                                          SHA-256:D3863A57A98FD61F2F743FE1473F0ED190189E0EF3BA60B81D2EF31F66EF1EBC
                                          SHA-512:E9227AD8FDFD5AEE73AC83F54C47AFBA656470C91666C92837C70C50EB835DFFA3BE9D3EC2EF9D8D1F4E071E0C66A1607CE19969654F2B7DF95AB77902918A5C
                                          Malicious:false
                                          Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...|....J.T....`.....t..~V..pA.v##<.Ep..tk_.h3>...E...B.Ax!b.......$`..b@-....C{..i.|6...yit...RG@...J.......#.r...J...*..P.u.......%."R.#pRT.\.ld.F.s..u.S..|.n.....$pn.e......pW....58.e...-.?.X........QF.W.C(8.#~......+..{.+...%e..+.2..Bc;....m..'.m~8.....f...ed....4.....w.9$..9.].).]|3./..Z..t.cf.+i.......S8L3....$80K....~.&..........S..k.K.l.$.9........M

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\is-V5QBO.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 702 x 571, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):45729
                                          Entropy (8bit):7.91251771475654
                                          Encrypted:false
                                          SSDEEP:768:Om+VlpFd3Yqfkzae3AUgyoQcl8jb0Chp5SUrHyr3Pov2kqOZbDVK:B+Dpn3Yq82O1jNjQChnSCyijbc
                                          MD5:22D4B70FD26FB1DAD316101BCBEBA431
                                          SHA1:7C3FCDE4D4C3699260D8976D8D69FABFDAA5FB4F
                                          SHA-256:B68F21D3CDE8002BE500397424644800AD2F137203330095ECC36D5631B702DE
                                          SHA-512:BD6F79BB0627B3D5C48DAA5D7778D405F1898D6B21B077B48D774C760E381245788A7C092B0CA7C92BFB9D02007467CFF3250C72A6438FA0801AC5ED81EF0318
                                          Malicious:false
                                          Preview:.PNG........IHDR.......;.............tEXtSoftware.Adobe ImageReadyq.e<...CIDATx.....U....;d!...@ .....@H......Ax.d.A.Q10ln..#...,....8.88y...A...... ...D.....N0......r.so......<......?u..s"R...Hp>.,..^.9..t.R...eu.m......t..5..z.z..y..p!...)..R."..+.O...#._.......b@.D.$.6....u....N..D.9.,2.YD5.........W.MQYr.X...,'.r......s,.].{.u.....Q.....|..+.6..H.n}IT...#.I..3d...w.../......%._.]....M.]d1D..E.!..../...L....<..J.......3.U9...Y.T-7...>....3...G.`.......F...LXs.\.a6=O.u.eS..iY.p....y.Tz.]..Pb.....7|#..`..Dz.bL.1v}-........./.,#.mu._R... ......W....u]..X...$.4"lz~.i.*....V...i$.T..t...j+........DHmi...h.e>.u..{~6l.+......t.E.|.!..a.J.R......T..m.CH.o...kT.6.".D.F.]...eY.4.<.9.-..........M.l..|/.Lz.='.P.:..-r..V. .B.U.K....>nhQ.........7.X'"Y..Iz+BAV...W.$.9...rVLm..t..n.P...).(..........H.:.nc+u...X"...@..R...]....._..J.......@O....."...5.:H'....f.M.g=....?..$..j.u..J.F..`.0....zB|%Ri.....V...2.7+....\!....8I..D.U"\...(.......DX#....G."..r.....J.J.t..\/.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\marrycrystmas2.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 1200 x 448, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):190417
                                          Entropy (8bit):7.992076544835265
                                          Encrypted:true
                                          SSDEEP:3072:lwQShRwneEH01POaBMXz+PKqpt9TT8dC0GjLCJCSIc96lMHVVDY6zocK3wb:GphRwE1PtBMD+PKqCdzACJIc96lqzYK5
                                          MD5:826B1D7FBB0F3A1F8007163CDD84B451
                                          SHA1:EFABED9056DD307370375059070D8F7BB3144120
                                          SHA-256:D699D306A7F4811EFDB90CFBADFBA912E12BFAE9FE6CDF809F8C0F16CD341A14
                                          SHA-512:C27A16D0FAE7E44331E7799E79A079816BBF42BA32BC059DB668D3454A6DCDE8CF1CCAABB548D45052C242EBE2F821F779DA6A86851F92168CD1C76A2BA7ECE7
                                          Malicious:false
                                          Preview:.PNG........IHDR..............;......tEXtSoftware.Adobe ImageReadyq.e<...sIDATx....%G}.........4..J.]e....$.dr..`.....E...........6.c..F.l.. ..c.%@..@ P@Z..6..N...^..wfvg......s.v.....g...N....!..B.!..B.9\...B.!..B.!..r8C...B.!..B.!...P."..B.!..B.!.51...v|S..]K$..:..d....H.....].{.]...#..B.!..B...X..F._... ......S6..?..B.!..B.!....&G6.......Y.>.].*..^......#!..B.!....P."G6M....A..$......HV.uV..B.!..B.!...,r...zy.]Wz.x.....@.......B.!..B.YD.W79rq.2.qc-..JV..........6YwA.,3$..B.!..B.1...I.."....#0.....Ck(.T{.X..U=.hl..."..B.!..B~...C..V ..@..A....d-..]hk.4.R.-.z#T.q.9y.VT..;.4..3m.se..BSZh2..pe......H..*.x.B.!..B.!...,r.aD.+N.Q..T.^M\)....[....w......Z...>...U...tC....l..y1.YS_w..w.PK.....n"Y...cCz.....}.n~.cL.!..B.!.......G../X..*..W..U....I...sF..j..b.pm..?.V:....A(.}.v.......E..Q...@u..>......B.....dr;..B.!..B.9.(`......J....f.3..t....s..Zx...z...e.,{^6.4{.T.%s.c.2#...7U.Xe.6.e.kC...E..E.!..B.!.....wr....L.N...WT8g...l.Te..2...^3w..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\palms.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 1200 x 675, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):303283
                                          Entropy (8bit):7.9919096015964115
                                          Encrypted:true
                                          SSDEEP:6144:3YktJhD8QtK8f0OOaaDqKG3tTcvXFT7CT1TFcZVncC6cB:ZtJDtJMOOaOq33RcNCgVc4
                                          MD5:73BC1258ED2BAE548091298494AE7D4C
                                          SHA1:789A062CC2BD79CB4D2C76A30215F7A204E93570
                                          SHA-256:22B4977E4D948D05AB78728E8EDCB65687640EB62ED058224C3C1A88515F48B9
                                          SHA-512:7905EE33C08D1C18281B6C17359C17D469269D92F9C422A2FF7C539EAE826807A7C5688627AA21D315B871502DA83AC34087E0791E0A4916113B55B2C29574A6
                                          Malicious:false
                                          Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...UIDATx....miU..7"..<B&."..H)j)JiY........Z...-T..U..R.z-..v)%.`...U("2%BB.3d&IN...p..}..{........2.{......s.w..D........!..B.!..B.!..]@.!..B.!..B.3...!..B.!..B....!..B.!..B...P."..B.!..B.!...X..B.!..B.!d[C...B.!..B.!.lk(`.B.!..B.!..m..,B.!..B.!......E.!..B.!..B.5...!..B.!..B....!..B.!..B...P."..B.!..B.!...X..B.!..B.!d[C...B.!..B.!.lk(`.B.!..B.!..m..,B.!..B.!......E.!..B.!..B.5...!..B.!..B....!..B.!..B...P."..B.!..B.!...X..B.!..B.!d[C...B.!..B.!.lk(`.B.!..B.!..m..,B.!..B.!......E.!..B.!..B.5...!..B.!..B....!..B.!..B......{.lw6'.n.s.....WrJ.B.!..B....E......S.%..B.!..B.)...(...=....8G&5Eg>_....g.!..B.!...@...mr-..`..C...)......bZ........_..B.!..B......,QD.t.Y..T>..2..)..5+$..u4.~q...6....64...B.!..B.9.u.S.TJ.s..:.X,QH..Ym*.gf_.yXi..h.:m,..g.....!..B.!.....Xg....U...j.|^f..%h.'.t.#O...I+.A.(.......=W1..i#!..B.!..rFC...&..L'?...&^..1+z..#.|.;......m.I....;.....hK...X..B.!..B.Z(`..t..<

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\pumphead.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 800 x 714, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):633228
                                          Entropy (8bit):7.997395879983726
                                          Encrypted:true
                                          SSDEEP:12288:0xqTWBnYgwnVGgwdE6v3M9E8Va/3aaobBCDcWSn7pHDAb+7yZLWaJ:0oCBYgMKFv3IVaSUf8lDd7yRWaJ
                                          MD5:BE5CEBD01C6DE565E66561B245BB27C6
                                          SHA1:B5EF4EB14E87FA06717A49BD93659BC515B23685
                                          SHA-256:08C20EF6578D680296961F3454B88DF457BAB9D00889AC3A67249F3DD0332681
                                          SHA-512:D64C85EE590CAC729148340A4C1E85097CDD5BA28E18B91AA0E8F7BBCE24306B38728FE472344B4066FE5A0FF8D8CABB88C081409508EB961FC051AA608B4ED7
                                          Malicious:false
                                          Preview:.PNG........IHDR... ...........58....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..m.n.U.6.\.}..9...{ml0......NI.@..JQ.".Z.(....*U...j...Q+.gUUBj.GC.A.B>D.Ac..6`S.............c.g.9..!..Q;.9.s.~?.k.1...<#.Rh.1..c.1..c.1.........1..c.1..c.1..#..c.1..c.1..c.1F.2..c.1..c.1..c.1..1..c.1..c.1..c. c.1..c.1..c.1..#..c.1..c.1..c.1F.2..c.1..c.1..c..d.1..c.1..c.1..c. c.1..c.1..c.1..@..c.1..c.1..c.1F.2..c.1..c.1..c..d.1..c.1..c.1.....c.1..c.1..c.1..@..c.1..c.1..c....1..c.1..c.1..c..d.1..c.1..c.1.....c.1..c.1..c.1..1..c.1..c.1..c....1..c.1..c.1..#..c.1..c.1..c.1.....c.1..c.1..c.1..1..c.1..c.1..c. c.1..c.1..c.1..#..c.1..c.1..c.1F.2..c.1..c.1..c.1..1..c.1..c.1..c. c.1..c.1..c.1..@..c.1..c.1..c.1F.2..c.1..c.1..c..k.c.t....k8...Q^.........B%'.].........R_[(..6/........51L.Y.t.X.W.......?7.X?..'..9..I.....\..?...Bw..w...^K}.\oN...M.;...H..N^+.~ONI./t.V...6..._.s.....9.......{..V.rO:ox..[.}L.....K...!.oK.......z.>.=.|...\..T....Y...Z..}6...c...s.......\J......+T.G....+.Y.u.Kx.yM..3~.\w.... .

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\snow1.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 1908 x 644, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):90939
                                          Entropy (8bit):7.950084351912887
                                          Encrypted:false
                                          SSDEEP:1536:9p9b1bjp88m64GowwRL39FthBSNxULg+kVCAwODC3XmAtIajgIxx9lLERNi:9p7988ibrRxQssCB3XtTxzR
                                          MD5:744015CA96B734031DFD43DBB9D2B36A
                                          SHA1:1852D3D456C993190BB323A5B034B2A3EAA95E21
                                          SHA-256:56CB4C63568B59FF47F48FA2F516BC1AD2281DC6887FDC8F5C21A558CB6AB2D4
                                          SHA-512:C559276A533499C36620C594811561B01818840B98F9F3F8CA43B3009DFB299E0ECE2032F0960E9A91BB891A42B84B79EF815960F23435D746BD05944A59955D
                                          Malicious:false
                                          Preview:.PNG........IHDR...t.................tEXtSoftware.Adobe ImageReadyq.e<..b.IDATx...q.\../....K.9. ..X...()....b.x.X.b.D,.%.$.".C..$$D.HD1(..P.T*..(...*.EQ..T.p.r..o.r.....w.}....^.g..Z.?.xh.f.5k.L........I.......4.........@3.t........J.........P.].................4.@...................%........h(........@C.t........J.........P.].................4.@...................%........h(........@C.t........J.........P.].................4.@.........~4E.ee.[...d..-y..s-....r.w.........2M...\..x.X.w*.gU.....\..x.\..8...>.+=.[..>.+......,.....L....\Kz<.q..s..g?Ks}.ku.......y.s=...Gr]...<.]R.........c.,......,.....;....n...-.{.;......|...}..!..sS....]......`q....u...].A{q..m.._..k...xo.......sb..KS.....W.....\.........8LC..]....tg...N........^........}.......V......`.LC.n...V..Z......r..|.Uc:n...a.-......,.........Fp.........=.=...L.\......XT..C7TY..S..;.....W*>/..ux...}^...t.~.........S..)y..t..`.X.vi*...</.q....{.c.....\......Xd..C7DH...*n.......?...\.....\.Gt..r/.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Textures\xmas.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 720 x 540, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):192118
                                          Entropy (8bit):7.99413788875094
                                          Encrypted:true
                                          SSDEEP:3072:VplKTyHeBS7Ij7h51xFcrq+bieG9mu4rrvWt/fjbwCp4hJMTFmN8Vgh6PcfhFEXo:VpQW+BS0jjBmbiee1Wrq/YCp4hJMTFM7
                                          MD5:5AB883F9D423D0EE116336CF07C62DEE
                                          SHA1:365626A7C8510E0860747FCC8FEB7AF7D619D136
                                          SHA-256:6801D427A90031E83773AA3035A4EAC56D95264A16E9F9FC2917858B5884AC1B
                                          SHA-512:132245CC6B8F8015FD35CCFBD57ED0924C8D615EEC54BE60081ECFDB1CBA51938D8F4EF54769F6CA88249B3B2E66E1C1A9B0C0A0EDA8D69FD06FBD7997B8C72D
                                          Malicious:false
                                          Preview:.PNG........IHDR..............}.S....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...$Y..wUTDt....r...&....>.../B..".h.\p....W....nH6.Qdu..*."#c...F.ET..w.\3uu5s...\...if:.J.7_...?.?....U.:M..pG.eac..<o.....=..v.|...o.........=.}..l...w^...\.......O..=?......\i...J.......wh...'..t......c.}k/}g.~...+{...=&..s.n}{.f....B.!.....Lp3wH$.)..+B.."..7t.0W......"<.3.si...E..=...{7.x........=...e....s...:..........t...ji6..?+...^.....O.,..B.!.p..&...ra..........k..8#..d:.\f.Q.zm..\n.H/..$..=.d7.]k..._C..n..!..G...po~.<...=...o63..?v%:...DK...B.!...h&.q..1....d..N..j ..'...<.....q..O..V...".K.L.1W.}...|*MD..6B...:~.s.|.Sk..(.._T...<.J.....Y.!..B.a..{.8Mt.........v.-.=..cL.g.L\.o..?..[.,w\........z..n.Q.x.I.=..${.#..O.2L.....h...B.!....M..C~L.....#.)....+...?.............2.A..2..Z.a#....d........{...l..|..X...f.. ....O.7.g.B.!....@g.{N.g@fo.*Jqp.f...\2..g.nD.....+.....4j..2.g..n.h.|...#....is.......<..5......8.w$zw...Z.g!..B...h$...v.M.].Y....v.M.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\ThumbnailTransitionA.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 120 x 90, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):19144
                                          Entropy (8bit):7.981061591638061
                                          Encrypted:false
                                          SSDEEP:384:Ol7xQLYaeanMNQizhgB8ezX7Qgvk2hOz2f3NnQBQJXHuaiI:O3iDean8QehgB8ezX7nkDCyapHLiI
                                          MD5:D478406916084DFF61D38DB4BB3F6BF0
                                          SHA1:5096A53126F57B0A6DA5F5540A7BAD2D2205B999
                                          SHA-256:EEB67D77DEE54667318E0B90CEDA831436EE01804BAD47F4FEFB3C4E0E62864F
                                          SHA-512:65A4723A69281A3479170E30D4968A0D62D9CBF8492D35C25F1E9792E964D0091AC44BC66319D861F2FD5CA36CC429BB10E5ECE59B5FA03B0BA3CE58BF5E69EC
                                          Malicious:false
                                          Preview:.PNG........IHDR...x...Z......b......gAMA....7.......tEXtSoftware.Paint.NET v3.30@.G...J[IDATx^...x...?...L.`c\.{.......%..{...{...1.1...{... ..vS.!..?..#9.}~..<...z....3.y.....'/^...E..........Gm.|o..`.\........].....^}..].....p9.....\v....>.9J..'.v.1~.A.?..........G}*.6.q@..v..}\...{.'...{.........S.^0............?.......e.w..=.-.9.4.....A.J{./..h.G.g?..p....g<P0...i..O9..s6g...S..'3..Hk=..|4..PB...}...1e........:[:.|Y....W...r..U.^.^.z..j..]....?._.~..O.W}...Mk~....u.4..y...?k..y./.6~....~..:6c_Y..W.[~....W.[0s2Wq./.%./HP.].i....Fk?.....2C..K.j..IV...V..e2..8R..tv....Q%[p.V.+.f..'5..|....gM<..}Wn...w.O.'...`.....*..p.G....P..0G.3....(s1Idw.".....m....Mn:.X.0.v..jOl....m..Ma..Y].K{........:Y/yS.~G.~.~....~....q.....E..h.....N.@..@.K.7..$..K..6)0AL..!^......>.l..w..RC.....T.......K.<.5.......1..b+v.U.I...p...Ho;..qG..;s.X.+........L...g[.....c..E3(..2...'..t:..]P...Kk=FI&7.Xw .f..jWl...-.E......9O..l..ra.B....i..w.W..i.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\ThumbnailTransitionZ.png (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 120 x 90, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):16829
                                          Entropy (8bit):7.973590325357461
                                          Encrypted:false
                                          SSDEEP:384:qLIrSQRlLeYrFttekR6ygofjo+whSVVCH4Ny4o9Bj6f22s:08zCYo077fjoRSVVYmy4o996+7
                                          MD5:28F874DCE8D4C4E58BC38ABD13B90C1A
                                          SHA1:F0FD111691FB87BBDBC89FF6C0C3066F8B741E64
                                          SHA-256:CC005DF5534F6EFAB0AE4D8A08BC6478BC50BCFD0606CCBA6274C14074A049BC
                                          SHA-512:F1E22CB56F626098D13E4590492F0FE048B795356962098F4C82DAD2D9C33B3138750EE4006F692704A37F25C6FBEFA0609913BC533B42CD9AF972D7A91DC2DB
                                          Malicious:false
                                          Preview:.PNG........IHDR...x...Z......b......gAMA....7.......tEXtSoftware.Paint.NET v3.30@.G...APIDATx^...t....../......"K..{.%Y.........{..........{1.TS..%.......J.g...z.p...9.yg.}...J..))._B>R..}.....)...../.X..D..%R..f..............O.?.._....A..\.\!.X...r..j......R.....Z.`K.a......;ZWw...U..KR.\..'...)y\J.H.y)9+%.J.#R.<(.....'.:.?.....?..........z.|.^J.....E)yYJ^....u)ySJ...R..#%.>0}(%W..#..O..S.g......._...F..,r{aw.].o.......r..-..s...<+..#_m.o6.w...].......|T.}R.sJ~y@J..%XA..!$..U.^.=......F.~..N..~<$.<...n.|.M.)V._......+kj........o...;..z..7..:..b... ...._5./I..V.g..]Z.....Z_...}..Ac}.X.V....6..klZ...C..\..x._>$..e..F.>&?.6...........j.R..VJ..Ys...~CJ...;.........@.u!.N..C-...vu;e....9<..e..P..}Z..!_...6jM.....!..~:*?...?..k|.X.Z............6.Dp...../C...xD......=.....6.z.|.A....W.9.k../..#..@.._...F\$.%.X..P..V..PF.R..v.......'.%.M.0.W...V....g....tL..._...Xc..0.}A...t.. (C..z9.2...!....~..}.6..[.K.^)...BR(k....L........X.:L....r1.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\Tips.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (348), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):43148
                                          Entropy (8bit):5.31919378064032
                                          Encrypted:false
                                          SSDEEP:384:iBD5JN+U8VTZNZfMjMlYPq950zdRUbTZLoJDUTsKP+ewqJnCs2gxfQea/1YGlYrc:ihhzjURV7yeiKmPQQJMUArUUkuGZf
                                          MD5:D06C0F3993E76360754C47716652038A
                                          SHA1:9D8B70F6AE6701A267B539C4CC10212AAC0749EF
                                          SHA-256:B713498D7CCC722FDD3D71E8323DAA8AD6950AFD115075A4AE26F918AB5A4048
                                          SHA-512:EBA2F452FD8B3FB7CC5FBADC0699F87EDE778E80DAF5FB971ABD1797278F31F7CE096CAEB42DB496FD667F975EEC78583A6B820AD2C2CEE861C1A7BA31285CC2
                                          Malicious:false
                                          Preview:.<Helper>.. <Messages>.. <Language index="0" description="en">.. <Item id="1">.. <Title>Media Library</Title>.. <Message>..{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}}{\*\generator Msftedit 5.41.21.2508;}\viewkind4\uc1\pard\lang1033\f0\fs16 The \b Media Library\b0 displays all the media files - videos, images, audio tracks - currently loaded into \b AVS Video Editor\b0 and available for editing.\par\par..You can add new files using the \b 'Import'\b0 button, capture video from an external capture device with the help of the \b 'Capture'\b0 button.\par..\par..To add the media files to the \b Timeline\b0 simply drag-and-drop them there.\par..}.. </Message>.. </Item>.. <Item id="2">.. <Title>Transitions</Title>.. <Message>..{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}}..{\*\generator Msftedit 5.41.21.2508;}\viewkind4\uc1\pard\lang1033\f0\fs16 Th

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-05T8N.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=14, manufacturer=Canon, model=Canon EOS DIGITAL REBEL XTi, orientation=upper-left, xresolution=216, yresolution=224, resolutionunit=2, software=Paint.NET v3.30, datetime=2008:07:07 11:07:10], baseline, precision 8, 1024x768, components 3
                                          Category:dropped
                                          Size (bytes):195328
                                          Entropy (8bit):7.921633456627926
                                          Encrypted:false
                                          SSDEEP:3072:3DIx6ZVhkVBqSsEoTKokBpX46Zui5FXaj1nwqUkREgm8ft0MOO:3sxkTg8tKLIarXqj1NRzm8ft02
                                          MD5:6E87BC05B587C89189176C2F359727C6
                                          SHA1:15306873827AB58D1CD1512913457A5F03EC066D
                                          SHA-256:D948EB316DE9186B0BC6145055148A42472205F55FC6D7D88E1205CDE40328B5
                                          SHA-512:0266EC7CA0717FD63706E0FDB1238EDD56458D08FC5F2AB8AB77D5F548774DADD6B53D75887ED7FCB0B493CF6BE9F411D66967376893B524E4EEABE196EDA081
                                          Malicious:false
                                          Preview:......JFIF.....H.H......Exif..II*...................................................................(...........1...........2.......................i...............................................................Canon.Canon EOS DIGITAL REBEL XTi.H.......H.......Paint.NET v3.30.2008:07:07 11:07:10...........&..............."...........'...................0221........6...........J.......................^...........f...........n...................................v...|.......~.......................0100....................0........... ...................................................8.......2008:07:07 11:07:10.2008:07:07 11:07:10.>.......................7.............................H...........P......."...X....... ........... ........... .................H....................4...........6.......................L...............................................T.......@...v....................................................................................................@...........@....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-1T7S2.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 320 x 240, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):83029
                                          Entropy (8bit):7.9743384980501615
                                          Encrypted:false
                                          SSDEEP:1536:IKkKcDGj3ZCzV74+YO2m+42+T8Tg6yhkVZIa86bzXEt+reML:I0uGj3M5YOHmJTg6y+eAbzXE8ig
                                          MD5:4F4786DC9CC5233DC341E5D9F1B0693E
                                          SHA1:0F2F80552F2EDCF7DD8CD575ECCFF63999852485
                                          SHA-256:19B0311E595C2BC873681BAB91AA6047AE925DEE2FAA8378179A6D2C796DD83F
                                          SHA-512:A39D2CFFF74DB3F6FE67F9A0D091040366E5A12954E1D6F3AA5EFDC3EE920A6865AA6C552368A986535B685383AC44D8F5F8ABC95B3CDD15BC176F3AAF932DC4
                                          Malicious:false
                                          Preview:.PNG........IHDR...@..........O*<....gAMA....7.......tEXtSoftware.Paint.NET v3.30@.G.....IDATx^....]..n5... ..S...*UU.Tj.JV.RK".......t.....%5..d@`..."4969c2..s..L24n.o~s..9...{....1...>...g..7.\s.=../W..U....=.Ec@U.........a..~.~......d..jOq..A...h...i....m:.j....`.W|.lc?...m.O....g./..G......v......D._'....ag..j..._).......;.-.7u..]..M/..>...l.@..L.Z.....{..z.[.{oU...m...j...E.Q[....i{x...uz.........~.o........6._.........R.K..i_...X......=W..l.3.......2{...f.W.?..H.>....V....o.}._...]...w.....[..o..uc.....Uo\[.qM....6V.]U.zE.....k.?]S......^.....o.}.z..m..}.z....?..a.>.G..?..I.>.a?...<....i....*.......T..~.b......^....?T....7/..[..>$.k......M.N_Y.t6.\......-L'Y'<.?..9.../..O.. ..A..O._\..:.z.....W.....Zv.W7.S..*v0t3..7.g.{..m...-.o......b.E.E......>P........... ...,0.#.M.J...4.........R......&.BW..^......D.>,.~..}..>X...../..>.......y...M<}...2......z...+.?..^.,....G.'.....w..N.E.,{..e....0..Z.\.........-..0..>.}.....-.k.T..[.J.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-33O7C.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 320 x 240, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):60039
                                          Entropy (8bit):7.993937774135706
                                          Encrypted:true
                                          SSDEEP:1536:tBaOEt0H6mP2lkbCZxiy2U/bBhu6Mo1wcoeSRA0TuWMFdHH:196m+ubSNvu6dCU0KW6n
                                          MD5:14BE46270A1BF3A0EAB2BE31BB846391
                                          SHA1:C9161397A480E6E5C76CDF66A9C06DC88D690DAB
                                          SHA-256:593C153C5E7E9C8A39CACEDEEAF14EF5E55F5A70ACD7CEE27077AD0D9D3668E2
                                          SHA-512:99EF78846CF9F20F520D617238F7727815BA51DCFF8CEDEBC47AFC128B9897F49DEB6255CC65BA818788CAC8BA3D799F1905BEE6AE795232F3611B49B9CC276E
                                          Malicious:false
                                          Preview:.PNG........IHDR...@..........O*<....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..k.]W.%.q.M."E..^.(..DQR........f../...../...0`.006l...0...`.........=F.tK*=).J..[.#...D...wD...$K.....U.Jf..s....b........*L..d.S.j..._<..~T....o..._.......C.:}5}cz...N?....cw..~a...;$.x...'...j.*o.y...7:}.....'...o....I.a....FyP}D<....}..W..$=..........~j.G.W..O...1.w..w{3......x.......)..7....y....la...wb1...................6.h...........}.Q.....?d...W.....j..lI............2+..d.5S.../.....z...2...zw.K.....S...5..J..7.......j.v]4n..^...~.v."..|...j.oH.B..{...<.k.B.*...,.[q.N..\..`.n..-F"..m..G.n..f...".]...m...r}..b.|{...]..O..s[...=..<6...[.<.Loc....}.0..]'.n..i...p....}..m.W.`s...A...........#.%..[..[.;.......".....t.....i/.0...........y.v..E...Po.....v..2-[...Kt=.Ju...x4.o`h...?.x.)....QV......?\........c..[..+..z{..|.?*..s.L..F...!...zn....J.3.`7..x}C...f.....>\.V...G.G,..2.D.....:.w.Dn....L.[..Xq..Z.:.....(..;.$,..<...X`.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-5NMDC.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
                                          Category:dropped
                                          Size (bytes):171100
                                          Entropy (8bit):6.658114279944232
                                          Encrypted:false
                                          SSDEEP:3072:UPMdhhOGabiHJUQC2HQwbvZfHGg2WHdEUOSmg5vrXPBm0riKIEBA61M4zOvAuTXO:lB1usvJR3djOuY0yKzOI2O
                                          MD5:1F30373A52DE55D0D07A4422299B2522
                                          SHA1:D2C87EBE888D3377A74DEA4252CC201E94DE00F6
                                          SHA-256:18BC62150EDBB6BC61908D59222F44729FA60292F4ACE7C615A6667CE6BDF676
                                          SHA-512:A93BA1E32A127EEE90A90D96974ECF589A954B2FD11B2179B954D58F9987AF6D2BE672C8BC77CBD9EFC2CFA35E8C01DC0CF273FE8055F6F54984AC928DD57F74
                                          Malicious:false
                                          Preview:RIFFT...WAVEfmt ........"V...X......data........................................................................................................................................................................................................................4.3.d.d.p.r.|.~.....................z...........z.v.L.E.....7.$.....................t.y.R.W.G.J.D.F.7.:.........S.T.............A.@.....5.......(...=.@.................................g.h.........'.#.................'...&.....v.............Z.X.H.I...(.........:.Z.........?.f.].......b.m.{.......................b.J.....".......i.l...............6...&...6.........m.P.............h.>.m.~.(.8.g..._.v...............................................f.].X.{...........s.J.....c.a.............?.@.z.o.............g.x.J.e.y.........6...].......6.V.J...2...............L.......c.$.*.....v...".L.....i......./.....u...................4.....;...........l.............9.}...+.....6.................s.......%.........[...|...).(.[...............D.J.t.....

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-6DNUS.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):73905
                                          Entropy (8bit):5.956099534367188
                                          Encrypted:false
                                          SSDEEP:1536:kPMr8AhJE1lTioMrOpZNFcTZ++/X+TQkov:xhy8oMqxUZtVv
                                          MD5:F418E9E79E6750FF1D9FC550B4592262
                                          SHA1:79942606F83FF564AF8AC5D6DC245133AFDD4F3E
                                          SHA-256:A6347016AA153907454AB773E00DE18F33780D839784023E9B7086C389CADFC9
                                          SHA-512:5350337C9AE94BE64CAAF02721E309786EEAA28E17B07CBB5CDC03D6D2ADFCC990931FF7CA292D4F6A3367DDD61F975F310BB48080FA411AB6D319EF1B4BADEE
                                          Malicious:false
                                          Preview:<MediaCollection>.. <MediaCollectionItem>.. <Type>-1</Type>.. <Caption>Video</Caption>.. <Content></Content>.. <TimeStart>0</TimeStart>.. <TimeEnd>0</TimeEnd>.. <VideoTrackNumber>-1</VideoTrackNumber>.. <AudioTrackNumber>-1</AudioTrackNumber>.. <Properties></Properties>.. <MediaCollectionItem>.. <Type>0</Type>.. <Caption>Sample</Caption>.. <Content>__DATADIR__\Sample.avi</Content>.. <TimeStart>0</TimeStart>.. <TimeEnd>19565</TimeEnd>.. <VideoTrackNumber>0</VideoTrackNumber>.. <AudioTrackNumber>0</AudioTrackNumber>.. <Properties>Video - 720 x 536; 720 : 536; 25 fps; 1543,555 kbps; MPEG4 (DivX/XviD compatible). Audio - Channels: 1; 8 kHz; 8 kbps; MP3.</Properties>.. <Image>iVBORw0KGgoAAAANSUhEUgAAADwAAAAtCAIAAAB9FJ8bAAAXR0lEQVR42tV5ebReVXn+u/eZz/nG..Ow+5SW5CEkhIhFgkJioFwaZgtaUOdblsq7alP5aWltpfhbaKQwcHrLqsIhUVKYIMKgEZLUQSyJyQ..kOQOubk3d/zuN49n3kPfc6Hzf/2nq99a967vnPOdc9797ud9n+fZm8D/wQ/53w7gfxQ0Ri2TL6oC..jANdOSngX8/+6

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-6P95N.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=19, description= , manufacturer=SONY, model=DSC-H2, orientation=upper-left, xresolution=288, yresolution=296, resolutionunit=2, software=Paint.NET v3.30, datetime=2008:06:21 22:12:47], baseline, precision 8, 1024x768, components 3
                                          Category:dropped
                                          Size (bytes):248375
                                          Entropy (8bit):7.973226617333487
                                          Encrypted:false
                                          SSDEEP:6144:KBGSZYYBpwx2a2SYbUAsALdAgEM4wg+1EhlkZN:KBZZdBeAa/mUzbgL4b+Whl0
                                          MD5:80FB773A86949BACDE59BCA7DF62200F
                                          SHA1:A58FDAD63E6106603F710F5D2A1E7C2C15927281
                                          SHA-256:41E502D2D0B86E944936FCD904B3ABE41DFF1A1FDA99E86E5B0F9AAC130FAFC6
                                          SHA-512:B1456DE54DC908821D49DF40F30781C303B396C1DD1C909EBCC6D85F33EABA15B9C786519D275E1BDEE13D325AEBC20FC79E4ABBBB71BA3A59BA2E3897F06FD5
                                          Malicious:false
                                          Preview:......JFIF.....H.H......Exif..II*........... ................................................... ...........(...(...........1.......0...2.......@...............i.......p...............................................................................................T....... .SONY..DSC-H2..H.......H.......Paint.NET v3.30.2008:06:21 22:12:47.PrintIM.0300..........................r...........z..."...........'...................0221................................................................................................................................0100................................@.......................................8.......2008:06:20 17:18:08.2008:06:20 17:18:08.................0.......<......................................... ...(...................(...................H.......H.............JFIF.....H.H......Adobe_CM......Adobe.d.....................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-DCK2B.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=13, manufacturer=Canon, model=Canon EOS 20D, orientation=upper-left, xresolution=190, yresolution=198, resolutionunit=2, software=Paint.NET v3.30, datetime=2007:04:14 17:36:01], baseline, precision 8, 1024x768, components 3
                                          Category:dropped
                                          Size (bytes):331456
                                          Entropy (8bit):7.951617652547573
                                          Encrypted:false
                                          SSDEEP:6144:Su79hEN9DutQVGOz84CEuMCSbzREfLBZ3KIDYGWRpCVMnz7o9:phQ9DKQVGOz810CuREl+GgQVMnzE9
                                          MD5:19E7D56312874F1A289F3CE02D498A5D
                                          SHA1:BCB3F4A8A862735CE2B0B4D51E27C61E3A6078F2
                                          SHA-256:27DE15788D19B02DB786EF302D2CB78D023D23AFA17181D8AE47299B101452A7
                                          SHA-512:475A9306FE131853AEAA813758621811E7B2B656CB121739421868957DD364DA7B40783B664932B6CF4A6704D023EF7E1CD331DE7ADE246995B679FC036BA9CB
                                          Malicious:false
                                          Preview:......JFIF.....,.,......Exif..II*...................................................................(..........N1...........2...........i...........................................................8...Canon.Canon EOS 20D.,.......,.......Paint.NET v3.30.2007:04:14 17:36:01..........................."...........'.......d............................................................................................... ...............................................(...........0.......................@...-.......2007:04:14 12:41:15.2007:04:14 12:41:15.........W..............,........w5.u.....#.N.........................................(.......................................H.......H.............JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................k...."................?..........................................................................3......!.1.AQa."q.2..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-ERAQG.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 320 x 240, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):2224
                                          Entropy (8bit):7.315641924068623
                                          Encrypted:false
                                          SSDEEP:48:jHHaazGuLMmAxKGF5ozGuJmXuy13p36MKxa0cFoRc9GjJEh:zaazGuIm+7YGuJ2f0MKxRtc9GWh
                                          MD5:517CA8729860247EFBC782D3DBFFC120
                                          SHA1:05CC3D2E1CE157DE2FA2E439B70D03C351AB037F
                                          SHA-256:EEAD363B77BE50AD2BDD6BD86D4EA3CC5EB234322C709844ED801DBC63173067
                                          SHA-512:44DCF31AF6AAF4D52720421D85CC1F19AA15FFCDB5A9E2D6519EC00A3D8C6E6C6015E6A1885EEC9155F8B4002B3A035ECC38C300C49B08B82EA11B566BE1ACEB
                                          Malicious:false
                                          Preview:.PNG........IHDR...@..........O*<....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx^..An.0.DQ..}... ........*.B..........o....................3.......~....._...=.......P.z2...O....X........w)x..CQ.......`...:9A..|...nk.q:.:.!...5.E....0.}.........Y[..}..:..\..;.Bw.z{..K...K.."..l......`...f..0s.s...).....B!.g.=..l......`...f...[{...y.R...,.B.......H.1....p.`6.....i.W.E..V..&......F..Q..0....a...=.m.W.W..V..&......F..Q..0....a.(6.k...a..^....'..l......`...f.......S..a...~`Nkx...5Rx..0..\...c.N...g=..B..W.....F.`.[#..(....e..06l.....a...@5.......F..Q..0....a..lj7..B...x].j....5Rx..0..\...c..s..?O.B...0..9......H.1....p.`6..;.....\F..V_..^.S....l......`...f......B......`....0vL.u`...8!V...K....<.^. p..0..c.....2.7.....{O.s)tX}..a.0....c.....2.l..6u>...a...@5.......F..Q..0....a..eS.9..:.....T..0....c.....2.l.....s..y..:......i.....F..Q..0....al.i.....2R..*..B....`k....`....0..M..7<..:..7.......$..c............^./........0..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-IBCT0.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:Microsoft ASF
                                          Category:dropped
                                          Size (bytes):2876273
                                          Entropy (8bit):7.934041551689149
                                          Encrypted:false
                                          SSDEEP:49152:gH1UjdxKMbhPdX4G/60ZP04wXCbhh6dP/wjGvH39bvz+RQKg:gVfMbNdX4G/q10g/wjG5vz+WT
                                          MD5:4D0745DA973B200D78595A45CF747AF7
                                          SHA1:9C9F5205CDBA2B39E89E689CE7B9E3E57276E19F
                                          SHA-256:93DDD3809F1FAD5E7B1F56A71EDD7A13AF2AD8AA4790EDAE20FCA54CD0149D80
                                          SHA-512:AD956F63B56CE8C788C1812A12EBBDA8AB37E7D4EF95B298300D99E07A3D716BBE909FAC6EA2D4CE3BDE6055DCE6164FE1206F591C3C66042D227B302FA65089
                                          Malicious:false
                                          Preview:0&.u.f.......b.l..............3&.u.f.......b.lR.................T.r.a.c.k. .1.7...U.n.k.n.o.w.n. .A.r.t.i.s.t...@............^.P............W.M./.T.r.a.c.k.............W.M.F.S.D.K.V.e.r.s.i.o.n.......7...0.1...0.0...3.0.5.5.....W.M.F.S.D.K.N.e.e.d.e.d.......0...0...0...0.0.0.0.....W.M./.T.r.a.c.k.N.u.m.b.e.r.............W.M./.G.e.n.r.e.......U.n.k.n.o.w.n.....W.M./.A.l.b.u.m.T.i.t.l.e.....H.U.n.k.n.o.w.n. .A.l.b.u.m. .(.3.0...1.1...2.0.0.2. .1.0.:.2.0.:.2.0.).....W.M./.M.C.D.I.......1.1.+.9.6.+.1.A.5.4.+.5.6.5.4.+.8.6.B.D.+.9.9.8.B.+.C.6.A.2.+.1.2.5.2.3.+.1.4.B.3.5.+.1.E.7.7.B.+.2.3.4.E.6.+.2.C.D.5.6.+.3.2.0.7.F.+.3.9.C.2.C.+.4.1.7.E.7.+.4.3.0.3.B.+.4.5.2.C.3.+.4.A.5.6.7.+.4.D.9.9.8.....P.e.a.k.V.a.l.u.e.......{{....A.v.e.r.a.g.e.L.e.v.e.l............u.{.F.....`... ..................G........ Seh............jiM......sq.+......G&#B.............k....p.Jj....(...........V...V.........._......... Se!................... Se........#D...I.A..NEpT......................W.M./.M.e.d.i.a.C.l.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-KRA6N.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:RIFF (little-endian) data, AVI, 720 x 536, 25.00 fps, video: XviD, audio: MPEG-1 Layer 3 (mono, 8000 Hz)
                                          Category:dropped
                                          Size (bytes):3907490
                                          Entropy (8bit):7.982737391778191
                                          Encrypted:false
                                          SSDEEP:98304:7JvpabBHikCgAqSvJtmZEm2Py9UgYjUY2uG:1vpadCkDA9JIKQXbVuG
                                          MD5:061BE82905F812EB355790A2613FBCA2
                                          SHA1:3180A6F3FB75D5DC279E45A1CA9AE4BB9DFD22EF
                                          SHA-256:DC623682DED627FFB511885D2F87EDD1BEBE5B9D0D9D58E71F02032398DFEC57
                                          SHA-512:F713F44C9E1B93D3C645E36AB227E44AF25061BC05330D567FAEA6F45924304CCC65825861436B8C6F9869B0901A742EAF1DD553C9CC001C747AB107B3245579
                                          Malicious:false
                                          Preview:RIFF..;.AVI LIST~"..hdrlavih8...@.......................................................LIST....strlstrh8...vidsXVID.................a..............................strf(...(...............XVID....................JUNK................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-LL3EH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 320 x 240, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):117717
                                          Entropy (8bit):7.980089841111828
                                          Encrypted:false
                                          SSDEEP:3072:qTn0OqhrAa5c8uG/mBrAKryGSpyZQoHwp7ua8E0yUm0:qDOAgcEeBrAcyUQw30UX
                                          MD5:3EA8117348D2224C42F337A7B15E221E
                                          SHA1:CF09EFC33CE9F6F6515225606CE9A8B4ECA7D99A
                                          SHA-256:D39C494384AD010A263D74E865323C86BE2EE785C00404F711CA6523A88F3E79
                                          SHA-512:ADD8C9847B9AEE64680D9F6AED6FD80CE92E3579180F5B29FC69933F7CF14DDD3B572E6F8DF520024229838C7DDEF73B731F5E13F51F2908EF0BF28F280D5C77
                                          Malicious:false
                                          Preview:.PNG........IHDR...@..........O*<....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx^...x.W....;....{Nw.S.c.cf.d1333333Z.Qfffv....u.c..;..J.....|.K;.l.]o.1a...a.......o.~.....o]....o].q........%:...p....%.......~.:..9..>...~ .....?..N..."M..S._.;..wu...._....'......................~......>.....\...[..../~]..w.Y.Q.?....N.1......x..._........[..................?.E.B..%.~.w^....._.~..m...?O_....?.....o...w.......o._.U.....O..T.S>..?..d.........|..t.......................~....|........._B.*...N...K..U....;p5..S..O....@.....|*..........W/..W....3..w\I...w...?.=./........D...'~.rM...........v...n........~..._/..`..}....$...0a...=:q{........0v....s..6/z......d.._?;l.bf..k..B...^=#.uz.i.+.S..O.[>.g)........<.....?q.CLp...j.S.8....c.......)B....a.3.D7........p4H;.(.A..........2O.f.B.e.F..1.;.a.....S.Y.E.i.e..+...W..[..,..a^v...:,+n#.*.*Qy..U.=....xh[..k....-.,x...+>.QF../9.VQ..~.+BV.....'.P.~+N.......m.W.._

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-N7MEK.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 120 x 90, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):16829
                                          Entropy (8bit):7.973590325357461
                                          Encrypted:false
                                          SSDEEP:384:qLIrSQRlLeYrFttekR6ygofjo+whSVVCH4Ny4o9Bj6f22s:08zCYo077fjoRSVVYmy4o996+7
                                          MD5:28F874DCE8D4C4E58BC38ABD13B90C1A
                                          SHA1:F0FD111691FB87BBDBC89FF6C0C3066F8B741E64
                                          SHA-256:CC005DF5534F6EFAB0AE4D8A08BC6478BC50BCFD0606CCBA6274C14074A049BC
                                          SHA-512:F1E22CB56F626098D13E4590492F0FE048B795356962098F4C82DAD2D9C33B3138750EE4006F692704A37F25C6FBEFA0609913BC533B42CD9AF972D7A91DC2DB
                                          Malicious:false
                                          Preview:.PNG........IHDR...x...Z......b......gAMA....7.......tEXtSoftware.Paint.NET v3.30@.G...APIDATx^...t....../......"K..{.%Y.........{..........{1.TS..%.......J.g...z.p...9.yg.}...J..))._B>R..}.....)...../.X..D..%R..f..............O.?.._....A..\.\!.X...r..j......R.....Z.`K.a......;ZWw...U..KR.\..'...)y\J.H.y)9+%.J.#R.<(.....'.:.?.....?..........z.|.^J.....E)yYJ^....u)ySJ...R..#%.>0}(%W..#..O..S.g......._...F..,r{aw.].o.......r..-..s...<+..#_m.o6.w...].......|T.}R.sJ~y@J..%XA..!$..U.^.=......F.~..N..~<$.<...n.|.M.)V._......+kj........o...;..z..7..:..b... ...._5./I..V.g..]Z.....Z_...}..Ac}.X.V....6..klZ...C..\..x._>$..e..F.>&?.6...........j.R..VJ..Ys...~CJ...;.........@.u!.N..C-...vu;e....9<..e..P..}Z..!_...6jM.....!..~:*?...?..k|.X.Z............6.Dp...../C...xD......=.....6.z.|.A....W.9.k../..#..@.._...F\$.%.X..P..V..PF.R..v.......'.%.M.0.W...V....g....tL..._...Xc..0.}A...t.. (C..z9.2...!....~..}.6..[.K.^)...BR(k....L........X.:L....r1.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-NIRBE.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                          Category:dropped
                                          Size (bytes):891
                                          Entropy (8bit):4.851908879701474
                                          Encrypted:false
                                          SSDEEP:24:5B0LPfskihCKXhiVDcBBP2q7EihNe7/MWK/EEijb7GQ4X2:5B0LPfKvXhA+2WEQ1tyw2
                                          MD5:74C3EB470580B5019FAF78408A2036DE
                                          SHA1:35645700D3BD473E0F70E67E1A93969D9101DC2B
                                          SHA-256:F8AD8A975DDF34D05135AC7F871754529DEE4862306B2507B892FD808957EB51
                                          SHA-512:3EDE680637F1EA2B5C963ED17481DF7A1EF989286ECBD4C34645C1CA3CBACB8BF83B36C991D1EF07070883DB5BF597C1F7D5E0F57166162A272048FD55583A0E
                                          Malicious:false
                                          Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fswiss\fcharset204{\*\fname Arial;}Arial CYR;}}..{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 AVS Video Editor helps you arrange your video collection or make a home movie quickly and easily.\par..You can edit video of almost all video formats, experiment with over 300 video/audio effects and transitions, burn movie DVDs and export your collections to mobile devices! AVS Video Editor is designed specifically for PC beginners to maximum simplify and speed up home video creation.\par..\par..No Time limits! No feature limits! Fully functional!\par..The only limitation is the AVS Logo on the output video of the compiled projects.\par..So, now, when you decide to make your purchase \endash you won\rquote t need to re-do your trial version projects \endash just recompile them to get rid of the logo!\par..}...

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-NQSM8.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (348), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):43148
                                          Entropy (8bit):5.31919378064032
                                          Encrypted:false
                                          SSDEEP:384:iBD5JN+U8VTZNZfMjMlYPq950zdRUbTZLoJDUTsKP+ewqJnCs2gxfQea/1YGlYrc:ihhzjURV7yeiKmPQQJMUArUUkuGZf
                                          MD5:D06C0F3993E76360754C47716652038A
                                          SHA1:9D8B70F6AE6701A267B539C4CC10212AAC0749EF
                                          SHA-256:B713498D7CCC722FDD3D71E8323DAA8AD6950AFD115075A4AE26F918AB5A4048
                                          SHA-512:EBA2F452FD8B3FB7CC5FBADC0699F87EDE778E80DAF5FB971ABD1797278F31F7CE096CAEB42DB496FD667F975EEC78583A6B820AD2C2CEE861C1A7BA31285CC2
                                          Malicious:false
                                          Preview:.<Helper>.. <Messages>.. <Language index="0" description="en">.. <Item id="1">.. <Title>Media Library</Title>.. <Message>..{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}}{\*\generator Msftedit 5.41.21.2508;}\viewkind4\uc1\pard\lang1033\f0\fs16 The \b Media Library\b0 displays all the media files - videos, images, audio tracks - currently loaded into \b AVS Video Editor\b0 and available for editing.\par\par..You can add new files using the \b 'Import'\b0 button, capture video from an external capture device with the help of the \b 'Capture'\b0 button.\par..\par..To add the media files to the \b Timeline\b0 simply drag-and-drop them there.\par..}.. </Message>.. </Item>.. <Item id="2">.. <Title>Transitions</Title>.. <Message>..{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}}..{\*\generator Msftedit 5.41.21.2508;}\viewkind4\uc1\pard\lang1033\f0\fs16 Th

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-OK3QD.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                          Category:dropped
                                          Size (bytes):6926
                                          Entropy (8bit):5.033161562552018
                                          Encrypted:false
                                          SSDEEP:96:5BwfNhYifQnHpXeGxYwTxOd4yk4nkkyG8lUPC2CP/CMcNVr/TIjVmDqGsKrZKPdW:EfhQgyGc/ioQ7KFZ3JHJ/uE2
                                          MD5:AB39FD4B43A42A4187ED29BE0413A30D
                                          SHA1:F804B2B6797713DFA4522205848818951C81E9E8
                                          SHA-256:B7D70F2854C7F2BD7D1D6052032B7597311DAF32C65C73504BADAF68A02B5142
                                          SHA-512:916EB3E494FF61E1B4ACA3193E12AC69940A8676AFA14E43073AFF1D4C9D67CD4F19554313B1597828F20ED2FE8032355C9391EC9DE313B18E9BA46A20CE8162
                                          Malicious:false
                                          Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fswiss\fcharset204{\*\fname Arial;}Arial CYR;}{\f1\fswiss\fcharset0 Arial;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\f0\fs20 END-USER LICENSE AGREEMENT FOR SOFTWARE PRODUCTS OF ONLINE MEDIA TECHNOLOGIES LTD.\par..\par..IMPORTANT-READ CAREFULLY: This End-User License Agreement is a legal Agreement between you and Online Media Technologies Ltd for the applicable Software Products of Online Media Technologies Ltd. Do not copy, install, or use the Software Products provided under this license agreement ("Agreement"), until you have carefully read the following terms and conditions.\par..\par..Any reproduction or redistribution of Software Products or any of its components not in accordance with the End-User License Agreement is expressly prohibited by law, and may result in severe civil and criminal penalties. \par..\par..Definitions: Software Products shall mean and include AVS4YOU Software and AVSMedia Software. \pa

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-PR6IH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 280 x 210, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):25852
                                          Entropy (8bit):7.9790020959609524
                                          Encrypted:false
                                          SSDEEP:384:dTZT6+ay5bDkhZf4p51h9Nc22VUYcO2Mb3vcHFkITZZCwdWujjVuKn0WjY4:rTaQMhR4H7fdYch8kH6ITZYwYYz0EV
                                          MD5:98F028B04E4B84E20985FA0850024FA1
                                          SHA1:D2BF1A5273910989F7B7FD7C73F42856B7C5D76E
                                          SHA-256:38F6D1B6175F553928CC700B07BC0C6E532FACF0210BB59B1D41BC3146019B0B
                                          SHA-512:E28CCEE3969C2B3FD11BB3270EC4120EE99AF5C8B1303B8199D6EE37003CA222B4DF86C5485C20952B5A2CCD206113FC43D6C3044D85C85F14AFFCCEE760F4AC
                                          Malicious:false
                                          Preview:.PNG........IHDR.....................bKGD..............pHYs.................tIME.....6...h... .IDATx..Y.d.y..;..r.....7.74.....)Q..6IY.#.....b.~.bb^<...P.=..'.g4#[.,..d..P..4.%.h..)...............-deg..`.Dw..DVf...........(U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.J.*U.T.R.>.D......>..G}?8.v=....Z...j..B..b= ...?..GR..R...........\f.mZk..8.u....-....x.....Q..t..>...0..B.u...r.\..J.8.vnY..e.J.t2MS.8&.c:..T..R...<.<._....M..Sj.......D)..r.V@.x.0Cf.`..%MS....v.v.t:.:..Q..h42.._8...-GVi...R...2J.]p..h..wi$...-.2.1$I.......<O.a.........?.~..U%`J.,....m.4..y.!3l....v.U.e.i....!..ZVWW9r...&`..Y/GW..RC.L....G.0.9..;.K..Z..i6..z=.0T.............U..`.wh.y..3...=*...}3j.eY...&Q.Q..d...9......?.~..e%`J...f....<.q..5*............T*.q.........o.?.~..e%`.9.W.q)..d.=...}R|...~.]..s.V....V..S..Rr................q%`.y.f.\....@....a.....p.[J..'.Bp....8.~}ii...?...h+..H.a..\.m.;`.Y-..2..h8n..t..4M.}..'O............/.?....{.$.].C.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-SIM2O.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 120 x 90, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):19144
                                          Entropy (8bit):7.981061591638061
                                          Encrypted:false
                                          SSDEEP:384:Ol7xQLYaeanMNQizhgB8ezX7Qgvk2hOz2f3NnQBQJXHuaiI:O3iDean8QehgB8ezX7nkDCyapHLiI
                                          MD5:D478406916084DFF61D38DB4BB3F6BF0
                                          SHA1:5096A53126F57B0A6DA5F5540A7BAD2D2205B999
                                          SHA-256:EEB67D77DEE54667318E0B90CEDA831436EE01804BAD47F4FEFB3C4E0E62864F
                                          SHA-512:65A4723A69281A3479170E30D4968A0D62D9CBF8492D35C25F1E9792E964D0091AC44BC66319D861F2FD5CA36CC429BB10E5ECE59B5FA03B0BA3CE58BF5E69EC
                                          Malicious:false
                                          Preview:.PNG........IHDR...x...Z......b......gAMA....7.......tEXtSoftware.Paint.NET v3.30@.G...J[IDATx^...x...?...L.`c\.{.......%..{...{...1.1...{... ..vS.!..?..#9.}~..<...z....3.y.....'/^...E..........Gm.|o..`.\........].....^}..].....p9.....\v....>.9J..'.v.1~.A.?..........G}*.6.q@..v..}\...{.'...{.........S.^0............?.......e.w..=.-.9.4.....A.J{./..h.G.g?..p....g<P0...i..O9..s6g...S..'3..Hk=..|4..PB...}...1e........:[:.|Y....W...r..U.^.^.z..j..]....?._.~..O.W}...Mk~....u.4..y...?k..y./.6~....~..:6c_Y..W.[~....W.[0s2Wq./.%./HP.].i....Fk?.....2C..K.j..IV...V..e2..8R..tv....Q%[p.V.+.f..'5..|....gM<..}Wn...w.O.'...`.....*..p.G....P..0G.3....(s1Idw.".....m....Mn:.X.0.v..jOl....m..Ma..Y].K{........:Y/yS.~G.~.~....~....q.....E..h.....N.@..@.K.7..$..K..6)0AL..!^......>.l..w..RC.....T.......K.<.5.......1..b+v.U.I...p...Ho;..qG..;s.X.+........L...g[.....c..E3(..2...'..t:..]P...Kk=FI&7.Xw .f..jWl...-.E......9O..l..ra.B....i..w.W..i.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Data\is-SNNM5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PNG image data, 320 x 240, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):60185
                                          Entropy (8bit):7.996110372815282
                                          Encrypted:true
                                          SSDEEP:1536:1n/L25m+BXfIZdY2OzcvLKaPtdJ9OduvfgCRzhsqft:N/Sw+VAYjYjPt9OmTRzhRft
                                          MD5:8A37BC8BA4AB332EA510C96ECC7C3338
                                          SHA1:E4F62B0577F1A64E068EA08BD483A4B251E4CA2F
                                          SHA-256:5E1C6B0FDD14456F3490642E08DB6D4C64EB7A388FE61B1FB6C377A372AB08FB
                                          SHA-512:D82A174FCDF50032EEC166305E354B00FAF9CD5D27487DF5C212D72AD0EA9C8B4E9F756F72BF3AE3319456C9360C45ADA1FEF7FF2C2DF34163165D196546B89D
                                          Malicious:false
                                          Preview:.PNG........IHDR...@..........O*<....tEXtSoftware.Adobe ImageReadyq.e<...IDATx..i.d.q%.~_Df.^@..}.H.... ..I..Z3.i.....n.../.a...|....zz$...").%...ZZ.........Q......>...~......R.d!+322.{...?.8.....$$"...........z...[?......./-.......'y.u}..s.........._..S.).E._......y>.......t....x...WV?Y...U....?!...?..._B...G..s...K`?^...i.T.S_F..r5...D....}..._..g.wyl..0.../SH...l}....zk.....K.<$...}.r.....n....G.M.......eVou.....m...%g_.a..?+.........K..8u)-...x...t.....xL..........1{<<J.....t.....Rsgu!.]e.,..$.oX.`..Lv..o.B..i..=._.....[.v...0...I.7)sY[L...,..rA...o..U...|.\...._..}.....i..U3.Q.L...E.O;.e........;..L\^|.hzz...\.M...>._.o@.m\.Y..OyO\..yw....f....>..{...e......\./...q&..(.....s.e...}..s....._$"..7//p.9......^.Y..._.I.b.N.A@....ig...d..V.H]S..+W..W....r.'v.p..I-.Ua[.....................u%J...T.!?...=...>.g.%..V.mR/.....m..#.}%..u..R[..z.x.....a........B.....bu..,[`.U.z....p8.o.....v...g}.....E...._6.D...,..&)#.3........".N./..w.|.z..m.

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\AudioEffects.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14771
                                          Entropy (8bit):5.037848191413197
                                          Encrypted:false
                                          SSDEEP:192:2IhRhpM2eG6bzeKpVQHFk3K2xzRVYF3mP8CwFBFWN:31cbdCalRVvB
                                          MD5:8D87945CC57BFADC17B62A972ECD2FF4
                                          SHA1:2F699DDD8047030D45640BD7836E8D9118C1E288
                                          SHA-256:48609CE0806067CE2D1B05CD4A855B56261A50139DD3F9758A3867D2E1094BF8
                                          SHA-512:A40A33DA61126A02294FFA6298F1C18F054B59814C1202A39E55E9D05A1BF98139D7B9869428F2D1E8572A1BC63E5347E2D3D15D1EF0F3403ABED40BBB735B13
                                          Malicious:false
                                          Preview:<profileset ver="1">.. <profile name="Amplify" description="" comment="" id="900">.. <preset name="10 db Boost" dbAmplify="10.0"/>.. <preset name="10 db Cut" dbAmplify="-10.0"/>.. <preset name="6 db Boost" dbAmplify="6.0"/>.. <preset name="6 db Cut" dbAmplify="-6.0"/>.. <preset name="3 db Boost" dbAmplify="3.0"/>.. <preset name="3 db Cut" dbAmplify="-3.0"/>.. </profile>.. <profile name="BandFilters" description="" comment="" id="901">.. <preset name="Low Pass 1kHz" FilterType="1" Frequency="1000" Steepness="50.0"/>.. <preset name="Low Pass 4kHz" FilterType="1" Frequency="4000" Steepness="50.0"/>.. <preset name="Low Pass 8kHz" FilterType="1" Frequency="8000" Steepness="50.0"/>.. <preset name="High Pass 1kHz" FilterType="2" Frequency="1000" Steepness="50.0"/>.. <preset name="High Pass 4kHz" FilterType="2" Frequency="4000" Steepness="50.0"/>.. <preset name="High Pass 8kHz" FilterType="2" Frequency="8000" Steepness="50.0"/>.. <preset name="Band Pas

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\Text.xml

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):118244
                                          Entropy (8bit):4.682794984655124
                                          Encrypted:false
                                          SSDEEP:384:Pw1SFjXMNwa1Q4/N/2/y/Ut/T/gHC/3/Ds7aco5K3vastak7aYIASelLrSuporFN:Pug6plOK8tLoHC/bd
                                          MD5:6A5FCD45D851E0CCCFA4C14AD27980D2
                                          SHA1:FF96A446283FB84E7DF8E766277FB459F1A4FF42
                                          SHA-256:94BF0F5C970C826FDEE3837572EC0E43EA2A5474FDA09EC5987136674C875A3F
                                          SHA-512:5169D23A525AE557FD49CB50F842F036D5B8F671BA383CB97B8BBE7ABB855DFAEA97EE83589CB6D9F00054684E67146BE6B6599AC2A2D85082CD942B765ED7B8
                                          Malicious:false
                                          Preview:<presets version="1">.. <category type="0" name="Titles">.. <Effects name="Marry Christmas">.. <Effect id="501" begin="0" end="1" fadein="0.208930356547817" fadeout="0.969343552149284" enabled="1">.. <Properties>.. <Property varianttype="3" metric="3"/>.. <Property varianttype="3" pen-color="8404992"/>.. <Property varianttype="5" pen-size="0.015"/>.. <Property varianttype="3" pen-alpha="255"/>.. <Property varianttype="11" pen-antialiaspen="-1"/>.. <Property varianttype="3" brush-alpha2="255"/>.. <Property varianttype="3" brush-texturealpha="255"/>.. <Property varianttype="3" brush-texturemode="1"/>.. <Property varianttype="2" solid="-1"/>.. <Property varianttype="3" brush-type="2"/>.. <Property varianttype="3" brush-alpha1="0"/>.. <Property varianttype="5" left="-2.23829364874225E-02"/>.. <Property varianttype="5" top="0.779205951592077"/>.. <Pro

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\TextAnimation.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):52234
                                          Entropy (8bit):4.563712566443943
                                          Encrypted:false
                                          SSDEEP:192:WtdaZdsdJjdcdZdFdjdMd0dPdnd6VdPd5dydRdldcd3idhdS:iyefSPjpmmlhIRj8bTKg3E
                                          MD5:09102FC4246DBC581DEB99C12A39F951
                                          SHA1:5EACBE4E9CA67E962BD6E34B1EC62DAD5AC6C783
                                          SHA-256:CCAF2D104944C9692017F10DC2481C9032A5FE82DFFC81024C54BA3D8077AB80
                                          SHA-512:52072BC60A50D77CC07A99C43AAC07E4F5895A9C69EBD87CC7FB383E159592D7BFC36A269C1E6ABEFEE621FAF3B20711C7E2EE92BBB1A67A1E0D413523D85FD5
                                          Malicious:false
                                          Preview:<presets version="1">.. <category type="0" name="Internal">.. <Effects name="Default">.. <Effect id="516" begin="0" end="1" fadein="0.45" fadeout="0.55" enabled="1">.. <Properties>.. <Property varianttype="3" metric="3"/>.. <Property varianttype="3" animation-fadein="1"/>.. <Property varianttype="3" animation-state="3"/>.. <Property varianttype="3" animation-fadeout="1"/>.. <Property varianttype="3" brush-type="1000"/>.. <Property varianttype="3" brush-color1="355"/>.. <Property varianttype="3" brush-alpha1="255"/>.. <Property varianttype="3" brush-color2="65536"/>.. <Property varianttype="3" brush-alpha2="255"/>.. <Property varianttype="3" brush-texturealpha="255"/>.. <Property varianttype="8" brush-texturepath=""/>.. <Property varianttype="3" brush-texturemode="1"/>.. <Property varianttype="8" font-name=""/>.. <Property varianttype="11" font-bo

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\TextAnimationAll.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):257748
                                          Entropy (8bit):4.558299646769377
                                          Encrypted:false
                                          SSDEEP:384:ZWv1LVeUYmlppNPAybwpAlSWjW6IUVfaMFHMeyoli3UhQ8ZhRa01hTJ6i+0xndow:Da
                                          MD5:2DAADF52363BDE92B517326B82B808BC
                                          SHA1:BCB6F8CCC90D9E1CAE89FA16FA1A49C67E268EDC
                                          SHA-256:E8FB4C449BEBD9B488C6D140C5F53B880AA9C2567E66AEC151A3994459655A8A
                                          SHA-512:BCA34CEB16FB77FFAE3A0D5A16A606034D19F2E9F20339DEAA750D6E9B554E685328F7C586CF2FBE5AF4CD4402B10D242EDBB9B7D89360FD254C3CB332F77DE1
                                          Malicious:false
                                          Preview:<presets version="1">.. <category type="0" name="Internal">.. <Effects name="Solid Fade">.. <Effect id="516" begin="0" end="1" fadein="0.4" fadeout="0.6" enabled="1">.. <Properties>.. <Property varianttype="3" metric="3"/>.. <Property varianttype="3" rect-clipping="0"/>.. <Property varianttype="3" animation-fadeout="1"/>.. <Property varianttype="8" token="~~``~~"/>.. <Property varianttype="3" animation-fadein="1"/>.. <Property varianttype="5" rect-left="0.0"/>.. <Property varianttype="5" rect-top="0.0"/>.. <Property varianttype="5" rect-right="1.0"/>.. <Property varianttype="5" rect-bottom="1.0"/>.. <Property varianttype="3" animation-state="3"/>.. <Property varianttype="5" font-angle="0.0"/>.. <Property varianttype="3" brush-type="0"/>.. <Property varianttype="3" brush-color1="355"/>.. <Property varianttype="3" brush-alpha1="255"/>.. <P

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\TextDrawing.xml

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):127592
                                          Entropy (8bit):4.598328919682976
                                          Encrypted:false
                                          SSDEEP:384:TLdKBakuj6Kvu+ejugIHB+pni1RrVS1AuLao9tZR1AzRVQMt+1reHu4BbM/0HZ:ogd
                                          MD5:07E4A029AB22E2566ADE3CD207819EB6
                                          SHA1:4F6FA282510158536714EEB5E98796B245853D84
                                          SHA-256:C8F55D00461D21A37029101986FAF18C64803D281DF1B46455BAFA52E927B0C6
                                          SHA-512:F0E9539745626A318A944DE9BBD1AFD587AE660ED23168729653B247EF1DD2C7CF485A10062D5FD6DB05F845BD1C0B9A48F4E8B52355FCBEC3AE4827A2A8BF6A
                                          Malicious:false
                                          Preview:<presets version="1">.. <category type="0" name="Internal">.. <Effects name="Default">.. <Effect id="516" begin="0" end="1" fadein="0" fadeout="1" enabled="1">.. <Properties>.. <Property varianttype="3" metric="3"/>.. <Property varianttype="3" animation-state="3"/>.. <Property varianttype="3" brush-type="0"/>.. <Property varianttype="3" brush-color1="65255"/>.. <Property varianttype="3" brush-alpha1="255"/>.. <Property varianttype="3" brush-color2="65536"/>.. <Property varianttype="3" brush-alpha2="255"/>.. <Property varianttype="3" brush-texturealpha="100"/>.. <Property varianttype="8" brush-texturepath=""/>.. <Property varianttype="3" brush-texturemode="1"/>.. <Property varianttype="8" font-name="Arial"/>.. <Property varianttype="11" font-bold="0"/>.. <Property varianttype="11" font-italic="0"/>.. <Property varianttype="11" font-underline="-1"/

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\Trajectories.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with very long lines (1098), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8818
                                          Entropy (8bit):3.790679169371841
                                          Encrypted:false
                                          SSDEEP:192:UdInY8WgcRHUuCc8cRZMj1NwZ7jB8bcRLI2DggFOGDd77Hop4B1AQ0SE3lL:9LWgcR+c8cRZSNwZ7jacRLIEggFOGDdO
                                          MD5:D5635051C6C0C9C6B800DD71341AD7E4
                                          SHA1:85ED6AC0C195D5A435E3723C4CDA1E57D340AF15
                                          SHA-256:C43C35462C90143E8ACEFFD257FBDF35FD8D2ED1363B7AC9313460424A918C65
                                          SHA-512:D9E2007512584B5F81411B5A8B6ED55680248AD203A466ABDC79874241F7CA25EEF90F49FC34623164AD1B91C0DF7362A79022FCA5B25C4CB76C041DD5F40A12
                                          Malicious:false
                                          Preview:<items version="1">...<item trajectory="0.506250 0.950000 0.506250 0.950000 1.092188 0.822917 0.864062 0.045833 0.517188 0.066667 0.112500 0.070833 0.092188 0.777083 0.507812 0.781250 0.896875 0.695833 0.715625 0.193750 0.514062 0.218750 0.251851 0.247917 0.314525 0.650000 0.509375 0.629167 0.679688 0.602083 0.612500 0.352083 0.510938 0.372917 0.450577 0.379211 0.435908 0.472060 0.495312 0.500000 0.495312 0.500000" scale="0.300000 0.300000 0.300000 0.300000 0.300000 0.300000 0.300000" angle="0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000" time="0.000000 0.152582 0.317536 0.490728 0.657722 0.837113 1.000000"/>...<item trajectory="0.050794 0.502882 0.050794 0.502882 0.061732 0.898715 0.120312 1.322917 0.193750 0.504167 0.242188 -0.139583 0.298438 -0.127083 0.340625 0.504167 0.406250 1.289583 0.475000 0.951597 0.500000 0.505764 0.554730 -0.196320 0.597239 -0.100000 0.653125 0.504167 0.708319 1.223137 0.768041 1.034926 0.801562 0.506250 0.879688 -0.408333 0.914062 0.175000

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-0I2P0.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):65005
                                          Entropy (8bit):4.800867140300043
                                          Encrypted:false
                                          SSDEEP:768:yhSA3xhfA3khfH3IhfG3Nhf33WX3ihfH3nL3KhfG3h6hf331:0383m3D3/3WX3k3nL3R3E31
                                          MD5:6B54A6EA58CBAC3F10AD499E43044D90
                                          SHA1:2D0CBC97DB02608314DD89BE10DBE2972A4DAA45
                                          SHA-256:CC2AC9A8D05916B2D1988A0E3A99ECC1B793B4B7BDE1164C65AB4F8CCEAC0882
                                          SHA-512:97FCDE50295B81CAE4204A12F9E06B6F4A98EF063A85D7BE75A0A45F64355DAE780AACE362590DEF214A7AC5A4B5BFA66B3379B115F04715DCF954881C051742
                                          Malicious:false
                                          Preview:<profileset ver="22">.. <profile name="SWF - Best Quality - (H.263, 640x480, 25 fps; MP3, 160 kbps)" description="" comment="" GUID="a94e81da-a218-4c6b-a713-bf6c2c334723">.. <videoinfo filetype="7">.. <format>.. <CLSID>{7CB4F1BD-4FA2-498A-ABD2-AA7B0F560718}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">254</MediaType>.. <fccHandler type="19">859189843</fccHandler>.. <Bitrate type="3">1200000</Bitrate>.. <FrameRate type="5">25</FrameRate>.. <Width type="3">640</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">H.263 FLV Video</CodecName>.. <InternalCodecType type="3">270</InternalCodecType>.. <BitrateTolerance type="3">4000</BitrateTolerance>.. <QScale type="

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-12K7T.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):117588
                                          Entropy (8bit):4.672519760099539
                                          Encrypted:false
                                          SSDEEP:384:4wKSiiRNwasQ//g/F/h/38/T/2HC/3/Ds7aco5K3vastak7aYIASelLrSupVrFyx:43TAItpv8L+HC/bL
                                          MD5:3ED7BDD5368E7513FB9459A7332A5ADA
                                          SHA1:B043D8223891CD072C1589E69E8910203BF8FEFE
                                          SHA-256:6FA25A4B511FED013A1C9F005EF0CAF6D00BE75384EFD1CA5A7C116A02C8F7FC
                                          SHA-512:ABC849A60F170DD060C286DC5DECA32A7663F87DE5DA6E57E0FC51485302F5DBAD43BDE80B38B4B948C0C4A4C77CD425ACCFC69D095CE76B0962C69BF231B788
                                          Malicious:false
                                          Preview:<presets version="1">.. <category type="0" name="Titles">.. <Effects name="Marry Christmas">.. <Effect id="501" begin="0" end="1" fadein="0.208930356547817" fadeout="0.969343552149284" enabled="1">.. <Properties>.. <Property varianttype="3" metric="3"/>.. <Property varianttype="3" pen-color="8404992"/>.. <Property varianttype="5" pen-size="0.015"/>.. <Property varianttype="3" pen-alpha="255"/>.. <Property varianttype="11" pen-antialiaspen="-1"/>.. <Property varianttype="3" brush-alpha2="255"/>.. <Property varianttype="3" brush-texturealpha="255"/>.. <Property varianttype="3" brush-texturemode="1"/>.. <Property varianttype="2" solid="-1"/>.. <Property varianttype="3" brush-type="2"/>.. <Property varianttype="3" brush-alpha1="0"/>.. <Property varianttype="5" left="-2.23829364874225E-02"/>.. <Property varianttype="5" top="0.779205951592077"/>.. <Pro

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-43EIB.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):45404
                                          Entropy (8bit):4.784107372504372
                                          Encrypted:false
                                          SSDEEP:768:WhBvishBviyxhBviYghBHiHhBviIhBvi6hBviP+hBHih:aigiai7iri8iOiPSih
                                          MD5:911AFDCB3548AEE0BC91673174FD9CCB
                                          SHA1:0AE34D2ED86D13ED797002CD24BE024B6EDA70A3
                                          SHA-256:200969420D9B1B4D7310332CF89A32291ED48053CF6624221491A98B795786FF
                                          SHA-512:A5B7CDE5F56FCE6037E68B02C596E89E3AA1088E9465B2BB0828E392BB73F3C8B9904C064D1CD8E7AA2C44AE85E723F6C789C82F035B73F1367F3F9D63B52EC5
                                          Malicious:false
                                          Preview:<profileset ver="21">.. <profile name="DVD NTSC High Quality (HQ 60/108 min. at 1 DVD/DL DVD Disc)" description="Video: MPEG2, Bitrate 9400 kbps, Framerate 29,97, Frame 720x480; Audio: Bitrate 224 kbps" comment="" GUID="241004D6-732B-48c3-9658-F6E68BAF3F54">.. <videoinfo filetype="11">.. <format>.. <CLSID>{7CB4F1BD-4FA2-498A-ABD2-AA7B0F560718}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">254</MediaType>.. <fccHandler type="19">843534413</fccHandler>.. <Bitrate type="3">9400000</Bitrate>.. <FrameRate type="5">29.970000</FrameRate>.. <Width type="3">720</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">1</AspectRatioY>.. <CodecName type="8">MPEG-2 Video</CodecName>.. <InternalCodecType type="3">302</InternalCodecType>

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-6GVPF.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with very long lines (1098), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8818
                                          Entropy (8bit):3.790679169371841
                                          Encrypted:false
                                          SSDEEP:192:UdInY8WgcRHUuCc8cRZMj1NwZ7jB8bcRLI2DggFOGDd77Hop4B1AQ0SE3lL:9LWgcR+c8cRZSNwZ7jacRLIEggFOGDdO
                                          MD5:D5635051C6C0C9C6B800DD71341AD7E4
                                          SHA1:85ED6AC0C195D5A435E3723C4CDA1E57D340AF15
                                          SHA-256:C43C35462C90143E8ACEFFD257FBDF35FD8D2ED1363B7AC9313460424A918C65
                                          SHA-512:D9E2007512584B5F81411B5A8B6ED55680248AD203A466ABDC79874241F7CA25EEF90F49FC34623164AD1B91C0DF7362A79022FCA5B25C4CB76C041DD5F40A12
                                          Malicious:false
                                          Preview:<items version="1">...<item trajectory="0.506250 0.950000 0.506250 0.950000 1.092188 0.822917 0.864062 0.045833 0.517188 0.066667 0.112500 0.070833 0.092188 0.777083 0.507812 0.781250 0.896875 0.695833 0.715625 0.193750 0.514062 0.218750 0.251851 0.247917 0.314525 0.650000 0.509375 0.629167 0.679688 0.602083 0.612500 0.352083 0.510938 0.372917 0.450577 0.379211 0.435908 0.472060 0.495312 0.500000 0.495312 0.500000" scale="0.300000 0.300000 0.300000 0.300000 0.300000 0.300000 0.300000" angle="0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000" time="0.000000 0.152582 0.317536 0.490728 0.657722 0.837113 1.000000"/>...<item trajectory="0.050794 0.502882 0.050794 0.502882 0.061732 0.898715 0.120312 1.322917 0.193750 0.504167 0.242188 -0.139583 0.298438 -0.127083 0.340625 0.504167 0.406250 1.289583 0.475000 0.951597 0.500000 0.505764 0.554730 -0.196320 0.597239 -0.100000 0.653125 0.504167 0.708319 1.223137 0.768041 1.034926 0.801562 0.506250 0.879688 -0.408333 0.914062 0.175000

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-7Q3JN.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):257748
                                          Entropy (8bit):4.558299646769377
                                          Encrypted:false
                                          SSDEEP:384:ZWv1LVeUYmlppNPAybwpAlSWjW6IUVfaMFHMeyoli3UhQ8ZhRa01hTJ6i+0xndow:Da
                                          MD5:2DAADF52363BDE92B517326B82B808BC
                                          SHA1:BCB6F8CCC90D9E1CAE89FA16FA1A49C67E268EDC
                                          SHA-256:E8FB4C449BEBD9B488C6D140C5F53B880AA9C2567E66AEC151A3994459655A8A
                                          SHA-512:BCA34CEB16FB77FFAE3A0D5A16A606034D19F2E9F20339DEAA750D6E9B554E685328F7C586CF2FBE5AF4CD4402B10D242EDBB9B7D89360FD254C3CB332F77DE1
                                          Malicious:false
                                          Preview:<presets version="1">.. <category type="0" name="Internal">.. <Effects name="Solid Fade">.. <Effect id="516" begin="0" end="1" fadein="0.4" fadeout="0.6" enabled="1">.. <Properties>.. <Property varianttype="3" metric="3"/>.. <Property varianttype="3" rect-clipping="0"/>.. <Property varianttype="3" animation-fadeout="1"/>.. <Property varianttype="8" token="~~``~~"/>.. <Property varianttype="3" animation-fadein="1"/>.. <Property varianttype="5" rect-left="0.0"/>.. <Property varianttype="5" rect-top="0.0"/>.. <Property varianttype="5" rect-right="1.0"/>.. <Property varianttype="5" rect-bottom="1.0"/>.. <Property varianttype="3" animation-state="3"/>.. <Property varianttype="5" font-angle="0.0"/>.. <Property varianttype="3" brush-type="0"/>.. <Property varianttype="3" brush-color1="355"/>.. <Property varianttype="3" brush-alpha1="255"/>.. <P

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-9E4U4.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):41316
                                          Entropy (8bit):4.778737297860217
                                          Encrypted:false
                                          SSDEEP:768:E9r96MbMiclGMpM5MuHMvM7MUIpqMXMYlMLML:E9r96MbMiclGMpM5McMvM7MUqqMXMUM0
                                          MD5:21001210345E06D7B8AEC14143A3EC5B
                                          SHA1:6781BE8D020901C14FCC354A2D192C4A9CEB5922
                                          SHA-256:CDB01E74ECEE256A55C49860DEB22F3FCE97EA0F47FFDB5DC94E4D5A12990889
                                          SHA-512:099C46AD35FBD6FCE3E862C2AEBFC41F850AA020201037C79AE22663038290163A366BECCD533D3EBD117233855F0CF0B90F856BA131EFAEF978FCF74A2DE7E9
                                          Malicious:false
                                          Preview:<profileset ver="21">.. <profile name="HD Video 1080p: WMV 9, 9000 kbps; Audio: WMA Pro, 384kbps" description="" comment="" GUID="3C924E60-0DEC-4dba-A017-427CF6D95D75">.. <videoinfo filetype="3">.. <format>.. <CLSID>{020D5105-06DE-4C30-BB9E-AFB9CE348554}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">255</MediaType>.. <fccHandler type="19">861293911</fccHandler>.. <Bitrate type="3">9000000</Bitrate>.. <FrameRate type="5">29.970000</FrameRate>.. <Width type="3">1920</Width>.. <Height type="3">1080</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">16</AspectRatioX>.. <AspectRatioY type="3">9</AspectRatioY>.. <CodecName type="8">Windows Media Video 9</CodecName>.. <InternalCodecType type="3">0</InternalCodecType>.. <HasSMPTE type="11">0</HasSMPTE>.. <BufferWindow type="3

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-BFMCM.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):51352
                                          Entropy (8bit):4.857946621837214
                                          Encrypted:false
                                          SSDEEP:768:CF3lF34ihfr3Va3GyWlT3eS3tyWl93Gxhfp39hfL3w:CF3lF3/3I3ZWlT3V3UWl93I3T3w
                                          MD5:B638E09EF40D8908D79D9AFE965BE8D4
                                          SHA1:3F6234D02A68E44E65938A1B14DC0CA201F9B0FE
                                          SHA-256:614AA79BDB94FF4034465A3DA9C41561B891DAB860B61E605DCD7ECB337011B6
                                          SHA-512:39C8C504B8EB3809C4981EAB9D47CDE53D2F272DBF220AC418236CF1F878C10331E35A353815F5C029D3BE079810CAB5CCD31510584CDAE834C07F6082DB4F4F
                                          Malicious:false
                                          Preview:<profileset ver="20">.. <profile name="Quick Time - HD Quality 480p - (H.264, 848x480; MP2/4 (AAC), 320 kbps)" description="" comment="" GUID="c7ae2657-4df7-4633-99b8-8e045e2d3fdc">.. <videoinfo filetype="5">.. <format>.. <CLSID>{26CBBFE8-A446-4643-9FA2-42510D5DFFBC}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">253</MediaType>.. <fccHandler type="19">828601953</fccHandler>.. <Bitrate type="3">1200000</Bitrate>.. <FrameRate type="5">25</FrameRate>.. <Width type="3">848</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">H.264/AVC (Advanced Video Coding)</CodecName>.. <InternalCodecType type="3">8</InternalCodecType>.. <DesiredQuant type="3">26</DesiredQuant>..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-GR047.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14771
                                          Entropy (8bit):5.037848191413197
                                          Encrypted:false
                                          SSDEEP:192:2IhRhpM2eG6bzeKpVQHFk3K2xzRVYF3mP8CwFBFWN:31cbdCalRVvB
                                          MD5:8D87945CC57BFADC17B62A972ECD2FF4
                                          SHA1:2F699DDD8047030D45640BD7836E8D9118C1E288
                                          SHA-256:48609CE0806067CE2D1B05CD4A855B56261A50139DD3F9758A3867D2E1094BF8
                                          SHA-512:A40A33DA61126A02294FFA6298F1C18F054B59814C1202A39E55E9D05A1BF98139D7B9869428F2D1E8572A1BC63E5347E2D3D15D1EF0F3403ABED40BBB735B13
                                          Malicious:false
                                          Preview:<profileset ver="1">.. <profile name="Amplify" description="" comment="" id="900">.. <preset name="10 db Boost" dbAmplify="10.0"/>.. <preset name="10 db Cut" dbAmplify="-10.0"/>.. <preset name="6 db Boost" dbAmplify="6.0"/>.. <preset name="6 db Cut" dbAmplify="-6.0"/>.. <preset name="3 db Boost" dbAmplify="3.0"/>.. <preset name="3 db Cut" dbAmplify="-3.0"/>.. </profile>.. <profile name="BandFilters" description="" comment="" id="901">.. <preset name="Low Pass 1kHz" FilterType="1" Frequency="1000" Steepness="50.0"/>.. <preset name="Low Pass 4kHz" FilterType="1" Frequency="4000" Steepness="50.0"/>.. <preset name="Low Pass 8kHz" FilterType="1" Frequency="8000" Steepness="50.0"/>.. <preset name="High Pass 1kHz" FilterType="2" Frequency="1000" Steepness="50.0"/>.. <preset name="High Pass 4kHz" FilterType="2" Frequency="4000" Steepness="50.0"/>.. <preset name="High Pass 8kHz" FilterType="2" Frequency="8000" Steepness="50.0"/>.. <preset name="Band Pas

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-GRDUR.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):66208
                                          Entropy (8bit):4.870191283081376
                                          Encrypted:false
                                          SSDEEP:1536:53N3tX3WMHMicl4Mv3z3xWl13gWlC3YWlR3HWlN3rWlM3S:53N3tX3WMHMicl4Mv3z3xK3gT3Y03HyQ
                                          MD5:7D494EDE6214140C0C487FA6C615BF33
                                          SHA1:1B04E8486277D75784AC0B974CDB0E6C5B69CF8E
                                          SHA-256:C5BE403440811035B4AFEBBBE0F643A151B85B3C7E887090D956C13B11A6C39A
                                          SHA-512:B5E2222A270BA4BFE97AC3AEAD7DBAFEB0F0CEEFBE472D67D0C5B987D80AB4E6D1B64308CC5A2CA21851B84390BF732BE668EBAC162032AD5CDA7512C6038C6F
                                          Malicious:false
                                          Preview:<profileset ver="21">.. <profile name="BlackBerry 81xx - (MPEG4, 560 kbps, 320x240)" description="" comment="" GUID="f3234535-37f5-4df0-8cbd-7f6576479ba1">.. <videoinfo filetype="1">.. <format>.. <CLSID>{7CB4F1BD-4FA2-498A-ABD2-AA7B0F560718}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">254</MediaType>.. <fccHandler type="19">877677894</fccHandler>.. <Bitrate type="3">460000</Bitrate>.. <FrameRate type="5">25</FrameRate>.. <Width type="3">320</Width>.. <Height type="3">240</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">Microsoft MPEG-4</CodecName>.. <InternalCodecType type="3">262</InternalCodecType>.. <BitrateTolerance type="3">4000</BitrateTolerance>.. <QScale type="5">0.000000</QSc

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-HA01S.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):48988
                                          Entropy (8bit):4.786462432121363
                                          Encrypted:false
                                          SSDEEP:768:m5h435hBw3hhBw3VlhBw3pl3kql31h2+3Hh2+39l34l3h:73i3K3A3pl3kql3r3l39l34l3h
                                          MD5:89A31A7BC95C4BFF061570AC746C7373
                                          SHA1:1F90AE9B50D21C22FD027C52580E37607FAB7B37
                                          SHA-256:AC8BC197FB377C1B848B2A01578AD53FD7550352D53B75BE9C816789504E6B9B
                                          SHA-512:48DD7859CCF74409B08B39E95589C2A54AD7F0E813B23D1B154155DDF898078B92EFE72887F1749248CF817C15912B5C02CAA7AEAA69F23848B3277D30EE366D
                                          Malicious:false
                                          Preview:<profileset ver="21">.. <profile name="DVD NTSC compatible - (MPEG2, 4000 kbps, 720x480, 29.97 fps)" description="" comment="" GUID="72EB1FEA-3DE4-43f7-A1EE-C80D415F12AD">.. <videoinfo filetype="2">.. <format>.. <CLSID>{7CB4F1BD-4FA2-498A-ABD2-AA7B0F560718}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">254</MediaType>.. <fccHandler type="19">843534413</fccHandler>.. <Bitrate type="3">3766000</Bitrate>.. <FrameRate type="5">29.970000</FrameRate>.. <Width type="3">720</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">MPEG-2 Video</CodecName>.. <InternalCodecType type="3">302</InternalCodecType>.. <BitrateTolerance type="3">130</BitrateTolerance>.. <

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-K0C6I.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):15486
                                          Entropy (8bit):4.896351144113881
                                          Encrypted:false
                                          SSDEEP:192:RhVdTw1nH4d4Yrc6vrDSyFJ/YgshaV33Hpf9pFkTOXn5UFdyKB0ejesDlPXHwj0b:LE6vpL3JFIyKB5i4lFVMO3JRji3HX2
                                          MD5:E655971563E538511E44C3B4663B90E8
                                          SHA1:925378D00EA130600632DADE823F43B07A45428A
                                          SHA-256:221A59B5BF96456C610C314CF7C79C4445A6447609BA50DDD5B426E642D3D666
                                          SHA-512:284F533E8EA3187509B7D5003196467BE631728F0C84BC00B034AE733A6D1065956EAEAE10D66BE90EC297C9A62DF6FFC461E0DA6B91787DC8BE6F3EA671FED7
                                          Malicious:false
                                          Preview:<profileset ver="20">.. <profile name="Quick Time - for Internet Delivery - (H.264, 640x480, 24 fps; AAC, 128 kbps)" description="" comment="" GUID="4F2F358A-2C18-42d4-99B5-A17B31F937EE">.. <videoinfo filetype="5">.. <format>.. <CLSID>{26CBBFE8-A446-4643-9FA2-42510D5DFFBC}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">253</MediaType>.. <fccHandler type="19">828601953</fccHandler>.. <Bitrate type="3">1200000</Bitrate>.. <FrameRate type="5">24</FrameRate>.. <Width type="3">640</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">1</AspectRatioY>.. <CodecName type="8">H.264/AVC (Advanced Video Coding)</CodecName>.. <InternalCodecType type="3">8</InternalCodecType>.. <DesiredQuant type="3">26</DesiredQuant>..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-KBMUE.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13173
                                          Entropy (8bit):4.819599660224795
                                          Encrypted:false
                                          SSDEEP:192:jrTDYTmxgAsDvjysWhpQhhiHQ7pBjYTwKgAsDvjysWhpQhhiH17qyGhPT7zgqDDB:iuaicuaik71i/1iRgir
                                          MD5:E31CF701B9EDC9E279378307E2E4B16C
                                          SHA1:C0984E81384716C16864573A032F1BF67DAF8A25
                                          SHA-256:C31C6B2D9378369D479509982FCEFDFF903253315DC83027303D97AFDCEF1B8D
                                          SHA-512:0793ACCB8A011D7FDC06459F984470727BB67D0DD251A0998B87DBE042A84C9E2D399AB24AB62BCBC44919437E4A12EBA7C28A7C1C6194AB08677ACCA5C25341
                                          Malicious:false
                                          Preview:<profileset ver="22">.. <profile name="RealVideo 10: 2500 kbps, 720x480, 29.97 fps; RealAudio: COOK, 96 kbps" description="" comment="" GUID="f3cd6d74-3414-427e-95c3-5e7cb8578566">.. <videoinfo filetype="4">.. <format>.. <CLSID>{4B89148B-1A8C-4884-8886-4895C8B0150D}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">256</MediaType>.. <fccHandler type="19">808736338</fccHandler>.. <Bitrate type="3">2500000</Bitrate>.. <FrameRate type="5">29.970000</FrameRate>.. <Width type="3">720</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">Real Video 10</CodecName>.. <InternalCodecType type="3">515</InternalCodecType>.. <MaxBitrate type="3">3250000</MaxBitrate>.. <Encoding

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-MBIC5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):174870
                                          Entropy (8bit):4.871828307885481
                                          Encrypted:false
                                          SSDEEP:3072:ZN3Qt3qK3jU36u3ZMbME53wj3TMFM5M8x3J53ax3fM7MMMdQ3+53TQ3VD36/31/6:Zu1NF5Ffs
                                          MD5:E9584E24E6F1C5433F3492511EFBB841
                                          SHA1:1D57106EF53E82D2A9342370E3928F8B4DBD00E6
                                          SHA-256:B8180594CBC239203BC76379E042DC2B3DAD805450A4E32652A8BBAC847CBE55
                                          SHA-512:7F3670E73F6F10EF79684923E1495F8607EA8D7154603A5EBB87E8AA6A523E35242ABCF4E26796B30E66E1FFF5FC0EC610526163C77D71437331409E67124027
                                          Malicious:false
                                          Preview:<profileset ver="26">.. <profile name="Apple iPod - (H.264, 320x240)" description="" comment="" GUID="67d807a4-1dbf-4d84-b208-459ac973919e">.. <videoinfo filetype="23">.. <format>.. <CLSID>{26CBBFE8-A446-4643-9FA2-42510D5DFFBC}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">253</MediaType>.. <fccHandler type="19">828601953</fccHandler>.. <Bitrate type="3">640000</Bitrate>.. <FrameRate type="5">30</FrameRate>.. <Width type="3">320</Width>.. <Height type="3">240</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">H.264/AVC (Advanced Video Coding)</CodecName>.. <InternalCodecType type="3">8</InternalCodecType>.. <DesiredQuant type="3">26</DesiredQuant>.. <NumThreads type="3">1</NumThreads>..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-N6U9K.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):34401
                                          Entropy (8bit):4.820970783592911
                                          Encrypted:false
                                          SSDEEP:768:8i3lhfZ3XhfS3vhfO3vsD3byWlD3MIpqMb:8i35343o30D3OWlD3MqqMb
                                          MD5:05896182A379FC233142E214228AA9A3
                                          SHA1:091E0C79D60BE77A78837E332D0FA24BFB4B788E
                                          SHA-256:BDF0A368D438325F59CD96CC8CBF64AFD883AB6B09620CB83962BCC47D8ABA42
                                          SHA-512:8D9494BAFF0BB610C8837BB34E3F1EC594C08A9E702992D3B2D163A9EA50848D15B9882E41158AB996BC8319477618931B093F67F4B5A15CEADC75D07912584B
                                          Malicious:false
                                          Preview:<profileset ver="21">.. <profile name="Apple TV - Best Quality - (H.264, 640x480, 25 fps; MP2/4 (AAC), 320 kbps)" description="" comment="" GUID="c96de3ab-3315-4c5c-9578-f37f25761151">.. <videoinfo filetype="5">.. <format>.. <CLSID>{26CBBFE8-A446-4643-9FA2-42510D5DFFBC}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">253</MediaType>.. <fccHandler type="19">828601953</fccHandler>.. <Bitrate type="3">1200000</Bitrate>.. <FrameRate type="5">25</FrameRate>.. <Width type="3">640</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">H.264/AVC (Advanced Video Coding)</CodecName>.. <InternalCodecType type="3">8</InternalCodecType>.. <DesiredQuant type="3">26</DesiredQuant>..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-OL248.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):28005
                                          Entropy (8bit):4.825850143128368
                                          Encrypted:false
                                          SSDEEP:384:mf6vPb3J4f6vPb3Jdf6vP59JeJ6vF/3JAlJ6vf/3JbUxhJCULwp3+:ma36a3zY9QU3ylu3Mhfo3+
                                          MD5:25E2836E6ADF541FCD160527AD6652A1
                                          SHA1:1EEC2D19523F14C90E50C3F32EAB7F48567E2621
                                          SHA-256:E3AA4FEB688458F4CA3908004FB1FFF434CB101D657A33B2D27F42CE7A51B2EF
                                          SHA-512:90E5772EC9225D0090C6C4AC8652CF8A89E897555A17EB86F0B50028E77DA37990E8ED540E7F3BFB44E21C6E83CE61EEE576137B8B3AD09153D0A0243F3FD062
                                          Malicious:false
                                          Preview:<profileset ver="22">.. <profile name="Microsoft XBox360 - Normal HD Quality 480p - (H.264, 29.97 fps, 848x480)" description="" comment="" GUID="8badd1e3-d439-4f5e-8e97-8f2a2f72f187">.. <videoinfo filetype="22">.. <format>.. <CLSID>{26CBBFE8-A446-4643-9FA2-42510D5DFFBC}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">253</MediaType>.. <fccHandler type="19">828601953</fccHandler>.. <Bitrate type="3">2600000</Bitrate>.. <FrameRate type="5">29.970000</FrameRate>.. <Width type="3">848</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">H.264/AVC (Advanced Video Coding)</CodecName>.. <InternalCodecType type="3">8</InternalCodecType>.. <DesiredQuant type="3">26</DesiredQuant>..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-PNUV1.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):44738
                                          Entropy (8bit):4.87288884031512
                                          Encrypted:false
                                          SSDEEP:768:dyWlA3RyWls3wH3iV35w3ryWlA39hfX3s:EWlA3gWls3wH3iV35w3eWlA3f3s
                                          MD5:8CF6CED885901B56BC408D67EE725FF1
                                          SHA1:F8D0E26485441E3690758C06FFAB9F7D86A27EA6
                                          SHA-256:41D3520E53D31C168D16E40AB09D9B8E219C70F6DD4B55C442A903BC477ECC1D
                                          SHA-512:A6FC1D99AD92B8C6788EC4EF5FBE91F64EC18B56F972A3BB2B85A8FD6F0E01719509829FF7CA30E36AE0F7ECC8F25DE82F92A3E2A2BACA5DF43A31ACDF0FAD50
                                          Malicious:false
                                          Preview:<profileset ver="22">.. <profile name="Video: MPEG4 (DivX, XviD), 1500 kbps; Audio: MP3, 192 kbps" description="" comment="" GUID="0111c432-7ec2-472b-b258-ec529bbd5c04">.. <videoinfo filetype="1">.. <format>.. <CLSID>{2F7C6CC1-5685-4D96-AF12-39C52017731A}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">252</MediaType>.. <fccHandler type="19">1145656920</fccHandler>.. <Bitrate type="3">1500000</Bitrate>.. <FrameRate type="5">25</FrameRate>.. <Width type="3">640</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">MPEG4 (DivX/XviD compatible)</CodecName>.. <InternalCodecType type="3">1</InternalCodecType>.. <CPUFlags type="3">0</CPUFlags>.. <ProfileLevel type="3">

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-RCGIV.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):127264
                                          Entropy (8bit):4.5926692006527405
                                          Encrypted:false
                                          SSDEEP:384:TLdKBakuj6Kvu+ejugI8m5aCi4RQMS1AuLao9tZR1AzRVQMt+1reHu4BbM/0HZ:ovC
                                          MD5:437E2FE4FCA6F2927E9F3AB65BAB94E8
                                          SHA1:2BA5E95E1DD630259D05763271651687C4C89C31
                                          SHA-256:00303A8E023753EF2FFE86F20545C4938E369C7C08840CE85C51B39945343D99
                                          SHA-512:C331F1D265FA9A859C0F867182977D5D849A8F6602D4ABE57A10C53E0ECCD359616DDADD38BE7E25EA9F1CAC67FFA85F431D2B01BDC385837BECD7B413BF090B
                                          Malicious:false
                                          Preview:<presets version="1">.. <category type="0" name="Internal">.. <Effects name="Default">.. <Effect id="516" begin="0" end="1" fadein="0" fadeout="1" enabled="1">.. <Properties>.. <Property varianttype="3" metric="3"/>.. <Property varianttype="3" animation-state="3"/>.. <Property varianttype="3" brush-type="0"/>.. <Property varianttype="3" brush-color1="65255"/>.. <Property varianttype="3" brush-alpha1="255"/>.. <Property varianttype="3" brush-color2="65536"/>.. <Property varianttype="3" brush-alpha2="255"/>.. <Property varianttype="3" brush-texturealpha="100"/>.. <Property varianttype="8" brush-texturepath=""/>.. <Property varianttype="3" brush-texturemode="1"/>.. <Property varianttype="8" font-name="Arial"/>.. <Property varianttype="11" font-bold="0"/>.. <Property varianttype="11" font-italic="0"/>.. <Property varianttype="11" font-underline="-1"/

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-RT8UG.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):52234
                                          Entropy (8bit):4.563712566443943
                                          Encrypted:false
                                          SSDEEP:192:WtdaZdsdJjdcdZdFdjdMd0dPdnd6VdPd5dydRdldcd3idhdS:iyefSPjpmmlhIRj8bTKg3E
                                          MD5:09102FC4246DBC581DEB99C12A39F951
                                          SHA1:5EACBE4E9CA67E962BD6E34B1EC62DAD5AC6C783
                                          SHA-256:CCAF2D104944C9692017F10DC2481C9032A5FE82DFFC81024C54BA3D8077AB80
                                          SHA-512:52072BC60A50D77CC07A99C43AAC07E4F5895A9C69EBD87CC7FB383E159592D7BFC36A269C1E6ABEFEE621FAF3B20711C7E2EE92BBB1A67A1E0D413523D85FD5
                                          Malicious:false
                                          Preview:<presets version="1">.. <category type="0" name="Internal">.. <Effects name="Default">.. <Effect id="516" begin="0" end="1" fadein="0.45" fadeout="0.55" enabled="1">.. <Properties>.. <Property varianttype="3" metric="3"/>.. <Property varianttype="3" animation-fadein="1"/>.. <Property varianttype="3" animation-state="3"/>.. <Property varianttype="3" animation-fadeout="1"/>.. <Property varianttype="3" brush-type="1000"/>.. <Property varianttype="3" brush-color1="355"/>.. <Property varianttype="3" brush-alpha1="255"/>.. <Property varianttype="3" brush-color2="65536"/>.. <Property varianttype="3" brush-alpha2="255"/>.. <Property varianttype="3" brush-texturealpha="255"/>.. <Property varianttype="8" brush-texturepath=""/>.. <Property varianttype="3" brush-texturemode="1"/>.. <Property varianttype="8" font-name=""/>.. <Property varianttype="11" font-bo

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-SOMEH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):39937
                                          Entropy (8bit):4.834519360333624
                                          Encrypted:false
                                          SSDEEP:768:r0iT0i1hB6iChB6i+0iI0i1hB6iLhB6iQ:r0iT0i8iVi+0iI0i8iaiQ
                                          MD5:0AA99F9D83DCB23C985DC4BAA623474D
                                          SHA1:C5A4DBAA3D89E995E5E68E940B42642DC58EE747
                                          SHA-256:F5110E639048E8CA7AEF147F027AF20DCF28A43CA83D782D4A3981F1E9C7440C
                                          SHA-512:9EB9B7A506FF46C4948FAE3317956E1E916BF729563CF8EE5DBA60F1C713EDD0512FD43CC654B4A5E9A43F3E3191CEFF151C9DABC30A924782603D49516636B6
                                          Malicious:false
                                          Preview:<profileset ver="2">.. <profile name="Blu-ray Full HD 1080p - (H.264, 24000kbps, 23.976fps)" description="Video: H.264, Bitrate 24000 kbps, Framerate 23.976, Frame 1920x1080; Audio: LPCM" comment="" GUID="634440A8-AA57-4177-8E8D-18B1F6186BA9">.. <videoinfo filetype="27">.. <format>.. <CLSID>{E71EFE55-7A73-44C7-B78E-AE3F62C82945}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">258</MediaType>.. <fccHandler type="19">875967048</fccHandler>.. <Bitrate type="3">24000000</Bitrate>.. <FrameRate type="5">23.976000</FrameRate>.. <Width type="3">1920</Width>.. <Height type="3">1080</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">16</AspectRatioX>.. <AspectRatioY type="3">9</AspectRatioY>.. <CodecName type="8">H.264/AVC (Advanced Video Coding)</CodecName>.. <InternalCodecType type="3">8</InternalCo

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\is-UQSKM.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):68111
                                          Entropy (8bit):4.878272885518393
                                          Encrypted:false
                                          SSDEEP:1536:lWlA3gWls3wH3iV3eWlA3aw3G3oWld3wWld3tWld3X3+:lX3gL3wH3iV3eX3aw3G3oc3wc3tc3X3+
                                          MD5:6AF7A45C10F80A0EF357D061B091AE3E
                                          SHA1:1BDA14DADC87DD65B93660C19AF493320CEAA5BB
                                          SHA-256:13CD045F676BB9B1D78C755E22CD59AF4361AF1954E192620599EAE11815271E
                                          SHA-512:BFEDED203B4620274493428C29FEAE88C1DC0F6A3635074FAA499921ECF1D9F838CE1D54743F5D21BACACDCA96DEEC82C0660C6CDE9D3A6558E36BD3B734E5DA
                                          Malicious:false
                                          Preview:<profileset ver="21">.. <profile name="Video: MPEG4 (DivX, XviD), 1500 kbps; Audio: MP3, 192 kbps" description="" comment="" GUID="0111c432-7ec2-472b-b258-ec529bbd5c04">.. <videoinfo filetype="1">.. <format>.. <CLSID>{2F7C6CC1-5685-4D96-AF12-39C52017731A}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">252</MediaType>.. <fccHandler type="19">1145656920</fccHandler>.. <Bitrate type="3">1500000</Bitrate>.. <FrameRate type="5">25</FrameRate>.. <Width type="3">640</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">MPEG4 (DivX/XviD compatible)</CodecName>.. <InternalCodecType type="3">1</InternalCodecType>.. <CPUFlags type="3">0</CPUFlags>.. <ProfileLevel type="3">

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-device-game_consoles.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):28005
                                          Entropy (8bit):4.825850143128368
                                          Encrypted:false
                                          SSDEEP:384:mf6vPb3J4f6vPb3Jdf6vP59JeJ6vF/3JAlJ6vf/3JbUxhJCULwp3+:ma36a3zY9QU3ylu3Mhfo3+
                                          MD5:25E2836E6ADF541FCD160527AD6652A1
                                          SHA1:1EEC2D19523F14C90E50C3F32EAB7F48567E2621
                                          SHA-256:E3AA4FEB688458F4CA3908004FB1FFF434CB101D657A33B2D27F42CE7A51B2EF
                                          SHA-512:90E5772EC9225D0090C6C4AC8652CF8A89E897555A17EB86F0B50028E77DA37990E8ED540E7F3BFB44E21C6E83CE61EEE576137B8B3AD09153D0A0243F3FD062
                                          Malicious:false
                                          Preview:<profileset ver="22">.. <profile name="Microsoft XBox360 - Normal HD Quality 480p - (H.264, 29.97 fps, 848x480)" description="" comment="" GUID="8badd1e3-d439-4f5e-8e97-8f2a2f72f187">.. <videoinfo filetype="22">.. <format>.. <CLSID>{26CBBFE8-A446-4643-9FA2-42510D5DFFBC}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">253</MediaType>.. <fccHandler type="19">828601953</fccHandler>.. <Bitrate type="3">2600000</Bitrate>.. <FrameRate type="5">29.970000</FrameRate>.. <Width type="3">848</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">H.264/AVC (Advanced Video Coding)</CodecName>.. <InternalCodecType type="3">8</InternalCodecType>.. <DesiredQuant type="3">26</DesiredQuant>..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-device-other.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):34401
                                          Entropy (8bit):4.820970783592911
                                          Encrypted:false
                                          SSDEEP:768:8i3lhfZ3XhfS3vhfO3vsD3byWlD3MIpqMb:8i35343o30D3OWlD3MqqMb
                                          MD5:05896182A379FC233142E214228AA9A3
                                          SHA1:091E0C79D60BE77A78837E332D0FA24BFB4B788E
                                          SHA-256:BDF0A368D438325F59CD96CC8CBF64AFD883AB6B09620CB83962BCC47D8ABA42
                                          SHA-512:8D9494BAFF0BB610C8837BB34E3F1EC594C08A9E702992D3B2D163A9EA50848D15B9882E41158AB996BC8319477618931B093F67F4B5A15CEADC75D07912584B
                                          Malicious:false
                                          Preview:<profileset ver="21">.. <profile name="Apple TV - Best Quality - (H.264, 640x480, 25 fps; MP2/4 (AAC), 320 kbps)" description="" comment="" GUID="c96de3ab-3315-4c5c-9578-f37f25761151">.. <videoinfo filetype="5">.. <format>.. <CLSID>{26CBBFE8-A446-4643-9FA2-42510D5DFFBC}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">253</MediaType>.. <fccHandler type="19">828601953</fccHandler>.. <Bitrate type="3">1200000</Bitrate>.. <FrameRate type="5">25</FrameRate>.. <Width type="3">640</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">H.264/AVC (Advanced Video Coding)</CodecName>.. <InternalCodecType type="3">8</InternalCodecType>.. <DesiredQuant type="3">26</DesiredQuant>..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-device-phones_smartphones.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):66208
                                          Entropy (8bit):4.870191283081376
                                          Encrypted:false
                                          SSDEEP:1536:53N3tX3WMHMicl4Mv3z3xWl13gWlC3YWlR3HWlN3rWlM3S:53N3tX3WMHMicl4Mv3z3xK3gT3Y03HyQ
                                          MD5:7D494EDE6214140C0C487FA6C615BF33
                                          SHA1:1B04E8486277D75784AC0B974CDB0E6C5B69CF8E
                                          SHA-256:C5BE403440811035B4AFEBBBE0F643A151B85B3C7E887090D956C13B11A6C39A
                                          SHA-512:B5E2222A270BA4BFE97AC3AEAD7DBAFEB0F0CEEFBE472D67D0C5B987D80AB4E6D1B64308CC5A2CA21851B84390BF732BE668EBAC162032AD5CDA7512C6038C6F
                                          Malicious:false
                                          Preview:<profileset ver="21">.. <profile name="BlackBerry 81xx - (MPEG4, 560 kbps, 320x240)" description="" comment="" GUID="f3234535-37f5-4df0-8cbd-7f6576479ba1">.. <videoinfo filetype="1">.. <format>.. <CLSID>{7CB4F1BD-4FA2-498A-ABD2-AA7B0F560718}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">254</MediaType>.. <fccHandler type="19">877677894</fccHandler>.. <Bitrate type="3">460000</Bitrate>.. <FrameRate type="5">25</FrameRate>.. <Width type="3">320</Width>.. <Height type="3">240</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">Microsoft MPEG-4</CodecName>.. <InternalCodecType type="3">262</InternalCodecType>.. <BitrateTolerance type="3">4000</BitrateTolerance>.. <QScale type="5">0.000000</QSc

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-device-portable_media_players.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):174870
                                          Entropy (8bit):4.871828307885481
                                          Encrypted:false
                                          SSDEEP:3072:ZN3Qt3qK3jU36u3ZMbME53wj3TMFM5M8x3J53ax3fM7MMMdQ3+53TQ3VD36/31/6:Zu1NF5Ffs
                                          MD5:E9584E24E6F1C5433F3492511EFBB841
                                          SHA1:1D57106EF53E82D2A9342370E3928F8B4DBD00E6
                                          SHA-256:B8180594CBC239203BC76379E042DC2B3DAD805450A4E32652A8BBAC847CBE55
                                          SHA-512:7F3670E73F6F10EF79684923E1495F8607EA8D7154603A5EBB87E8AA6A523E35242ABCF4E26796B30E66E1FFF5FC0EC610526163C77D71437331409E67124027
                                          Malicious:false
                                          Preview:<profileset ver="26">.. <profile name="Apple iPod - (H.264, 320x240)" description="" comment="" GUID="67d807a4-1dbf-4d84-b208-459ac973919e">.. <videoinfo filetype="23">.. <format>.. <CLSID>{26CBBFE8-A446-4643-9FA2-42510D5DFFBC}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">253</MediaType>.. <fccHandler type="19">828601953</fccHandler>.. <Bitrate type="3">640000</Bitrate>.. <FrameRate type="5">30</FrameRate>.. <Width type="3">320</Width>.. <Height type="3">240</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">H.264/AVC (Advanced Video Coding)</CodecName>.. <InternalCodecType type="3">8</InternalCodecType>.. <DesiredQuant type="3">26</DesiredQuant>.. <NumThreads type="3">1</NumThreads>..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-disk-disks_avi.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):44738
                                          Entropy (8bit):4.87288884031512
                                          Encrypted:false
                                          SSDEEP:768:dyWlA3RyWls3wH3iV35w3ryWlA39hfX3s:EWlA3gWls3wH3iV35w3eWlA3f3s
                                          MD5:8CF6CED885901B56BC408D67EE725FF1
                                          SHA1:F8D0E26485441E3690758C06FFAB9F7D86A27EA6
                                          SHA-256:41D3520E53D31C168D16E40AB09D9B8E219C70F6DD4B55C442A903BC477ECC1D
                                          SHA-512:A6FC1D99AD92B8C6788EC4EF5FBE91F64EC18B56F972A3BB2B85A8FD6F0E01719509829FF7CA30E36AE0F7ECC8F25DE82F92A3E2A2BACA5DF43A31ACDF0FAD50
                                          Malicious:false
                                          Preview:<profileset ver="22">.. <profile name="Video: MPEG4 (DivX, XviD), 1500 kbps; Audio: MP3, 192 kbps" description="" comment="" GUID="0111c432-7ec2-472b-b258-ec529bbd5c04">.. <videoinfo filetype="1">.. <format>.. <CLSID>{2F7C6CC1-5685-4D96-AF12-39C52017731A}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">252</MediaType>.. <fccHandler type="19">1145656920</fccHandler>.. <Bitrate type="3">1500000</Bitrate>.. <FrameRate type="5">25</FrameRate>.. <Width type="3">640</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">MPEG4 (DivX/XviD compatible)</CodecName>.. <InternalCodecType type="3">1</InternalCodecType>.. <CPUFlags type="3">0</CPUFlags>.. <ProfileLevel type="3">

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-disk-disks_bluray.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):39937
                                          Entropy (8bit):4.834519360333624
                                          Encrypted:false
                                          SSDEEP:768:r0iT0i1hB6iChB6i+0iI0i1hB6iLhB6iQ:r0iT0i8iVi+0iI0i8iaiQ
                                          MD5:0AA99F9D83DCB23C985DC4BAA623474D
                                          SHA1:C5A4DBAA3D89E995E5E68E940B42642DC58EE747
                                          SHA-256:F5110E639048E8CA7AEF147F027AF20DCF28A43CA83D782D4A3981F1E9C7440C
                                          SHA-512:9EB9B7A506FF46C4948FAE3317956E1E916BF729563CF8EE5DBA60F1C713EDD0512FD43CC654B4A5E9A43F3E3191CEFF151C9DABC30A924782603D49516636B6
                                          Malicious:false
                                          Preview:<profileset ver="2">.. <profile name="Blu-ray Full HD 1080p - (H.264, 24000kbps, 23.976fps)" description="Video: H.264, Bitrate 24000 kbps, Framerate 23.976, Frame 1920x1080; Audio: LPCM" comment="" GUID="634440A8-AA57-4177-8E8D-18B1F6186BA9">.. <videoinfo filetype="27">.. <format>.. <CLSID>{E71EFE55-7A73-44C7-B78E-AE3F62C82945}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">258</MediaType>.. <fccHandler type="19">875967048</fccHandler>.. <Bitrate type="3">24000000</Bitrate>.. <FrameRate type="5">23.976000</FrameRate>.. <Width type="3">1920</Width>.. <Height type="3">1080</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">16</AspectRatioX>.. <AspectRatioY type="3">9</AspectRatioY>.. <CodecName type="8">H.264/AVC (Advanced Video Coding)</CodecName>.. <InternalCodecType type="3">8</InternalCo

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-disk-disks_dvd.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):45404
                                          Entropy (8bit):4.784107372504372
                                          Encrypted:false
                                          SSDEEP:768:WhBvishBviyxhBviYghBHiHhBviIhBvi6hBviP+hBHih:aigiai7iri8iOiPSih
                                          MD5:911AFDCB3548AEE0BC91673174FD9CCB
                                          SHA1:0AE34D2ED86D13ED797002CD24BE024B6EDA70A3
                                          SHA-256:200969420D9B1B4D7310332CF89A32291ED48053CF6624221491A98B795786FF
                                          SHA-512:A5B7CDE5F56FCE6037E68B02C596E89E3AA1088E9465B2BB0828E392BB73F3C8B9904C064D1CD8E7AA2C44AE85E723F6C789C82F035B73F1367F3F9D63B52EC5
                                          Malicious:false
                                          Preview:<profileset ver="21">.. <profile name="DVD NTSC High Quality (HQ 60/108 min. at 1 DVD/DL DVD Disc)" description="Video: MPEG2, Bitrate 9400 kbps, Framerate 29,97, Frame 720x480; Audio: Bitrate 224 kbps" comment="" GUID="241004D6-732B-48c3-9658-F6E68BAF3F54">.. <videoinfo filetype="11">.. <format>.. <CLSID>{7CB4F1BD-4FA2-498A-ABD2-AA7B0F560718}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">254</MediaType>.. <fccHandler type="19">843534413</fccHandler>.. <Bitrate type="3">9400000</Bitrate>.. <FrameRate type="5">29.970000</FrameRate>.. <Width type="3">720</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">1</AspectRatioY>.. <CodecName type="8">MPEG-2 Video</CodecName>.. <InternalCodecType type="3">302</InternalCodecType>

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-format-avi.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):68111
                                          Entropy (8bit):4.878272885518393
                                          Encrypted:false
                                          SSDEEP:1536:lWlA3gWls3wH3iV3eWlA3aw3G3oWld3wWld3tWld3X3+:lX3gL3wH3iV3eX3aw3G3oc3wc3tc3X3+
                                          MD5:6AF7A45C10F80A0EF357D061B091AE3E
                                          SHA1:1BDA14DADC87DD65B93660C19AF493320CEAA5BB
                                          SHA-256:13CD045F676BB9B1D78C755E22CD59AF4361AF1954E192620599EAE11815271E
                                          SHA-512:BFEDED203B4620274493428C29FEAE88C1DC0F6A3635074FAA499921ECF1D9F838CE1D54743F5D21BACACDCA96DEEC82C0660C6CDE9D3A6558E36BD3B734E5DA
                                          Malicious:false
                                          Preview:<profileset ver="21">.. <profile name="Video: MPEG4 (DivX, XviD), 1500 kbps; Audio: MP3, 192 kbps" description="" comment="" GUID="0111c432-7ec2-472b-b258-ec529bbd5c04">.. <videoinfo filetype="1">.. <format>.. <CLSID>{2F7C6CC1-5685-4D96-AF12-39C52017731A}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">252</MediaType>.. <fccHandler type="19">1145656920</fccHandler>.. <Bitrate type="3">1500000</Bitrate>.. <FrameRate type="5">25</FrameRate>.. <Width type="3">640</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">MPEG4 (DivX/XviD compatible)</CodecName>.. <InternalCodecType type="3">1</InternalCodecType>.. <CPUFlags type="3">0</CPUFlags>.. <ProfileLevel type="3">

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-format-mov.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):51352
                                          Entropy (8bit):4.857946621837214
                                          Encrypted:false
                                          SSDEEP:768:CF3lF34ihfr3Va3GyWlT3eS3tyWl93Gxhfp39hfL3w:CF3lF3/3I3ZWlT3V3UWl93I3T3w
                                          MD5:B638E09EF40D8908D79D9AFE965BE8D4
                                          SHA1:3F6234D02A68E44E65938A1B14DC0CA201F9B0FE
                                          SHA-256:614AA79BDB94FF4034465A3DA9C41561B891DAB860B61E605DCD7ECB337011B6
                                          SHA-512:39C8C504B8EB3809C4981EAB9D47CDE53D2F272DBF220AC418236CF1F878C10331E35A353815F5C029D3BE079810CAB5CCD31510584CDAE834C07F6082DB4F4F
                                          Malicious:false
                                          Preview:<profileset ver="20">.. <profile name="Quick Time - HD Quality 480p - (H.264, 848x480; MP2/4 (AAC), 320 kbps)" description="" comment="" GUID="c7ae2657-4df7-4633-99b8-8e045e2d3fdc">.. <videoinfo filetype="5">.. <format>.. <CLSID>{26CBBFE8-A446-4643-9FA2-42510D5DFFBC}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">253</MediaType>.. <fccHandler type="19">828601953</fccHandler>.. <Bitrate type="3">1200000</Bitrate>.. <FrameRate type="5">25</FrameRate>.. <Width type="3">848</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">H.264/AVC (Advanced Video Coding)</CodecName>.. <InternalCodecType type="3">8</InternalCodecType>.. <DesiredQuant type="3">26</DesiredQuant>..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-format-mpeg.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):48988
                                          Entropy (8bit):4.786462432121363
                                          Encrypted:false
                                          SSDEEP:768:m5h435hBw3hhBw3VlhBw3pl3kql31h2+3Hh2+39l34l3h:73i3K3A3pl3kql3r3l39l34l3h
                                          MD5:89A31A7BC95C4BFF061570AC746C7373
                                          SHA1:1F90AE9B50D21C22FD027C52580E37607FAB7B37
                                          SHA-256:AC8BC197FB377C1B848B2A01578AD53FD7550352D53B75BE9C816789504E6B9B
                                          SHA-512:48DD7859CCF74409B08B39E95589C2A54AD7F0E813B23D1B154155DDF898078B92EFE72887F1749248CF817C15912B5C02CAA7AEAA69F23848B3277D30EE366D
                                          Malicious:false
                                          Preview:<profileset ver="21">.. <profile name="DVD NTSC compatible - (MPEG2, 4000 kbps, 720x480, 29.97 fps)" description="" comment="" GUID="72EB1FEA-3DE4-43f7-A1EE-C80D415F12AD">.. <videoinfo filetype="2">.. <format>.. <CLSID>{7CB4F1BD-4FA2-498A-ABD2-AA7B0F560718}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">254</MediaType>.. <fccHandler type="19">843534413</fccHandler>.. <Bitrate type="3">3766000</Bitrate>.. <FrameRate type="5">29.970000</FrameRate>.. <Width type="3">720</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">MPEG-2 Video</CodecName>.. <InternalCodecType type="3">302</InternalCodecType>.. <BitrateTolerance type="3">130</BitrateTolerance>.. <

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-format-wmv.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):41316
                                          Entropy (8bit):4.778737297860217
                                          Encrypted:false
                                          SSDEEP:768:E9r96MbMiclGMpM5MuHMvM7MUIpqMXMYlMLML:E9r96MbMiclGMpM5McMvM7MUqqMXMUM0
                                          MD5:21001210345E06D7B8AEC14143A3EC5B
                                          SHA1:6781BE8D020901C14FCC354A2D192C4A9CEB5922
                                          SHA-256:CDB01E74ECEE256A55C49860DEB22F3FCE97EA0F47FFDB5DC94E4D5A12990889
                                          SHA-512:099C46AD35FBD6FCE3E862C2AEBFC41F850AA020201037C79AE22663038290163A366BECCD533D3EBD117233855F0CF0B90F856BA131EFAEF978FCF74A2DE7E9
                                          Malicious:false
                                          Preview:<profileset ver="21">.. <profile name="HD Video 1080p: WMV 9, 9000 kbps; Audio: WMA Pro, 384kbps" description="" comment="" GUID="3C924E60-0DEC-4dba-A017-427CF6D95D75">.. <videoinfo filetype="3">.. <format>.. <CLSID>{020D5105-06DE-4C30-BB9E-AFB9CE348554}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">255</MediaType>.. <fccHandler type="19">861293911</fccHandler>.. <Bitrate type="3">9000000</Bitrate>.. <FrameRate type="5">29.970000</FrameRate>.. <Width type="3">1920</Width>.. <Height type="3">1080</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">16</AspectRatioX>.. <AspectRatioY type="3">9</AspectRatioY>.. <CodecName type="8">Windows Media Video 9</CodecName>.. <InternalCodecType type="3">0</InternalCodecType>.. <HasSMPTE type="11">0</HasSMPTE>.. <BufferWindow type="3

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-streaming-qt.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):15486
                                          Entropy (8bit):4.896351144113881
                                          Encrypted:false
                                          SSDEEP:192:RhVdTw1nH4d4Yrc6vrDSyFJ/YgshaV33Hpf9pFkTOXn5UFdyKB0ejesDlPXHwj0b:LE6vpL3JFIyKB5i4lFVMO3JRji3HX2
                                          MD5:E655971563E538511E44C3B4663B90E8
                                          SHA1:925378D00EA130600632DADE823F43B07A45428A
                                          SHA-256:221A59B5BF96456C610C314CF7C79C4445A6447609BA50DDD5B426E642D3D666
                                          SHA-512:284F533E8EA3187509B7D5003196467BE631728F0C84BC00B034AE733A6D1065956EAEAE10D66BE90EC297C9A62DF6FFC461E0DA6B91787DC8BE6F3EA671FED7
                                          Malicious:false
                                          Preview:<profileset ver="20">.. <profile name="Quick Time - for Internet Delivery - (H.264, 640x480, 24 fps; AAC, 128 kbps)" description="" comment="" GUID="4F2F358A-2C18-42d4-99B5-A17B31F937EE">.. <videoinfo filetype="5">.. <format>.. <CLSID>{26CBBFE8-A446-4643-9FA2-42510D5DFFBC}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">253</MediaType>.. <fccHandler type="19">828601953</fccHandler>.. <Bitrate type="3">1200000</Bitrate>.. <FrameRate type="5">24</FrameRate>.. <Width type="3">640</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">1</AspectRatioY>.. <CodecName type="8">H.264/AVC (Advanced Video Coding)</CodecName>.. <InternalCodecType type="3">8</InternalCodecType>.. <DesiredQuant type="3">26</DesiredQuant>..

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-web-flv.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):65005
                                          Entropy (8bit):4.800867140300043
                                          Encrypted:false
                                          SSDEEP:768:yhSA3xhfA3khfH3IhfG3Nhf33WX3ihfH3nL3KhfG3h6hf331:0383m3D3/3WX3k3nL3R3E31
                                          MD5:6B54A6EA58CBAC3F10AD499E43044D90
                                          SHA1:2D0CBC97DB02608314DD89BE10DBE2972A4DAA45
                                          SHA-256:CC2AC9A8D05916B2D1988A0E3A99ECC1B793B4B7BDE1164C65AB4F8CCEAC0882
                                          SHA-512:97FCDE50295B81CAE4204A12F9E06B6F4A98EF063A85D7BE75A0A45F64355DAE780AACE362590DEF214A7AC5A4B5BFA66B3379B115F04715DCF954881C051742
                                          Malicious:false
                                          Preview:<profileset ver="22">.. <profile name="SWF - Best Quality - (H.263, 640x480, 25 fps; MP3, 160 kbps)" description="" comment="" GUID="a94e81da-a218-4c6b-a713-bf6c2c334723">.. <videoinfo filetype="7">.. <format>.. <CLSID>{7CB4F1BD-4FA2-498A-ABD2-AA7B0F560718}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">254</MediaType>.. <fccHandler type="19">859189843</fccHandler>.. <Bitrate type="3">1200000</Bitrate>.. <FrameRate type="5">25</FrameRate>.. <Width type="3">640</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">H.263 FLV Video</CodecName>.. <InternalCodecType type="3">270</InternalCodecType>.. <BitrateTolerance type="3">4000</BitrateTolerance>.. <QScale type="

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Profiles\template-web-real_media.xml (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13173
                                          Entropy (8bit):4.819599660224795
                                          Encrypted:false
                                          SSDEEP:192:jrTDYTmxgAsDvjysWhpQhhiHQ7pBjYTwKgAsDvjysWhpQhhiH17qyGhPT7zgqDDB:iuaicuaik71i/1iRgir
                                          MD5:E31CF701B9EDC9E279378307E2E4B16C
                                          SHA1:C0984E81384716C16864573A032F1BF67DAF8A25
                                          SHA-256:C31C6B2D9378369D479509982FCEFDFF903253315DC83027303D97AFDCEF1B8D
                                          SHA-512:0793ACCB8A011D7FDC06459F984470727BB67D0DD251A0998B87DBE042A84C9E2D399AB24AB62BCBC44919437E4A12EBA7C28A7C1C6194AB08677ACCA5C25341
                                          Malicious:false
                                          Preview:<profileset ver="22">.. <profile name="RealVideo 10: 2500 kbps, 720x480, 29.97 fps; RealAudio: COOK, 96 kbps" description="" comment="" GUID="f3cd6d74-3414-427e-95c3-5e7cb8578566">.. <videoinfo filetype="4">.. <format>.. <CLSID>{4B89148B-1A8C-4884-8886-4895C8B0150D}</CLSID>.. <Setting>.. <StandardSetting>.. <MediaType type="3">256</MediaType>.. <fccHandler type="19">808736338</fccHandler>.. <Bitrate type="3">2500000</Bitrate>.. <FrameRate type="5">29.970000</FrameRate>.. <Width type="3">720</Width>.. <Height type="3">480</Height>.. <ColorSpace type="3">-2147483584</ColorSpace>.. <AspectRatioX type="3">0</AspectRatioX>.. <AspectRatioY type="3">0</AspectRatioY>.. <CodecName type="8">Real Video 10</CodecName>.. <InternalCodecType type="3">515</InternalCodecType>.. <MaxBitrate type="3">3250000</MaxBitrate>.. <Encoding

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\Registration.exe (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):5800072
                                          Entropy (8bit):7.999151834758425
                                          Encrypted:true
                                          SSDEEP:98304:RzrYyZ0DgLnDpW0Ezbh7/u3/lhfOHwmtG9b0lkYASVBQV93PBHgYDqs1m7a:JZ08LDpW0ibh7IPYtzkYPVynZHpqkm2
                                          MD5:23BF66DE2827671BB16D26A077D530B7
                                          SHA1:A4B8D868387F9CB2B8F13083CF51B6F81864C1AE
                                          SHA-256:DB3298DF4F0AC4FDEA4829C1851A02C4280AFC27B9CFE572C9DA7FCB707D8467
                                          SHA-512:832033DF6FE976FBC6A7A4383443FF3C35BC436239E07CCE8900194156518DE9415B6515A5E766EF5A3BF7C0EC48F14EC4665D13EBE336E4C64E2E85BB47DC9C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 3%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................D......X.............@..........................@........Y..........@..............................P........*..........@tX.H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....*.......*..................@..P.............@......................@..P........................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exe (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
                                          Category:dropped
                                          Size (bytes):10401096
                                          Entropy (8bit):7.998618240464617
                                          Encrypted:true
                                          SSDEEP:196608:vRNrWHMtY92ttQSlNcVCMw/WeTX1Ov2VuB9Y8QXWVFT6We1y0fwYcH80d:vRtWHzWVl+VCMoFTXgvMujYBsTKZfbad
                                          MD5:0ACA9C0DD652AD1340266AC775C1E7AD
                                          SHA1:ACA3DA969C0602177F676764A685D50D51ACD554
                                          SHA-256:A9B9DD6D2FBE6A298714FFC43F1BD81FEE63913AC7F47852EC37728895478342
                                          SHA-512:C928D54FF4F58CF30A21E567DA3D9F255AD6221C9CA8E539D6828E6464AFE79A51C80D7FD978C8A52799475373A29DC757118D04CB27B6A2F086B87EBCD0B873
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......->..i_.i_.i_..|.d_.i_.._..|..h_..|.q_..|.h_.Richi_.........PE..L...!.};............................^Z................................................................................................t...............H............................................................................................text............................... ..`.data...............................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-51JBA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):5800072
                                          Entropy (8bit):7.999151834758425
                                          Encrypted:true
                                          SSDEEP:98304:RzrYyZ0DgLnDpW0Ezbh7/u3/lhfOHwmtG9b0lkYASVBQV93PBHgYDqs1m7a:JZ08LDpW0ibh7IPYtzkYPVynZHpqkm2
                                          MD5:23BF66DE2827671BB16D26A077D530B7
                                          SHA1:A4B8D868387F9CB2B8F13083CF51B6F81864C1AE
                                          SHA-256:DB3298DF4F0AC4FDEA4829C1851A02C4280AFC27B9CFE572C9DA7FCB707D8467
                                          SHA-512:832033DF6FE976FBC6A7A4383443FF3C35BC436239E07CCE8900194156518DE9415B6515A5E766EF5A3BF7C0EC48F14EC4665D13EBE336E4C64E2E85BB47DC9C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 3%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................D......X.............@..........................@........Y..........@..............................P........*..........@tX.H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....*.......*..................@..P.............@......................@..P........................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-542QV.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):10891512
                                          Entropy (8bit):7.99974211090642
                                          Encrypted:true
                                          SSDEEP:196608:45v6PAVup5LKkL83kc/s8FNh7C1HuBVhsG4ozx73AnOmwUs5oASDPYCGLhW+pe9O:41OAVONTI3F/P37ua7syALwv5oASbGLz
                                          MD5:6BBE1BF139BCF381272F8021483DF632
                                          SHA1:2BF042978B1C599A95736D627AC2C048251237B7
                                          SHA-256:C3178E0812770AC3C3C66B179BCC4EBA8EBE08504C185BE4B6B181F5A1417E7B
                                          SHA-512:217A6C2F80EE29F861F864A36E0C357251EC00D76AF2814B24FC9B022B28C0B57358E667C684B38EFDF7546F9C18962C3CD69DDB386043C4D876CE7777A40D6C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 4%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................D......X.............@..........................@.......A...........@..............................P........*...........$..H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....*.......*..................@..P.............@......................@..P........................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-5MUBN.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):1731200
                                          Entropy (8bit):7.992700214943045
                                          Encrypted:true
                                          SSDEEP:49152:p25YR09hQ/P9NCVWfZ6dGFSQIiZ7rwnBa4:8guQ3KewiZy
                                          MD5:42D366866717B02C432B3252561E8890
                                          SHA1:66F605A3D5A6C9801E4D11FBE57533CE852F9C01
                                          SHA-256:0DABC2E96274256246C8E2B25CC6DB16FF3D0DD38CDD6BCCFA02879EA1C720C3
                                          SHA-512:CDE5886985051631A1FEAAB3E1D22478468E7DB720ED67133CE5570674CD00EE229C6BF4A7DD31CA92FC7998B255C346CDBC9A72849D81BBCD22012B9420E629
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 2%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................D......X.............@..........................@...................@..............................P........*..........8^..H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....*.......*..................@..P.............@......................@..P........................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-93RD9.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):759257
                                          Entropy (8bit):5.85897980430466
                                          Encrypted:false
                                          SSDEEP:12288:2u/VC5HjAVE35lsdDeFIJ1MVE0RE/iRdlFeOo4/xIQBFq808UpXEIVAWp1+0eWQP:2u/VC5HjAVE35lsdDeF6b/iRdlFeu/xD
                                          MD5:BB4C904851BA3AAB82431DCA25F2F392
                                          SHA1:69D76BC7EDF38FF11BD725711C7BE14CC6FB7799
                                          SHA-256:B7A41DCAAB10B6624E2AE0DCFB939C862A87B30366082187F67F8B2A6403D371
                                          SHA-512:ECEAC0B3F0D0AFD390D4048FC458298D2A86227EF2D0FBD7248F72D90652CA6A08AA53ABEBE06C92AFAA3FA119919E7D993A1BE20A0E2DB68B19A3764D20DB8E
                                          Malicious:false
                                          Preview:SIB file: TsiLang binary translation data.......TAVIProfileEditorFramec.....TBluRayProfileEditorFrame.-....TFormAboutKM....TFormAnimText.`....TFormCropScale.h....TFormDriveRegion q....TFormDuration4.....TFormEnterPresetName......TFormExportAudio.....TFormMessageDlg.....TFormMultiTrim$.....TFormPiP......TFormProgress......TFormProperties*.....TFormSaveWizard......TFormSettings.N....TFormSpeed_.....TFormTitleListView.....TFormTransition......TFormTrimI.....TFormTuneDisc......TFormUnregisteredVersion......TFormVolume......TframeAdjustBrightnessn.....TframeAdjustBrightnessEx......TframeAdjustColorize......TframeAdjustContrast......TframeAdjustGamma0.....TframeAdjustGrayscaleZ ....TframeAdjustHue.'....TframeAdjustPosterize.0....TframeAdjustSaturationU8....TframeAdjustSepia.@....TframeAdjustTemperatureDL....TframeAdjustThreshold.T....TframeAudioAmplifyA]....TframeAudioBandFilter.j....TframeAudioCompressor......TframeAudioDelayr.....TframeAudioEqualizer......TframeAudioFade......TframeAudi

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-C1C5R.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):16406088
                                          Entropy (8bit):5.881318712888396
                                          Encrypted:false
                                          SSDEEP:196608:yfMriPUFT7cnmmCJMeamezun/qeWpetTF6PaxglxrKujbfJU7X7hy06L/Khoz:y9OXcnpmmeZtoPaxIxrKujbfJSX7hy/f
                                          MD5:1690EAB34A8B1303B8B6162BE5781E87
                                          SHA1:1710FBFB614C611119EC52C749B21F915EDE44F3
                                          SHA-256:8A4912A7923B39A2EF512BD314F1F1DBF035E0732B3F5269E00976F6F9A7646E
                                          SHA-512:2DF8627ACBE69DA268DC880CC478D2680E7685D079F7B8FC8C00A7DF91DAA6FDD2B4E19D45B75FA1A4219DEC1E9E48AD97F5E42072ED8E8CA315091EF63EBF53
                                          Malicious:false
                                          Yara Hits:
                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-C1C5R.tmp, Author: Joe Security
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 2%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L.....DJ.................p].........t&........]...@..........................p.......Z........... ....................|..>...0|..I........m..........J..H.................................... |......................................................text....p]......h]................. ..`.data.........]......n].............@....tls..........|.......{.............@....rdata....... |.......{.............@..P.idata...P...0|..J....{.............@..@.edata...@....|..@...b{.............@..@

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-EGKJ0.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 252968 bytes, 1 file, at 0x2c +A "FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8", ID 4303, number 1, 20 datablocks, 0x1503 compression
                                          Category:dropped
                                          Size (bytes):252968
                                          Entropy (8bit):7.99823087561724
                                          Encrypted:true
                                          SSDEEP:6144:jZZNW4mlCRYT6pbIuwDU7+Q3JgE/sJYQu0xf0Gg/uvw3Ls:jjNQrThU7le3YafI/uMLs
                                          MD5:AA85AA3738ACFE30E197D9DFD5C3428D
                                          SHA1:7F3EE53BD967265AFE32B31D75B4F6C47363654A
                                          SHA-256:AF3560EF0C55C7E4EFF2170C63E7860498B5830E405A3841F96C91601E62E108
                                          SHA-512:E1BF248D6425F6BA91BF0A1F3D364321B09477AF9BE2F31F8BF6D92DEFBADDFBAB8F3E6284262742378F1F87D60D06EEE3B98FB081E60F9FB6F19C1797489861
                                          Malicious:false
                                          Preview:MSCF....(.......,...................z..................5.. .FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8.y....#..[.... .....P..%1.P...OIW.7F[...KA...<U.I).RmHf..f..`...p.M.n]0a&n... .3.43wg...`...1....^.p.&...y.2.TW.|ar*.?w..vy....x.,...+/.2...K...+[.......B.....B....NX....... ...........A.'.o{...xa........s..3.....?......3....@.....f`X...:..&..\...G...cCOjihbg]i....3..3...P[....V.M...%.D.."..*%u.F5.........y..R#...s.O.l.+...3...|...R.q..(.E.3..................4..c*)...{%.K....*..o.....y..s....FB._3.h..).;_.c.?.K....F..nh..G......4.>.@/.E.......J..2a.E....G..nI.?.A_`Qk]v]j......g..K Q.ji_ih.`_4.R.JIJX+.?:.....3m.I.TI.........&..t.O.....N...BP...1...H..&.IP...........2...0!t.@...Zk....+.mb.*....x..Q....G.L|.p.../......g..8$.#./..T.A,.sb.(.....DT....%..@....WPi.....g....gt.~ .@............g.N.X...b..t.!-.we(JCx.?.....W&....".4n.. yDn....e...J.#.w.&d ......CL..`.&.b+..... ....;..i...WW.T.....J...T..ve....%.....j.....N.a.......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-LSV7U.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):695738
                                          Entropy (8bit):6.478431054801424
                                          Encrypted:false
                                          SSDEEP:12288:T/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxyE:rvksLWtkrPi37NzHDA6Yg5dsfoTzsxyE
                                          MD5:DBF424743CE5D908B9877B91F88D304C
                                          SHA1:24D44B675909050B1EB2D0FB8707223F7AED63B7
                                          SHA-256:37647C42D7F97BBE29A2C2CA6FEA9DE440D5A62BC30E02DF8EAEED77463E1300
                                          SHA-512:80207F15FEF940CBA1BB8C91A2B2E65AFDC1C097ED81A813C682DE588E7EA0AB2C14CBC23456C24640A7CD084E205AD9880071EAAD84EAA8CE98554881638129
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-N0OCN.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Create Time/Date: Mon Jun 21 09:00:00 1999, Number of Pages: 200, Code page: 1252, Title: Installation Database, Subject: Microsoft Visual C++ 2005 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Visual C++ 2005 Redistributable RTL x86 enu; Copyright (C) Microsoft Corporation, All rights reserved., Template: Intel;0, Revision Number: {675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}, Name of Creating Application: Visual Studio Setup Build user (BuildMod.DLL), Security: 2, Last Saved Time/Date: Fri Dec 1 22:24:46 2006, Number of Words: 2
                                          Category:dropped
                                          Size (bytes):2818048
                                          Entropy (8bit):7.6656649403020625
                                          Encrypted:false
                                          SSDEEP:49152:88iG59xjcLHWNTpMYeJscoTpqlLrditJ35bForUCfSwcJoJB/I4GzJCKG:N9tSA8418LZ6hyf8qz/IjJO
                                          MD5:DC1AB7CE3B89FC7CAC369D8B246CDAFE
                                          SHA1:C9A2D5A312F770189C4B65CB500905E4773C14AD
                                          SHA-256:DDE77DD3473D3D07C459F17CD267F96F19264F976F2FCC85B4BBBECF26487560
                                          SHA-512:E554B8B36A7A853D4E6EFB4E6FAF2D784F41E8D26EDAFBB1689A944BF0A7A4B58258D820A3FADA1496B8C8D295D8771FC713B29127D54A3FBC317659B7565CBE
                                          Malicious:false
                                          Preview:......................>...................)...............8...................y...z...........J.......q...r...s...t...u...v...w...x...y...z...{...|...}...~...........................................F...G...H...I...J...K...L...M...u...............................................................................................................................................................................................................................................................................................R................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......6...0...1...2...3...4...5...X...7...?...e...:...;...<...=...>.../...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...S...`...T...U...V...W...Y...]...Z...[...\...^..._...a...f...i...b...c...d...g...&...h...j...l...n...k...m...o...p...r...q...t...s...u.......v.......w...x...........

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-NDDCH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
                                          Category:dropped
                                          Size (bytes):10401096
                                          Entropy (8bit):7.998618240464617
                                          Encrypted:true
                                          SSDEEP:196608:vRNrWHMtY92ttQSlNcVCMw/WeTX1Ov2VuB9Y8QXWVFT6We1y0fwYcH80d:vRtWHzWVl+VCMoFTXgvMujYBsTKZfbad
                                          MD5:0ACA9C0DD652AD1340266AC775C1E7AD
                                          SHA1:ACA3DA969C0602177F676764A685D50D51ACD554
                                          SHA-256:A9B9DD6D2FBE6A298714FFC43F1BD81FEE63913AC7F47852EC37728895478342
                                          SHA-512:C928D54FF4F58CF30A21E567DA3D9F255AD6221C9CA8E539D6828E6464AFE79A51C80D7FD978C8A52799475373A29DC757118D04CB27B6A2F086B87EBCD0B873
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......->..i_.i_.i_..|.d_.i_.._..|..h_..|.q_..|.h_.Richi_.........PE..L...!.};............................^Z................................................................................................t...............H............................................................................................text............................... ..`.data...............................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-SR6KI.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):1517672
                                          Entropy (8bit):7.990678497173329
                                          Encrypted:true
                                          SSDEEP:24576:t2U8aERn5ltB8nk2woXyoO1KRQ6fE9hwlvH+Bm/cUq3AXTib894ay8nMTfMNw4rl:t2eER5rqk2woXyQZ89hw/9q3AMKzy8n5
                                          MD5:E74F0209BEF9B4084130E65247C83D0C
                                          SHA1:2CD5A2DCF721AEC0CE700C2B03D55D398EF3AD40
                                          SHA-256:B7C14D86D4F5C92AC7BB633E2D9D189FF3E9DAE1E3254242698E970FDFA418C1
                                          SHA-512:4BB9115960FCA748C85B1BE46B83D39048AB35E16A33BAA302468DE45847D1C33599A97A84945A946E07B40CEC79483523E0AE236D7E9E9E67DC0148AF0A4FAB
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 2%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................D......X.............@..........................@......~............@..............................P........*.......... ...H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....*.......*..................@..P.............@......................@..P........................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\is-ST2KB.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):2330720
                                          Entropy (8bit):7.995614987584974
                                          Encrypted:true
                                          SSDEEP:49152:a2N73LWXQf/YXxbtj2yBY8AhRNqcEEokk3EwK78raR:75pf/YhbtjLY5dRr23EwK78a
                                          MD5:B4DA6115764A739D61FD1AF4A4B017B4
                                          SHA1:8808C301610B198D8C1235ABF17D3ADD7B2FA51A
                                          SHA-256:A7BD1106F48C5885DFF8E6C4C576A43492D0236C988A638F915306311B31D3D6
                                          SHA-512:B036A371B69FE9D977AE17337DFC86D1EA21CE8DB746E5E53A9B0779C905520D0E0F167F847BE411DC58DC871E07D2A70F7FC4413A629B6810BFE353D57CA892
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 2%
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................D......X.............@..........................@........#..........@..............................P........*............#.H...........................................................................................CODE....t........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....*.......*..................@..P.............@......................@..P........................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\unins000.dat

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:InnoSetup Log AVS Video Editor 4, version 0x30, 64970 bytes, 035347\user, "C:\Program Files (x86)\AVS4YOU\AVSVideoEditor"
                                          Category:dropped
                                          Size (bytes):64970
                                          Entropy (8bit):5.369632013318639
                                          Encrypted:false
                                          SSDEEP:768:TGgM6gJ23biJ4b3TcfVY9djAsLH269fhufpVkdi1Ipzf7D1LlhuB9XYfNoY6X+9n:Kn22VSpoLC
                                          MD5:3087C75394CFF3AAB16DC81087A9EE6E
                                          SHA1:297C4E7377879D50C2FFDCC09138E474E3E426D0
                                          SHA-256:FDC831C0E8AB66991001A92AB671F3D30B84054C7BD229254D667508657B44BB
                                          SHA-512:BBE536E3ACBA163F44209CCEBD5BE2F37D0A696AE4B5A3406C0A0EF9A49AB76246420B89C4893EBFCC2EE7C8A9DCF8C1D274847DC4035512384A1ECC75585937
                                          Malicious:false
                                          Preview:Inno Setup Uninstall Log (b)....................................AVS Video Editor 4..............................................................................................................AVS Video Editor 4..............................................................................................................0...........%.................................................................................................................g........A.........P....035347.user-C:\Program Files (x86)\AVS4YOU\AVSVideoEditor...........'.(.... ......F....BIFPS........F....................................................................................................BOOLEAN..............TFILESTREAM....TFILESTREAM................................................................!MAIN....-1.....Q.......GETREGNOWBUYURL....8 @8..CHANGEFILEEXT.........EXTRACTFILENAME........EXPANDCONSTANT........POS.........COPY..........LENGTH...................READINSTALLINFO....16 !10 !8 !8 !8 !8......cla

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\unins000.exe (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):695738
                                          Entropy (8bit):6.478431054801424
                                          Encrypted:false
                                          SSDEEP:12288:T/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxyE:rvksLWtkrPi37NzHDA6Yg5dsfoTzsxyE
                                          MD5:DBF424743CE5D908B9877B91F88D304C
                                          SHA1:24D44B675909050B1EB2D0FB8707223F7AED63B7
                                          SHA-256:37647C42D7F97BBE29A2C2CA6FEA9DE440D5A62BC30E02DF8EAEED77463E1300
                                          SHA-512:80207F15FEF940CBA1BB8C91A2B2E65AFDC1C097ED81A813C682DE588E7EA0AB2C14CBC23456C24640A7CD084E205AD9880071EAAD84EAA8CE98554881638129
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\vcredis1.cab (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 252968 bytes, 1 file, at 0x2c +A "FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8", ID 4303, number 1, 20 datablocks, 0x1503 compression
                                          Category:dropped
                                          Size (bytes):252968
                                          Entropy (8bit):7.99823087561724
                                          Encrypted:true
                                          SSDEEP:6144:jZZNW4mlCRYT6pbIuwDU7+Q3JgE/sJYQu0xf0Gg/uvw3Ls:jjNQrThU7le3YafI/uMLs
                                          MD5:AA85AA3738ACFE30E197D9DFD5C3428D
                                          SHA1:7F3EE53BD967265AFE32B31D75B4F6C47363654A
                                          SHA-256:AF3560EF0C55C7E4EFF2170C63E7860498B5830E405A3841F96C91601E62E108
                                          SHA-512:E1BF248D6425F6BA91BF0A1F3D364321B09477AF9BE2F31F8BF6D92DEFBADDFBAB8F3E6284262742378F1F87D60D06EEE3B98FB081E60F9FB6F19C1797489861
                                          Malicious:false
                                          Preview:MSCF....(.......,...................z..................5.. .FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8.y....#..[.... .....P..%1.P...OIW.7F[...KA...<U.I).RmHf..f..`...p.M.n]0a&n... .3.43wg...`...1....^.p.&...y.2.TW.|ar*.?w..vy....x.,...+/.2...K...+[.......B.....B....NX....... ...........A.'.o{...xa........s..3.....?......3....@.....f`X...:..&..\...G...cCOjihbg]i....3..3...P[....V.M...%.D.."..*%u.F5.........y..R#...s.O.l.+...3...|...R.q..(.E.3..................4..c*)...{%.K....*..o.....y..s....FB._3.h..).;_.c.?.K....F..nh..G......4.>.@/.E.......J..2a.E....G..nI.?.A_`Qk]v]j......g..K Q.ji_ih.`_4.R.JIJX+.?:.....3m.I.TI.........&..t.O.....N...BP...1...H..&.IP...........2...0!t.@...Zk....+.mb.*....x..Q....G.L|.p.../......g..8$.#./..T.A,.sb.(.....DT....%..@....WPi.....g....gt.~ .@............g.N.X...b..t.!-.we(JCx.?.....W&....".4n.. yDn....e...J.#.w.&d ......CL..`.&.b+..... ....;..i...WW.T.....J...T..ve....%.....j.....N.a.......

                                          C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\vcredist.msi (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Create Time/Date: Mon Jun 21 09:00:00 1999, Number of Pages: 200, Code page: 1252, Title: Installation Database, Subject: Microsoft Visual C++ 2005 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Visual C++ 2005 Redistributable RTL x86 enu; Copyright (C) Microsoft Corporation, All rights reserved., Template: Intel;0, Revision Number: {675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}, Name of Creating Application: Visual Studio Setup Build user (BuildMod.DLL), Security: 2, Last Saved Time/Date: Fri Dec 1 22:24:46 2006, Number of Words: 2
                                          Category:dropped
                                          Size (bytes):2818048
                                          Entropy (8bit):7.6656649403020625
                                          Encrypted:false
                                          SSDEEP:49152:88iG59xjcLHWNTpMYeJscoTpqlLrditJ35bForUCfSwcJoJB/I4GzJCKG:N9tSA8418LZ6hyf8qz/IjJO
                                          MD5:DC1AB7CE3B89FC7CAC369D8B246CDAFE
                                          SHA1:C9A2D5A312F770189C4B65CB500905E4773C14AD
                                          SHA-256:DDE77DD3473D3D07C459F17CD267F96F19264F976F2FCC85B4BBBECF26487560
                                          SHA-512:E554B8B36A7A853D4E6EFB4E6FAF2D784F41E8D26EDAFBB1689A944BF0A7A4B58258D820A3FADA1496B8C8D295D8771FC713B29127D54A3FBC317659B7565CBE
                                          Malicious:false
                                          Preview:......................>...................)...............8...................y...z...........J.......q...r...s...t...u...v...w...x...y...z...{...|...}...~...........................................F...G...H...I...J...K...L...M...u...............................................................................................................................................................................................................................................................................................R................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......6...0...1...2...3...4...5...X...7...?...e...:...;...<...=...>.../...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...S...`...T...U...V...W...Y...]...Z...[...\...^..._...a...f...i...b...c...d...g...&...h...j...l...n...k...m...o...p...r...q...t...s...u.......v.......w...x...........

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAVIFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):212040
                                          Entropy (8bit):6.209461452864349
                                          Encrypted:false
                                          SSDEEP:6144:FI+Bq9fSGpb51oEWaSDylGmCzgOAmRHya:FIvNBxlGmEb
                                          MD5:9EB0BC173925AF6F9DC90CCAF35E5740
                                          SHA1:075CE48C59C261026EA9DB60364377A32D8EB831
                                          SHA-256:9F2223D643C2E40CB37EE1407D2B342768883C8AFFF2581C95CAA4534B347533
                                          SHA-512:C1FE11995AFE00A9C88315D4F986DDE9891B3C6F02CAC9340F1189EF8FD58D83A97CB39EC441C47B546FE18633EA13AB4C7799635C399B0F6FCC329D1038ACAB
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........06..^e..^e..^e." e..^e. #e..^e. 3e..^e.._ez.^e. %e..^ek.Le..^e. 0e..^e. $e..^e. "e..^e. &e..^eRich..^e........................PE..L...80&J...........!..... ...................0...............................0......z...................................................8"...........0..H........!...4.......................V.......................0...............................text...e........ .................. ..`.rdata..Jh...0...p...0..............@..@.data............ ..................@....tls....i...........................@....rsrc...8".......0..................@..@.reloc..\,.......0..................@..B................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAsyncBuffer.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):195656
                                          Entropy (8bit):6.199832033353761
                                          Encrypted:false
                                          SSDEEP:3072:RG+vRiV85bIypRbtjZfWXHK9FDjquxa57OlVb8CVP+VsTg:BvkVYjFVDjqqa7OlVMSg
                                          MD5:09CE0913BABA8373B334A0520749D2D9
                                          SHA1:DBB8CC3BA9B82DC9CE73B16A4E3A7A42E9BC974C
                                          SHA-256:E7EDFD1F5D7A3F19B41B2277483D0C25E58583197CB4AE64361D9C78D943BE2F
                                          SHA-512:01F41D74FBC439233C06E347C3C2098F82A3E4BB44A869960E9AF5525B238A21CD97EA45D852060119686535BA9A0FE15C1942A0CB536F62FA375448665F1820
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0.qt.."t.."t.."SC."v..".A."u.."SC."y.."SC."r.."..."v.."..."y.."t..".."SC."f.."SC."u.."SC."u.."SC."u.."Richt.."........................PE..L...[..I...........!.................................................................J..............................`M.......@..........x0..............H........#......................................@...............|............................text............................... ..`.rdata...n.......p..................@..@.data...h&...P...0...P..............@....rsrc...x0.......@..................@..@.reloc..f,.......0..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioCompress4.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):2882632
                                          Entropy (8bit):5.411901232857623
                                          Encrypted:false
                                          SSDEEP:49152:gUwfdH5HD57sWb7gXvY0sNbbWF7bzbosX0kocYEG6Qqo1MF:HOH59pbyvt/X0xctG2oy
                                          MD5:2A0BB9CD24A023A9A929D1475245F824
                                          SHA1:29E90EEF88F4D42DF495CCE941D6306C92281FD0
                                          SHA-256:312256FAADA0D90F9100B6C3F023854F388DE0D0EF30758D04D8B15355C1783B
                                          SHA-512:BD32AC1697DBDD980A3B5C704686C9816A8BEE424936E79B900C9AC4962F62D963ABAC4FE82895A1A32AC070629D7F4565A94C87F43DEACDC0D75C785016F7EE
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 2%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."5.fT..fT..fT..A...dT.....eT..A...jT..K...T..[..eT..fT..lT..A...hT..r..pT..[..kT..fT..T..A...XT..A...BT..A...gT..A...gT..A...gT..RichfT..........PE..L....9.J...........!.....@.........../.......P........................................,............................. ~.......o.......P,..u............+.H.....-.....0S...............................................P...............................text....9.......@.................. ..`.rdata.......P...0...P..............@..@.data...X........@..................@....rsrc....u...P,.......).............@..@.reloc.......-......@+.............@..B................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioDxPlayer4.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):146504
                                          Entropy (8bit):5.919250141608352
                                          Encrypted:false
                                          SSDEEP:3072:O2FTXgbD8ix0RNYsSULkiHUwSHggB0bN9H/naOgV+g9T9Ia:5NXg0m0RN+UD4ggB05VnaOgVAa
                                          MD5:8ABA5CD4A856D40F198458B5DF46098C
                                          SHA1:78EE13811A0433E162A3B2F1211537B36ECAFDFF
                                          SHA-256:8AD88BD82DE0CDF003C95B0DD04C5839603C198161E80562460898ABF7A84312
                                          SHA-512:7EE0D091218F8886C008A9314B1760CD86CE23AD410135DE5C44C5C7AD50EBB7EC8CC67AC5201607CF22128824D97330578F851EFDFFF06A4CFA827F2CC6CC2E
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T}....w...w...w.7.....w.......w.7.....w...(...w.......w...*...w...v...w.7.....w.7.....w.7.....w.7.....w.7.....w.Rich..w.........................PE..L......I...........!.....p...........e.......................................@......g;..............................P...................p#...........0..H.... ......................................p...@............................................text....b.......p.................. ..`.rdata...A.......P..................@..@.data...............................@....rsrc...p#.......0..................@..@.reloc....... ... ..................@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioFile4.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):392264
                                          Entropy (8bit):6.543052444054984
                                          Encrypted:false
                                          SSDEEP:6144:8YmabIyWvKRv/hIoJJJJV0asW7elSNNCcUBJzMJu5LBTB+NyjLcodNUKsM4OAAR4:8YNbITiB/qoJJJJV00zODBGcMoTUKD4
                                          MD5:BBCA1989993B2CE63867FDDE905ED870
                                          SHA1:FBD00CA96DEB7E7F2EE5B210A2CE0068AC2FFFD1
                                          SHA-256:36FA78DAEC4B89308880F8BF25E4E6168C9C06BC9BC49F28DD13A9F4CF48C669
                                          SHA-512:98D40163EFE630BE1CD868C953647B6770AADF268D376EECF96E2645F80F0091CF77ACAA29FA45A0C6DE5A8E6017AFA29DD15782295497392581BB34530395CB
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......QX...9...9...9..2....9......9..2....9..2....9.......9.......9...9...9..2....9...6...9...6...9...9...9..2...49..2....9..2....9..2....9..Rich.9..................PE..L......J...........!......... ......H..............................................."=..............................PO......`?..........."..............H........(......................................................h............................text.............................. ..`.rdata..............................@..@.data...\....`... ...`..............@....rsrc....".......0..................@..@.reloc..h4.......@..................@..B........................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioOverlay.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):154696
                                          Entropy (8bit):6.112716478512044
                                          Encrypted:false
                                          SSDEEP:3072:wmho4W7e1L94PVTbh821+/lofuUFOyaOlgEpe3y7a:3ZytP4lzNOlgW17a
                                          MD5:10047E126653E10FB780848901F0BB37
                                          SHA1:E69F83FCC2340BDD5BB15FE22B52BFDDDF4B5DFE
                                          SHA-256:48FC223F8F468270C9B9B33B8338B0088782EDA2C3CB61C84096E2AD90A583B3
                                          SHA-512:E8D5A46A613E1EDEE2BE8EB93A3AF139ED9247BB52D552544ABC2FE978F4FC50D17D8DD0434AD09C711DCBB57981EB3EA6F1CB35FD04B9CCDA129288258E7FAD
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\...={..={..={......={.e....={......={......={.12$..={.12&..={..=z.a={......={......={......={......={.Rich.={.........................PE..L...aZ.J...........!.................`.......................................P..............................................<........................P..H....0......`..................................@...............,............................text...,q.......................... ..`.rdata...X.......`..................@..@.data...8........ ..................@....rsrc............ ..................@..@.reloc.......0... ...0..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioRecord4.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):97352
                                          Entropy (8bit):5.696298787460142
                                          Encrypted:false
                                          SSDEEP:1536:J8FLUa8TraMBdqAsTASAGk3Ndj3di18OgP0pepyJBqsyuw0bnEGn8:JiL/8TmM3q3i9djt7Ogqqs40bI
                                          MD5:4CE5F2D7DB57ED6D8E3BFB34A28CA690
                                          SHA1:A148D0CC3F6D16087E4A1A58C54A9052DCBDF666
                                          SHA-256:3591630B159611F779E392AB124161A2A2358D473C149A9612475A700CA190D9
                                          SHA-512:770C450FCFC431AEC85830111A828EDF205A0EA8F986799EA6383E4969179B53E857252C5511B4B760EBCF922973041D2557C060B3A26DE58E504350C39FAC43
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.{.+...+...+....)k.*....+h.#....+n./.....J.*.....H.&...+........+{.9....+x.$....+o.*....+i.*....+m.*...Rich+...................PE..L......H...........!................................................................#............................................... ...0...........p..H....`..H.......................................@...............l............................text...-........................... ..`.rdata..|4.......@..................@..@.data...............................@....rsrc....0... ...@..................@..@.reloc.......`... ...P..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransform4.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):494664
                                          Entropy (8bit):6.328330282788555
                                          Encrypted:false
                                          SSDEEP:6144:27vzZd56PQAdPpE102p9V3jPtF5CuqcbdrzJV6P5YKnlkuMpQkd9lEsV1FwXKNl1:2T1d2QKPpE10O2upuUDWsdQK
                                          MD5:F62B8808CC408490EE77EF884801BAA5
                                          SHA1:026917A248E68231845A9B7E4AA8634DF15214E6
                                          SHA-256:0250479104646280FBBE50E496CE6C522C73343856A5EDB6F5DFD857E9A5F32C
                                          SHA-512:A1FFEF46009844244F95F0D2F6371451EF51BA7978FE572AABA4666D857E348844E77D9A9EE22FFFBC9A4FA40B97A54238676F2832D3292F0331727939B37299
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........O..m!.m!.m!..._.m!.L.m!.\.m!.N*.m!..N..m!.m!.m!.Z.m!.]b~.m!.]b|.m!.m ."m!.S.m!.DN=.m!.O..m!.[.m!.].m!.Y.m!.Rich.m!.................PE..L....v.J...........!.................s..............................................)]...............................................p..h...............H........h..................................................................................text............................... ..`.rdata..A........ ..................@..@.data..............................@....data1..p....`.......P..............@....rsrc...h....p.......`..............@..@.reloc..Py..........................@..B........................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransformEx4.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):322632
                                          Entropy (8bit):6.34700710615469
                                          Encrypted:false
                                          SSDEEP:6144:pyTeloOv9aYgJP42RsHpBFi8ynVSAk8oOALn70+5PgWz:pmeloOFBgJbIpfi8yVSAmgWz
                                          MD5:E8E913C5B23C79297EFD3293B2362743
                                          SHA1:7E8E9E1474F0B65D96BBE3F2358B521B25A9E417
                                          SHA-256:49177A33779219806C37014E7535B9773764E73ECADBDD7713DAAF9263BFAFE6
                                          SHA-512:CEF792C293DF50AB3557149D4DFB0BB19F55FB3D9E7B2DC362F41F9F30946E47D2BA41246EDD9903DA5FC8972DACA009A193EB357C07783492339976900A6A6D
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'..I...I...I.<Z7...I..X$...I..X4...I..X2...I..X;...I.h.....I...H...I.h.....I..X'...I..X3...I..X5...I..X1...I.Rich..I.................PE..L......J...........!.....P...................`......................................&C......................................0........P..d2..............H........>..0e..............................0...@............`...............................text...|E.......P.................. ..`.rdata..S....`.......`..............@..@.data...p-... ...0... ..............@....rsrc...d2...P...@...P..............@..@.reloc..NJ.......P..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):158792
                                          Entropy (8bit):6.104081152682231
                                          Encrypted:false
                                          SSDEEP:3072:fG+scigPcWJy7Hzzug5HIbatbZpOgnFb0TZ:Hjt2bzzQbaDpOgnFQ
                                          MD5:D513520763AC4C0EDB824FE41CEFB0E6
                                          SHA1:147F44E08C674C74241B3DF1CCD3F3B650C55E6E
                                          SHA-256:48374309DB4A8A7C35C48A6AE6AE0EC2D1B6972515D9352A926A74EB7A8747B1
                                          SHA-512:DCB4968374E89753CE3151858D31135413C76211FEACF38A4D524EFFBD70688FBB6CB8ECE301C37046CC4FC17E8CD43AF9D7C65EB618C5379AD6DE200304FD65
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.#..#..#.....#..1...#.....#.....#..e,..#..e,..#..#..>#.....#.....#.....#.....#..Rich.#..................PE..L.....(J...........!................1j.......................................p.....................................P...................|#...........`..H....@.........................................@...............H............................text...Lt.......................... ..`.rdata...^.......`..................@..@.data...t...........................@....rsrc...|#.......0..................@..@.reloc..."...@...0...0..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFiles.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):281672
                                          Entropy (8bit):5.996089457443986
                                          Encrypted:false
                                          SSDEEP:3072:4ZBHSZwdHooHhZD8xC/zKLttY8K6QS7Q22zjR0tgoEOlUMiXhvvryRbF:eHSZCHoqhgo0tgoEOlUMMW
                                          MD5:F7A1100AA2BEE8DC57D5E65EFE37B84A
                                          SHA1:A88D15948123E4A1A2D607D6389B6BA46BC943F9
                                          SHA-256:A370D0C3F4E77C3A106B6798DACE8D1C2DE836EB5F884AE2259D7E5352FC1EBC
                                          SHA-512:A7E24F76C6AC7604C79B8E2C8A14BE86224B3AF62B0AAACA0832C7299AE93A71DDBB0D259D40CB6C34B768DED323650849BFEC35CEC433ADA35D89D0C541ED9D
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.s\&...&...&.....c.'....,p.*....,`.#....,f.".....B.'.....@.+...&........,s.*....,g.'....,a.'....,e.'...Rich&...........................PE..L.....&I...........!......... ............... ...............................@......j...............................@....................o...........@..H.......$>..`"..................................@............ ..,............................text...]........................... ..`.rdata....... ....... ..............@..@.data...|w..........................@....rsrc....o.......p..................@..@.reloc...J.......P..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFinalizer.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):396360
                                          Entropy (8bit):6.499366809217953
                                          Encrypted:false
                                          SSDEEP:6144:Kt5zj5nZd1h2BlLvBYVwlw9i4b9LiSQnapOffZVsjCrlow:y5zpHv2BRxfnaYffvrlow
                                          MD5:0A89778E6F28B7B511C6BC762FE01B3C
                                          SHA1:EEE402B3D507626F3094A997D63C49AA69BE63DB
                                          SHA-256:721CBF2F5644ECBE7956A9B82431DF71DADA3751989525462A1A715B672918E9
                                          SHA-512:2EA64476AFB4F03497FA959516528B22AC496CC4D4CBE25A6C43697FFC58459C7109763ACBB1694F84FB66BE610C2DC15AF5BF46FEBC9EF23E4C2AC8EACFD5B1
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 2%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I..j(.j(.j(...k(.M.|(.M..(.M.h(..'..i(..'..g(.j(..(.M. (.M.k(.M.k(.M.k(.Richj(.........................PE..L...}./J...........!.........p......;Y....................................... ....... ...............................E......h9..........................H.......L9.................................0...@...............|............................text...`t.......................... ..`.rdata..a...........................@..@.data...`V...P...@...P..............@....rsrc............ ..................@..@.reloc...N.......P..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayMenu.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):465992
                                          Entropy (8bit):6.449820094871334
                                          Encrypted:false
                                          SSDEEP:6144:GAT6TnnaxrBPbi0VrXRWOMomRemMm08doZGNyYthQVZlm/lU2jObOlxT/nBssxXV:GmVFVT0pGm08dYtYvQVLCS36Xvca
                                          MD5:7F2EA227385E13064E91526E4CC6F79D
                                          SHA1:FBD0ED707CD2A8915CF50B60B0991FF26333C0D0
                                          SHA-256:ECD18CE42A88AE669AC91B59D722C70A3D5BF3631346CCBE17E79DE6738936A0
                                          SHA-512:F3207047ABE3A7F7410095713347BC0292A007DEE1B4CC421FB01A12C332CE4CC187275767C6253D5BCEFB819FE57C6D0AB410695B0046CDFD9A33F8B9622F84
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Z.~.Z.~.Z.~..l..[.~.}n..W.~.}n..R.~.}n..^.~..!.^.~..#.I.~.Z...T.~.}n..C.~.}n..[.~.}n..[.~.}n..[.~.RichZ.~.................PE..L.....5J...........!..... ...................0............................... ......o................................3..................."..............H.......hU..06...............................{..@............0..(............................text...,........ .................. ..`.rdata.......0.......0..............@..@.data....5...@...0...@..............@....rsrc....".......0...p..............@..@.reloc...g.......p..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCDGFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):113736
                                          Entropy (8bit):5.9191260507701315
                                          Encrypted:false
                                          SSDEEP:1536:mzsuP3k0395g191mBe4H81TKKPg0Oq61BwvXRIhClOVOA+PiqolSRQuQ87ny:mzs8zI1k38AKPg0OiFQOADJ4lQ8+
                                          MD5:3D4EDE15BBA5C3220F5F5A1EC9B70668
                                          SHA1:A8B46738BAA587EBBF57FED171EEB678073969DF
                                          SHA-256:D0ED6FF0EE0373C1EF8C0982DFDC387718E67D1FC985C2CC7E2777F6096B4411
                                          SHA-512:2C1BC456713E5DCD3E9EDF8E279CFD64A6803BD08CA1ED72E65F5E5D4BD57EAA64F5D58A3E88AFA7655EBCF3CA28C7F45B9C35189A5491AC85DD36FB400EA649
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L............/.........../...../........................./...../...../...../.....Rich...................PE..L.../..I...........!................................................................p...............................PC......(7.......p...!..............H...............................................@...............T............................text...]........................... ..`.rdata...D.......P..................@..@.data........P.......P..............@....rsrc....!...p...0...`..............@..@.reloc..4........ ..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCommercialDetection.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):527432
                                          Entropy (8bit):6.393879254568806
                                          Encrypted:false
                                          SSDEEP:6144:BBwpnFULRFBjgXOrAvZSvKTzBgXOrAvZSvKTz9ghCnNrk04IwOAWsmDDQ:ApnKBESKiSK6hQNDQ
                                          MD5:6061FFCEDDEFD236EE295B8741361DAA
                                          SHA1:98225CC6BA664C020AEB186004C82055509B0467
                                          SHA-256:69EC91C72E11CAE8B2015D9E34D349A879CEF043A2F0CB637FD55ECCB1F85E18
                                          SHA-512:ED074DD6A03E1A28BDF4ED08FE3B8B1048FD2D3B2AB48F2AB44A395C05B3BDB33DAF028E9FD23DAF23846D9AD5AB524ADC6B3CBB52811CA24C272C9E41005238
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{...................................................................9.......8..................................Rich............................PE..L...H..H...........!.........`.......................................................h......................................@........P...\..............H........9......................................................<............................text............................... ..`.rdata...I.......P..................@..@.data...@G.......P..................@....data1.......@.......@..............@....rsrc....\...P...`...P..............@..@.reloc...A.......P..................@..B........................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCDFS.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):343112
                                          Entropy (8bit):6.115645733588845
                                          Encrypted:false
                                          SSDEEP:6144:vqrBdNpruDJbTxebsIWqg6rtMuEoDH+ueQgiOW7Z8rZ5:vYpruebaqg6r9EoDH+ueQl8rZ5
                                          MD5:DB042E82F623FCBB2B649C1E663B68FD
                                          SHA1:341F1CCA98DE3A10DF8567C4A4658E8D3568880C
                                          SHA-256:DDBDC395516A95BAB43DEA36B13EB36395CDA4FD63A024AE1C6AEFCAAA904CDE
                                          SHA-512:D609B355AD8E85F3CD7C6423F48545943199B2033822988CBFBD8E6470444BAE21D2FEFFDEE37066F11739E097EE4602CD6B144D6A4FF3F5B7AB7C9FECF3271A
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.5...[P..[P..[P)G P..[P.E%P..[P)G&P..[P..P..[P..P..[P..ZP..[P)G5P..[P)G6P..[P)G!P..[P)G'P..[P)G#P..[PRich..[P........PE..L....0J...........!.....P..........R0.......`...............................0.......T......................................0............3...........0..H........ ..@c..............................xy..@............`...............................text....C.......P.................. ..`.rdata..hI...`...P...`..............@..@.data...P...........................@....rsrc....3.......@..................@..@.reloc..~&.......0..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCaptureAVInput.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):187464
                                          Entropy (8bit):6.289435799803551
                                          Encrypted:false
                                          SSDEEP:3072:ZREdoi8ZsCiC0YixRok9pAfrXDkob4rzT6gcKix8j5iOAb566qi9bBhzWT:HEdoi8ZsCMR/MDko0PHixAiOAb566qGq
                                          MD5:97AFD0DBE9E603CE131058889D90F970
                                          SHA1:74EDC86E2C690E59148FFEBE7303AF40AF3DDF93
                                          SHA-256:EF2951EF046AF18B829F5404A9437D99D258B4A37FE83A1F0809A4E801FB8FB0
                                          SHA-512:952A9E250E86689DE644C850C0B108CE6A14C89DB95D1FA708D0954C743F1B329AC91CAEC6D73DDBB478993045CA3B9F55F064CE35D5FD315B108B01EEB685F8
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+...J..J..J......J.<....J......J......J.hE...J.hE...J..J..J.qi..J.Qn..J......J......J......J......J.Rich.J.................PE..L....I...........!.........0......f..............................................................................@3.......%.......`...2..............H.......H....................................................................................text............................... ..`.rdata..............................@..@.data...T....@... ...@..............@....rsrc....2...`...@...`..............@..@.reloc...#.......0..................@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCaptureDV.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):146504
                                          Entropy (8bit):6.261060199709105
                                          Encrypted:false
                                          SSDEEP:3072:5WUl3HW6oeYlpy9DJx4Tq9ZSQPsl9x05KOAHs6fm+3Er:13W6ojZTq2hvx05KOAHsUm7
                                          MD5:3B2D96CDDD12BF7895CFDA3E564016D6
                                          SHA1:2A117D947C71628B4B2228E5BF647966C4E2AB3B
                                          SHA-256:E69CB426D0F29363FEF5909B2D31C00E9D68E57337E151C65CB64FCAD7F3DA7A
                                          SHA-512:08F789CED0470A6B7E3AC5156325531B958295292712AD37592FBF32C778C48291ADBA0DEB73B79C09E08125EA6AB1DC5DF574E2DBC51A69DBBDE3DCC807F4D9
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*...n...n...n...I..l....}.o...I..a...I..i.......j.......c...n..........o...I..z...I..o...I..o...I..o...Richn...........................PE..L.....I...........!.....0...........#.......@...............................0......#-...................................... ............/...........0..H.......<.......................................@............@...............................text...Y'.......0.................. ..`.rdata..O~...@.......@..............@..@.data............ ..................@....rsrc..../.......0..................@..@.reloc..b........ ..................@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreCaptureWeb.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):154696
                                          Entropy (8bit):6.234960449661035
                                          Encrypted:false
                                          SSDEEP:3072:Kj7NrwpOh3PahAF6I+TakXdAAG2iv+dbjBp3FOA2BYgEWkWcD:opwpOh3PaqFmTakWjGdHX3FOAqxDe
                                          MD5:F4E2A9E180C0B742BD38C244AF581AAE
                                          SHA1:F34D107FD2FD516E2EEA4024D76AD887B096F0F0
                                          SHA-256:AEFABF78D1B9FEB4680F37A097F03EB777C60F999387F6DCB2EB3A85B50265D2
                                          SHA-512:6CD424EA995F8603AFD2D00E810BB4F8FE1D23EE9F49C1DA3BE0009C784213E9845B84D6C4E95F2D067781FFE1EFB7DB6DE11CE0A89D00E4E280AD0A4C2B83B3
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*...n...n...n...I..l....}.o...I..a...I..i.......j.......c...n..........o...I..z...I..o...I..o...I..o...Richn...........................PE..L.....I...........!.....@..........$6.......P...............................P......[n......................................H........................P..H....0.........................................@............P...............................text....:.......@.................. ..`.rdata.......P.......P..............@..@.data...T........ ..................@....rsrc............0..................@..@.reloc.......0... ...0..............@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSCoreDW.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):232520
                                          Entropy (8bit):5.223912761169328
                                          Encrypted:false
                                          SSDEEP:6144:eJ1Y6pQBA8rkU4mlAF+cLBmYYztxU23OlHoo:KpQSpGtxUL
                                          MD5:B23351F139410D7F55A253A2E9970D05
                                          SHA1:9DF6E56781B245A95C381A4FB808F0690BA96413
                                          SHA-256:E329CFBE13960962FBA7A1371284992D3ED6FE8D584BB807922BFD66FCD8E616
                                          SHA-512:83472C6759E6FA46EA7AC5B5FAC586004BCCCC6B7CC396F51D6C40BD7461747FCB564113B97653D71822E1C3B61BBDC5CCEC6629020531DA3DE6BCE7002E650D
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P...1...1...1.......1..~....1.......1..*>...1..*>...1...1..Y1.......1.......1.......1.......1.......1..Rich.1..........................PE..L...L.9J...........!............................................................................................... 5......X(....... ...;..............H....`..........................................@............................................text...-........................... ..`.rdata...e.......p..................@..@.data........@.......@..............@....rsrc....;... ...@... ..............@..@.reloc..8....`... ...`..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDPGFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):117832
                                          Entropy (8bit):5.90681620527559
                                          Encrypted:false
                                          SSDEEP:3072:aDTruzzHuFd4ObgCSkrpG8eOAsY+hgrUxDrQ:42Pq4ObpJpG8eOA5+SrUB0
                                          MD5:2C54599D9B8BA48A66E0292CDB550C9D
                                          SHA1:5F33CFA18E34FF1F21A86F41B1E57CBC0635624D
                                          SHA-256:5E4EDDBAC2C937154FCFBE3D08E2F29013FFF710013CC8FECFA5763FEF51DF25
                                          SHA-512:874DDCB0F7750F0AD2223BF36B926A4320D61F91B656B0C4D4F4202C313FE8B39A7ADADDFB6EA78469DC3D4636863E1B05233E84784357FD9B23D98E846219FE
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&..b..b..b...*..c..E(..l..E(..d..E(..f.....a.....o..b.....E(..p..E(..c..E(..c..E(..c..Richb..................PE..L...w..J...........!................z...............................................E...............................PC.......7.......p..."..............H...............................................@...............\............................text...-........................... ..`.rdata...D.......P..................@..@.data........P... ...P..............@....rsrc...."...p...0...p..............@..@.reloc..,........ ..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDAnalyzer.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):117832
                                          Entropy (8bit):5.961531174262682
                                          Encrypted:false
                                          SSDEEP:1536:6GJG65dti5r/ri4drO1/nVS/QVvyc2CZW7O4covj33dPgldneh8OAq37Vn/nd:6GJG6Nw/rtMfnBzLovjnClIyOAqrVnF
                                          MD5:D007C0A295E7FA9440D47034352F4BAC
                                          SHA1:DC3FCE7C9DB0A2F0FEA067F56A6AA230994CFB5E
                                          SHA-256:3142EBC888069A03CC97264F574AFC4BB894A6B36089D7E3C841B9CA5D3A8CB4
                                          SHA-512:A080D822ACAA4BEFED2DDED6F3286E4F22D380E9E82393DC8421D05DD7A837C925E8954195B499A47561FDF8CCCE74D08C11C5FD58A9B9BB457843303AA55ED3
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[.G.5.G.5.G.5.`.N.E.5...K.F.5.`.X.J.5.`.H.B.5...j.E.5...h.J.5.G.4...5.`.[.W.5.`.O.F.5.`.I.F.5.`.M.F.5.RichG.5.........................PE..L...oHoI...........!..... ...................0.......................................W...............................d.......X..........T...............H............2...............................=..@............0..L............................text............ .................. ..`.rdata...5...0...@...0..............@..@.data... ....p.......p..............@....rsrc...T........ ..................@..@.reloc..8........ ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDDiskExt.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):117832
                                          Entropy (8bit):6.16714303771357
                                          Encrypted:false
                                          SSDEEP:3072:fjhTr4bVEO/XAiiHpf3/ldOycPOmbf0OAdKc:1Tr3f39otf0OAdN
                                          MD5:D838C4B467E2389B714DD57DCFE538E7
                                          SHA1:DC9F32EE0BCB8C18EE34048282FBA7C3CDF0A60F
                                          SHA-256:69829604C4290112074C91B25A61DDE2D9EB82525764105E4F37532389D99499
                                          SHA-512:DEC1D6DF86C9D5422801292169F905BD0361CDD0F195372684BFF3F38074BF9A70B1E8BA8FB2F6E0078F4F947DD918CA2EDF6824BD55C6A92915DBD03109B834
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`..\..,\..,\..,{.,^..,..,]..,{.,Q..,{.,Y..,...,_..,...,Q..,\..,...,{.,O..,{.,]..,{.,]..,{.,]..,Rich\..,........................PE..L......F...........!.................................................................3..............................0;......@0..........................H...........P...............................@...@............... ............................text............................... ..`.rdata...;.......@..................@..@.data....7...@...@...@..............@....rsrc............ ..................@..@.reloc..B........ ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):212040
                                          Entropy (8bit):6.20926282499684
                                          Encrypted:false
                                          SSDEEP:3072:AeJH2+Zn9HjQgJBsiOjTXnhHXCdghICwtboDsOg84qBwgJu:AY2+bDQgJbSTXnh8/ZasOg84DZ
                                          MD5:F8DE593AF77BE4BC43E5722DBF976F16
                                          SHA1:0584F20B69FCBC2CD4E81B476F2C7063C7568DA2
                                          SHA-256:05EC84921DBFE9B13382D92B70141EE668D0742276DA75DB7A729C4DA21BBF56
                                          SHA-512:07DCD78B9462047D57916BBABEC0828E2917F425BDFED6D1111C38D26045D8A325A91BF60F83E7E78840AB4368B8E4A6B2AFDDAF67F601A10E919F3C8C6E86C5
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R..$...w...w...w1M.w...w.O.w...w1M.w...w1M.w...w..w...w..w...w...w...w1M.w...w1M.w...w1M.w...w1M.w...wRich...w........................PE..L......I...........!.....0...................@...............................0.......[.............................. ....................&...........0..H........!.. C...............................f..@............@...............................text....%.......0.................. ..`.rdata...j...@...p...@..............@..@.data...4........ ..................@....rsrc....&.......0..................@..@.reloc...).......0..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDSubpicture.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):89160
                                          Entropy (8bit):5.8731158387881
                                          Encrypted:false
                                          SSDEEP:1536:lcSlol2ypXVtKSuDBJAwWZKBUtmhyZnIQ4uvi7SftOlFkye7nn:lcSlol2ypFthuT9ynIQ4uaWFOlFkDb
                                          MD5:CF86F72F8171214DBACAE12E557AF8D5
                                          SHA1:83DFC457ABDDE2D56C543A517A5715AF7A4C792C
                                          SHA-256:EC34C173B235FAB71EBDC96C33E70641CC072D943D967C39743FD252F45C5170
                                          SHA-512:48D7155519374D6EC9BA57521F86B21B804482D990FB79B7A62DDB0C3832472F3111D5D4003BE34711B607945A058AA88955FE810F2BF379F991B637F0CE10FD
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M................................................................................Rich...................PE..L..."..E...........!.........................................................`.......+............................................... ..L............P..H....@..P...0...................................@............................................text.............................. ..`.rdata...........0..................@..@.data...D...........................@....rsrc...L.... ... ..................@..@.reloc.......@... ...0..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDSubpictureManager.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):166984
                                          Entropy (8bit):6.280330666006635
                                          Encrypted:false
                                          SSDEEP:3072:pmlPudPL10xZ0RESl4U7mIMmniVxNFJA6RLkYpu8TlyOAMruKi:kPqPa2997HNnoA6GkyOAMrLi
                                          MD5:1931207A61912C0A4B3385B505AC000C
                                          SHA1:5F5C53E1093AB4C0A56E25A9262DC58206DECA45
                                          SHA-256:F2D93145F2E1F5F31172B8BBE2C9713551E09D27B572B751870A57D9EF67B421
                                          SHA-512:5CC58FE3F1E7733FAD324707946AB85BA8381A64686DFD447DE2404D37A717877864CA0C7F96D855836AA5383691639721CBBF1DC4D991E9B19FDF37BD8E4B0B
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8 _ |A1s|A1s|A1s[.Js~A1s.Os}A1s[.\srA1s[.LszA1s.NnsxA1s.NlssA1s|A0s.A1s[._slA1s[.Ks}A1s[.Ms}A1s[.Is}A1sRich|A1s........................PE..L...S.)J...........!................X................................................X...............................)...............@..................H....`..4...................................x...@...............t............................text.............................. ..`.rdata...Y.......`..................@..@.data........0.......0..............@....rsrc........@... ...@..............@..@.reloc..P....`... ...`..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):134216
                                          Entropy (8bit):5.950568356619592
                                          Encrypted:false
                                          SSDEEP:3072:F5TNp3wgHLAVazoHhsTdVPOCYc0oBQNkIBYvbmOAPyPgI:FKgrYBan7IBYvbmOAPOn
                                          MD5:467AB9FCA85DF5F8C3FDCA994AA6681C
                                          SHA1:0CA6720AC77B3252AC21055B0D9704EFFE4E06BA
                                          SHA-256:B208B7ABA3B6F2563E103338A69B39B54AA3E482215F5F5A808A3196360CB5CC
                                          SHA-512:13B12A7542706F91CC8518E57E4AEB5CDD44C42885CED9513F8370839E02D736E02EE086C14CA9C958C2E37DA5487AF3849B2269EF3CD22DE952C59EB2D17702
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FJ...+.I.+.I.+.I%..I.+.I...I.+.I%..I.+.I%..I.+.I.$.I.+.I.$.I.+.I.+.I.+.I%..I.+.I%..I.+.I%..I.+.I%..I.+.IRich.+.I........................PE..L...p..I...........!..... ..........$........0...............................................................................v...........)..............H.......0...p2...............................N..@............0..4............................text............ .................. ..`.rdata...R...0...`...0..............@..@.data............ ..................@....rsrc....).......0..................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDataWriter3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):134216
                                          Entropy (8bit):6.021706875272623
                                          Encrypted:false
                                          SSDEEP:3072:A7Dv3MR/7J8Ecsn9KwLovvmxZOlHn8LjRLM:HR/7J8EBEGZZOlHWLM
                                          MD5:531508445DB5B9493F1102690803BC00
                                          SHA1:C0666F32DA5CC7D4ED3C5F49FFE036E6419A75BF
                                          SHA-256:FCFD2D3169BC3A6CF10225C64B69C41AD170CA9C72E5452C58655C233F222D66
                                          SHA-512:E47726C606A0934075E2A9B7E2CE6AF0D251AC1B3FBD0B9AA2F416ADD36919AFCBDEA66D86D51D10277419CCD92F2472FCB88DB645C8815EE39F25F13BDB85B3
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.P...>...>...>.4;E...>..9@...>.4;C...>...a...>...c...>...?...>.4;P...>.4;S...>.4;D...>.4;B...>.4;F...>.Rich..>.................PE..L...d.9J...........!......................... .......................................}..............................p~.......q...........E..............H............"...............................T..@............ ...............................text............................... ..`.rdata..._... ...`... ..............@..@.data...t...........................@....rsrc....E.......P..................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFLICFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):105544
                                          Entropy (8bit):5.957638306046199
                                          Encrypted:false
                                          SSDEEP:1536:QgXYe1sveFIIXJ84c3EGFvIDylrCPSwlrp7m/3yUOA2hob1eaF/rnG:QgXYyC8JEvIDylrCPSwFpSdOAnh/K
                                          MD5:B12383C00B912A7814C0D972E5ED09B0
                                          SHA1:28C1ED81E4578392AC798D46A4C8B6CBD704F4AC
                                          SHA-256:A2F2C373944DFF1A1B031A91E9F91F1F9A53E19ADD755B9B42607501A483EE0C
                                          SHA-512:B7528F05A565EB55F47113B78A45C783EF469B27AC453E01ECD933F19249C89B3B747C93515B6EA10648E6125C37EF1B73CB17B6B167CB5DCF123B5B0AC7B521
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<`..x..x..x.._..z.....y.._..v.._..~......|......u..x....._..u.._..y.._..y.._..y..Richx..........................PE..L......J...........!.................................................................H..............................` ...............P...!..............H...............................................@...............D............................text...M........................... ..`.rdata...A.......P..................@..@.data...D....0.......0..............@....rsrc....!...P...0...@..............@..@.reloc........... ...p..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFLVFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):175176
                                          Entropy (8bit):6.001854321388378
                                          Encrypted:false
                                          SSDEEP:3072:j4EC8V1w9KYh6LzQuOmAkWvZ1ctR6JzDWwZWNOWgg//y:HPaK06QB5BBZWNOWggXy
                                          MD5:143E04735F435B7D8160D5229E8F9C5A
                                          SHA1:5C6088831D7ED5E1F57BCC22253B038CF8A89CCB
                                          SHA-256:3C081E39BE1F59EB8E17D40B3E743862E2DD506AA3C19A0C54091ABF976BEBC7
                                          SHA-512:0D8D20912D8EC4B3E0761696C789926BD393FB90AA2F904E5B54A7C58D6193550F402CCF58815E952D811CBE8289993BEA0BD16EBC3C947AF1235B3F58E9F726
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d.P..MP..MP..MwLqMT..M.NtMR..MwLgM]..MwLwMV..M..UMT..M..WM]..MP..M..MwLdMK..MwLpMQ..MwLvMQ..MwLrMQ..MRichP..M........................PE..L....4.J...........!................................................................................................................@...!..............H....p..L..................................x...@............................................text...M........................... ..`.rdata..j`.......p..................@..@.data...P.... ... ... ..............@....rsrc....!...@...0...@..............@..@.reloc..:$...p...0...p..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFlashBuilder3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):121928
                                          Entropy (8bit):6.03775805761711
                                          Encrypted:false
                                          SSDEEP:1536:VbvD8YUCEQfqU7INzp9S4bbleVKvP5w0peRJLOAwv4cUcftYvnM:Vbvy2fJ7INzl/leVGP5QtOA/dMtR
                                          MD5:B8287065C11E586EB4DB6D77D4BFA746
                                          SHA1:F611EDF3458BF64C3C8F122A043ABC27938B28AF
                                          SHA-256:88D4FC43BAF7CE14A58CE3E6CC8157D724DF311924BBF763AF88CDC175875465
                                          SHA-512:9DAFA30B43D4CDF34D67DD9534119EC9A30C90A811D77F6A925DBDA6DD2249A8CCB69DADD83CFE0870E5F69614ADB4BB3DC0CC610FBF8950E9B0C78DD420163F
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7q..V...V...V...d..V..r.a..V...b..V..&Y@..V..&YB..V...V..CV...r..V...q..V...e..V...c..V...g..V..Rich.V..................PE..L....&BI...........!......................... ......................................I...............................`o......@b..........................H............"...............................=..@............ ..T............................text............................... ..`.rdata...P... ...`... ..............@..@.data...t...........................@....rsrc............ ..................@..@.reloc..N........ ..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSH263Codec.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):367688
                                          Entropy (8bit):6.10338434508788
                                          Encrypted:false
                                          SSDEEP:6144:9z/2KbXH6ZiE/UPg7sA5YqW1yb+Lu7Ahho7c09L6hFFpVQgUMEzzgcTdT10z0/90:9zSMPg7vSqW1yb+Lu7Ahho7FQhFFHgz4
                                          MD5:63706D727A6B4962BCAA7E6A55D8D304
                                          SHA1:E1A61AED3D039F1EE193131B5AA988C075542901
                                          SHA-256:5890455B23B0BC321A1711E3B64BA872D400DBB171F49274C6B6DF5578D46E18
                                          SHA-512:77D1A413F11062F8E3A40EA0DF02851407B96924EC6BFC8794A9B612CBEB13B6BBED35886DBA14E72D62947CFA4BE3D07684B42A2FB9672A4A9AEBB3A58EE78E
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ALt..-.Q.-.Q.-.Q".aQ.-.Q..dQ.-.Q".gQ.-.Q."EQ.-.Q."GQ.-.Q.-.Q.-.Q".tQ5-.Q".wQ.-.Q".`Q.-.Q".fQ.-.Q".bQ.-.QRich.-.Q................PE..L....*.H...........!.................................................................................................3.......'.......P..................H....p..P...p...................................@...............@............................text...h........................... ..`.rdata...C.......P..................@..@.data........@.......@..............@....rsrc........P... ...P..............@..@.reloc.......p... ...p..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSH264Codec.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):552008
                                          Entropy (8bit):6.576107872040982
                                          Encrypted:false
                                          SSDEEP:6144:Wj3ais5y9xgVB4RcUsY4s0gftThxlZDIQFAgzyWTaQSieVlr1O+19+OAytYlQ:Wj3h983s0g10bgzyW8ieVlr1O2r
                                          MD5:D94DAE9F0A5C715D58803556EE883B94
                                          SHA1:216BCD4ECADA50A1D690DB94A7AA32726F8D0625
                                          SHA-256:F316966989ED06BC4EFF9E31DD5068446EE20E4050FD5C02059A24EF7A8D472D
                                          SHA-512:34BD3917196783F54942ED64B86B21333270B9A86F1AD73459CA66716519FBF4A91030C6BCDADCED11504A3A2EE30FE873678441A25AE6ECA55413DF60B88A07
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................b.......`......b..............F.......F..........."...b....b....b......b......b......Rich....................PE..L...;..I...........!................W.......................................................................................X........0...............`..H....P...0...................................................................................text...x........................... ..`.rdata..)........ ..................@..@.data...\=..........................@....rodata. .... ......................@..@.rsrc........0... ..................@..@.reloc..N7...P...@... ..............@..B........................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSIFOFiles.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):285768
                                          Entropy (8bit):6.103596703374899
                                          Encrypted:false
                                          SSDEEP:3072:5J0MbIBOxp+nohHuA48xIAhYsQ0rSAFTEjFiAkPOlGAeS4tQ:wMAAthOA48oCrX4iJPOlGbm
                                          MD5:BAFE6D98F50AA6DC069D0C56CC8E0DED
                                          SHA1:C72B9C58CC80386772069A3061501643D284DC1C
                                          SHA-256:D3F1A46AAC18BF1805AC9FF998CEF2E6A0322E128D730A95529527E5944756AB
                                          SHA-512:D6888F9F0D453F0AD6457C6EACD4EA482C62456DDC54683FDB333737D8B5E35995DD3DF9FCDE573A9E72E16A53A0AD370651BC91FA271CC4BAEE68917D9F7A11
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\......D...D...D?x.D...D.z.D...D?x.D...D?x.D...D..D...D..D...D...D...D?x.D...D?x.D...D?x.D...D?x.D...DRich...D........................PE..L.....9I...........!.................m.......................................P.......4...............................:......./..........lt...........P..H....... /..p...............................@...@...............D............................text....u.......................... ..`.rdata..z...........................@..@.data....G...@...P...@..............@....rsrc...lt..........................@..@.reloc...7.......@..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageCompose3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):4037704
                                          Entropy (8bit):7.1577901707076075
                                          Encrypted:false
                                          SSDEEP:24576:aKFuIZyEh2yTDLkDpCAl+wpvgbqVgLq4hAycC0N9Pg1c5ZqRE+GqktBjHAwt+FQL:aKFuIZyA2D6dVcPfgrZktBkxgLRZ
                                          MD5:CC44F3065B8A2B57674F3D6758B21B79
                                          SHA1:368DDF6225EBE8EFCABF27167CDA7709964ADA26
                                          SHA-256:3B7568A4881442826EEDF891B032180625DD6EEF8874F9E2B5410ED0D4F0766A
                                          SHA-512:01CC71DA8B57907608DB90169EFC567E55DE53BD9AE2E2C10F79A27061F3F152479D335AD0C64459BD1367A7A4CCC25C438F205F4752946404F0C697E23564D7
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w......................y.......................4......5..........Q...-.......-...........0...................................Rich....................PE..L...B+.I...........!..... ...`"..............0................................=......W>.............................p.......p........`8...............=.H.....8.l....4...............................................0..\............................text............ .................. ..`.rdata../....0.......0..............@..@.data...X........ ..................@....data1...+...08..0...08.............@....rsrc........`8.. ...`8.............@..@.reloc........8.......8.............@..B........................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):142408
                                          Entropy (8bit):6.009851515916863
                                          Encrypted:false
                                          SSDEEP:1536:6HVLUt5DdeR8cCG+xNJxK+UsNpUNHbjqtw/fzupZ/lF9SgxH7cwMk9EhXpOAi7fy:6HVotqkzJTPky+zupbF9qRpOAirz2
                                          MD5:3D0FFDC025FFE8BF21CBC7650999D62A
                                          SHA1:F2AD5E56A62C4A33E113DFCCDA4983E24DBA7D7C
                                          SHA-256:9EF94218BBEFDE4B7877290AEAE330AB00A4C23C634695082D6E698878F265C3
                                          SHA-512:B54544EFC235B89A73249EC38B76CBD5EC1BBED67085F1E755F49E4E51EB819B49763C6AA3E851E45D029BFD583957BC4A37851AAC5EBC74885E34825CD884E2
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........c...c...c......c..r....c......c......c..&l...c..&l...c..&l...c...c...c......c......c......c......c..Rich.c..........................PE..L.... .I...........!.....P...........D.......`............................... .........................................................t............ ..H............c...............................r..@............`...............................text....E.......P.................. ..`.rdata..LP...`...`...`..............@..@.data............ ..................@....rsrc...t........ ..................@..@.reloc..L........ ..................@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImagePaint3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):707656
                                          Entropy (8bit):6.514044645849675
                                          Encrypted:false
                                          SSDEEP:12288:cKtDhbUCqEB2xa/QZWn9cmr/qN+MaNYbb:cKXbUCqL5aNYbb
                                          MD5:70495F3D11FD98A7C221A4A5D7C9DE8E
                                          SHA1:8183F6A17216EC04E7E5D1281691F89B8E25478F
                                          SHA-256:FB135A118DBC16FBFB483B9E35C450041F25538D5D622B14E01C297E9358FF95
                                          SHA-512:D516ED458BEF2F3C4DEAE292A55ED8270DAF73126C72198A0BAE9FB50212A9D1E36EAE30BE75F02BFBD30C26936343A020936F45A0B4391B8C876A0F9ECA7D06
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......<...xl..xl..xl.._..zl....yl.._..ul.._..~l...c.{l..'N..{l..>O..}l..xl..jl...c.wl..xl..Zm.._...ml.._..yl.._..yl.._..yl..Richxl..........................PE..L....}.H...........!..... ..........R........0..............................................................................h...........PN..............H....`...`...4...............................................0..`............................text............ .................. ..`.rdata.......0.......0..............@..@.data....#....... ..................@....data1..............................@....rsrc...PN.......P..................@..@.reloc...h...`...p...P..............@..B................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageStudio3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):5569608
                                          Entropy (8bit):7.110150372444856
                                          Encrypted:false
                                          SSDEEP:49152:kgyXpr6Mx+XIkjgZ8fRpQ2/BHgRCbbC9FLfO3XsSKiSK0B0z5t3:kggrpxiIvWpbbC9FLfO3XQ2
                                          MD5:FF539B2E97A5668F7A6BE09970A53EBF
                                          SHA1:4D8AE8398002C8DEAE5CD4D0D205060B05CE7A89
                                          SHA-256:316BF74DB9D2F330B241A41681AB1B5A671BE064C512A188F4F276029CDD3195
                                          SHA-512:30D651198541314DCC027C0DAB93E7B77C9ECA41B14484B0B768B7A4DE0A0813D7C2E89B055389922B41BC2C63BC25ACBA831913D1CB5B692C3090B83A2F0435
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........TP..:...:...:..$A...:..&D...:..$W...:..$G...:...1...:.......:...:.~.:.T.Z...:.T.e...:.T.g...:...;...:..$T...:..$@...:..$F...:..$B...:.Rich..:.........................PE..L...;.#J...........!..... /...%.............0/...............................T.......U...............................0.......0.......N.(.............T.H.....N......9/..............................................0/..............................text...<./...... /................. ..`.rdata..>....0/......0/.............@..@.data.........0.......0.............@....data1..p;....N..@....N.............@....rsrc...(.....N.. ....N.............@..@.reloc..8.....N.......N.............@..B........................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageTransform3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):3091528
                                          Entropy (8bit):7.100912973456155
                                          Encrypted:false
                                          SSDEEP:49152:M36lQEAePOtmyEC9FLKJuDBJJ1rGSK+SKgTrv:9lQqC9FLIuVJJ63v
                                          MD5:6E59C9152D69C6239CDA98B047A102D3
                                          SHA1:4E06BA57F6974D8CCFC2845AEE1B2B5985BBE6FE
                                          SHA-256:575501847079DEAE9D858B3C6F4236ECC350848853B6CCC49E804E2CA327BA5E
                                          SHA-512:8E0DA377986070FF1B51B439980F4FE15CC6D10F3185529FDC0FC0E91D1349A6E943E5A4F3BB021770E86706112320D18C75A3AF150E6054BA4100229A77B353
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p..w4x`$4x`$4x`$...$6x`$...$5x`$...$8x`$...$2x`$kZk$~x`$r[J$'|`$4x`$]|`$.w?$7x`$.w=$%x`$4xa$.x`$...$'x`$...$5x`$...$5x`$...$5x`$Rich4x`$................PE..L...AN.I...........!................B........ ...............................0/......./.............................Ps.......a........-..;........... /.H.....-..=...$............................................... ..D............................text............................... ..`.rdata...T... ...`... ..............@..@.data...............................@....data1...,...`-..0...P-.............@....rsrc....;....-..@....-.............@..@.reloc...T....-..`....-.............@..B........................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSImageView5.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):453704
                                          Entropy (8bit):6.4734952167918705
                                          Encrypted:false
                                          SSDEEP:6144:8LNh9Yd4IkwEl2ClpWww3BaYH99XErOlIxZTFYYBq:SNhWfnEY/pBJOBq
                                          MD5:190C02792EC65AB89FC428B863FE7A63
                                          SHA1:D1C5FD465EA31126DCC6F78EA35E1724B6D88A2D
                                          SHA-256:72D6EE57D66A46F8F31D06C41F60CF999E15CFDD652CD8BE169CE65C3EC0F265
                                          SHA-512:84F3EDAF418CE267C9E54809A92F22D469FA4114BE4CCF196122962E4AC64F896012C27D2FA6F0E7579B033DEF17D26F946913A87CABB8942B1C26774C6D3AFE
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.yKq...q...q...V$l.s....&i.p...V$z.|...V$j.w.....H.u.....J.`...q..."...V$y.`...V$m.p...V$k.p...V$o.p...Richq...........PE..L......J...........!.....P...................`.......................................F...............................................`..x:..............H.......8A...e..............................P...@............`..8............................text....M.......P.................. ..`.rdata..\....`.......`..............@..@.data...(%...0... ...0..............@....rsrc...x:...`...@...P..............@..@.reloc...J.......P..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSM2TSFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):253000
                                          Entropy (8bit):6.2157219521929274
                                          Encrypted:false
                                          SSDEEP:3072:faCQE61HhaCCNamFSdzsnLcjMt34xsedH1zKmQ2bi9IOpU6cfirHN4jOW95riMfz:PQD1HhadowLyMt34V6Pt4jOW9djHr
                                          MD5:418225F03D5CAD883CE33561E5B06E5D
                                          SHA1:8AC89225C6FD3013A9AC3C13847951E77CFC63EC
                                          SHA-256:CC64724966DB911052F9EF1F7E47BEB7ABD4FB47D7CD85A936E2A2ACE3284E10
                                          SHA-512:C6295EF3B3CA39884FBAA8FD671D59EB600B4EC7CF1372EE703706224FDA1E67A09417DA2DC990C821BD4620938C15DE0A009C4D3EDD4568384205E554FB5AB6
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+...J...J...J.....J..C....J.....J.....J...E...J...E...J...J..}J.....J.....J.....J.....J..Rich.J..................PE..L....36J...........!.........@.......c..............................................................................p................P...4..............H........(.................................P...@............................................text....v.......................... ..`.rdata..+...........................@..@.data....,... ...0... ..............@....rsrc....4...P...@...P..............@..@.reloc...1.......@..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEG2Codec.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):781384
                                          Entropy (8bit):6.397590514091339
                                          Encrypted:false
                                          SSDEEP:12288:dhSQHeeU/Le1pLBbZW+9W0pjBmYltysNo+lFE+buiYHFIB8P5/8Q/8Q/8Q/8ly:dhSQxQyjBmYltysNo+lFE+buiYHFIB8d
                                          MD5:473B704CC0B8AA70B35FCB0512E8C8E3
                                          SHA1:07A86DBA55D8DAC7E81D3EC19E2ADA4284FFFE97
                                          SHA-256:BECBEC1554F35140B56CA480036B231A964F18F7692C916FBDDD5388520859B1
                                          SHA-512:FA9B798478A35391563C8544C962F5645D0134CDDFD1FD88BCB2D2D5D6351039BAC72833B6B0EF465E597F1562598EBCEAB7F683FF95647F1E8865081E895523
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b.M.&.#.&.#.&.#.y.(.0.#.`.....#.. X.$.#.."].'.#.. ^. .#.&.#.n.#...|.$.#...~.-.#.&."...#.. M...#.. N.2.#.. Y.'.#.. _.'.#.. [.'.#.Rich&.#.........................PE..L....X.I...........!.........P......8........................................@..........................................................................H........7..p................................................................................text....u.......................... ..`.rdata..:W.......`..................@..@.data...\........p..................@....data1...............`..............@....rsrc............ ...p..............@..@.reloc...K.......P..................@..B................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEG4Codec.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):629832
                                          Entropy (8bit):6.582094691748903
                                          Encrypted:false
                                          SSDEEP:12288:WVDREqVdCuir+TMIRdQ3hL9Rgt36kK1whErNQiwQ3M5bP:WVDSqVdCuir+TMIRdQ319Rgt36kK1wKu
                                          MD5:78D71CC54AE35E09633A8B013B68921D
                                          SHA1:9EB30998524ACCEB0A07788E543D5B75DBA836CD
                                          SHA-256:085B997DE5F78335B8AE137F5626F14EB361C902EA5B47A8B3B59794A8761B08
                                          SHA-512:C8463C96117CC69586EFE7B3F5CD92A353CDC97E1C47574C9D93F3CEECB6BA5820B7EDB41B216108849BD94E775B30102C1418F7E2C5B932EC23F2A8CCA9F5FE
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{k..{k..{k.....{k..{k..{k.5t4..{k.5t6..{k..{j..{k.....{k....@{k.....{k.....{k.....{k.Rich.{k.........................PE..L......J...........!.................................................................i..........................................x....`..................H........<..0...................................@............................................text............................... ..`.rodata.@+.......0.................. ..`.rdata..:...........................@..@.data....u.......0..................@....rsrc........`... ..................@..@.reloc...Q.......`...0..............@..B................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEGCodecs.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):4049992
                                          Entropy (8bit):6.472855657669626
                                          Encrypted:false
                                          SSDEEP:98304:/dLcpa1/VZscVmrw2W5vCy4q7ZMvARbKrvyp0lkm4vSdP/w1/LeP:R/VZscVmrw2W5vCy4q7ZMvGbKry9qo1k
                                          MD5:6AE5AA61B57AA709CA6EFB739E31044F
                                          SHA1:2D2E007EFDCEACC4F0B4E249D40771652D30C947
                                          SHA-256:47818D78E3E785D075E61AEBF0C008B4B1F9CC8F309D54A6ADD6F0C2B1237753
                                          SHA-512:F9016C65C6FF6C553E8B5C96B4A41BED03CF42729E1C763900DCCEA5DD6333AC664C89BF90353FD0E6BB281967F111AA073A7C6E34BF5C36E1968524F188E250
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........sh.o.;.o.;.o.;.o.;do.;..c;.o.;..`;.o.;H`B;.o.;H`@;.o.;.o.;.o.;..p;.o.;..s;.o.;..g;.o.;..a;.o.;..e;.o.;Rich.o.;........PE..L...{..J...........!......3.........J.........4...............................`.......=..............................A;......6;.x.....^...............=.H.....^.......4...............................................4..............................text...|:3......@3................. ..`.text.unX....P3......P3............. ..`.rdata..:B....4..P....4.............@..@.data...`."..P;..p...P;.............@....eh_fram......^.......;.............@..@.debug_lr.... ^.......;.............@....debug_i.....0^.. ....;.............@....debug_aU....P^.......<.............@....debug_a.....`^.......<.............@....debug_f`....p^...... <.............@....debug_lD.....^......0<.............@....debug_p......^......@<.............@....debug_r`.....^......P<.

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEGFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):183368
                                          Entropy (8bit):6.2035545884797845
                                          Encrypted:false
                                          SSDEEP:3072:AIa9BWQVZyY1gzJ8uV8he1k6UZlnFp2HwvXZtcV++AYvfTzXbsdkOAJncpV6mNR:gBG8hx6MvzkYdkOAJnSfR
                                          MD5:256FB3795B4D98BDF4B5F986CA2ED898
                                          SHA1:4C4633C806B9250BD414643D6BAB040A360E2A42
                                          SHA-256:0D088D1BE78B46B25E560AEB01989EA9700A99457ABF7B4DF225512C60E31F9D
                                          SHA-512:0DA0EB3B4B96DCC6751C00279D4EAD9BD534DE64BE3CF74BE0280166A3728646F7012E181F9A7890972A9A01A987CA8F6A6F3A4D003A452D791AB2330D38DA7F
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._..a...a...a.......a.s.....a.......a.......a.'.>...a.'.<...a...`.U.a.......a.......a.......a.......a.Rich..a.........PE..L......J...........!...............................................................,................................;.......-.......`..."..............H...............................................@............................................text...-........................... ..`.rdata..K\.......`..................@..@.data........@... ...@..............@....rsrc...."...`...0...`..............@..@.reloc...$.......0..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMTVFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):121928
                                          Entropy (8bit):6.103076480048846
                                          Encrypted:false
                                          SSDEEP:3072:QGceWji8cfbsK+isycMei7QTKc4IKOAQG3v:ueWe8c4vfllKOAQGf
                                          MD5:5E80A4F53B45964120BDF0798C9E3625
                                          SHA1:FE220C7548C80D9A3134D4BA8A8F5CF5C15E42A5
                                          SHA-256:FA2251375A493D09ED124B1A3A59D8CCD42029F5C963CE61812493A614C021A5
                                          SHA-512:B38A24C5D52512AACF3CACE7174D7DA9C686FEEC72C929561A6C6C5A16D510224D735BB6689B60DE7EFAD757140F04B184D04F7BBF1C6C4B60795897B0799919
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!...r...r...r.u.r...r.w.r...r.u.r...r.u.r...rK..r...rK..r...r...r...r.u.r...r.u.r...r.u.r...r.u.r...rRich...r........................PE..L...~..J...........!................@........ .......................................Z...............................d.......X..........p!..............H............"...............................7..@............ ..L............................text............................... ..`.rdata...E... ...P... ..............@..@.data...T....p.......p..............@....rsrc...p!.......0..................@..@.reloc..`........ ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMatroskaFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):482376
                                          Entropy (8bit):6.3612258886117425
                                          Encrypted:false
                                          SSDEEP:6144:9hVvzR9DzrFiPZxsIBnP84++ji7zwQmkBPkyE5+qpLHTBXyEnXZOAT1X8RCL1Vmm:9hVzDzrUPZxsIBP84+tVBPk9HTVhKm
                                          MD5:3D228016EDF23246E524783C69B232C1
                                          SHA1:3E09BC2DA39A28AA7946425371B20B770AB4B683
                                          SHA-256:D21D5FE03899A13805AC9A95E0428A3BBEC065F68D2E927FABBC7F3C1DB3BCC3
                                          SHA-512:C113E991A5788F0F364CC1E80B10A8F457A43C005E7B491A4A66B09132997C9057092B5C3A3AC1F06C8751EDC6D55CB8A866F5E7381215C836D9ABC2068FA4D0
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................................T.....T.......@.......................Rich...........PE..L....;.I...........!.....@..........0!.......P...............................`......................................................p...#...........P..H..........`S...............................................P..$............................text....=.......@.................. ..`.rdata..o}...P.......P..............@..@.data...............................@....rsrc....#...p...0...`..............@..@.reloc..^...........................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaCore3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):765000
                                          Entropy (8bit):6.559063143907738
                                          Encrypted:false
                                          SSDEEP:12288:5ogGQ9Rgt36kKX0nHwosr+TroVTMh97DzIFIQF0y93ZKb82aU9Gd094Y/Y3:5ojQ9Rgt36kKX0nHwosr+TroVTMh97D2
                                          MD5:FD58AAF657C70683627705485D7A8236
                                          SHA1:D60C342D0E814A9FD00CD8F62B34390FF9F6394B
                                          SHA-256:A9CC8E7DFD0BF4BEE1D4C9487D9B35142801297C7065FFE70CAF13281CE3F308
                                          SHA-512:037B71C7530DF9EBA38C9F835B0CF3D148E1DE9D195BD198632C5F01CF6ADD932F2A166FE64129D80ECBAFECF5A75360FB72BA08C1B6E618F56208A01F162804
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T>y.._..._..._..O}..._..V|=.w_..7.l.._....i.._..7.j.._...PH.._...PJ.._..._..._..7.z.._..._..._..7.y.._..7.m.._..7.k.._..7.o.._..Rich._..........PE..L...v..J...........!................}................................................................................D......l9...........M..............H....`...V..p...................................................$............................text............................... ..`.rodata............................. ..`.rdata..............................@..@.data.......P.......P..............@....data1..............................@....rsrc....M.......P..................@..@.reloc...^...`...`...@..............@..B........................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaFormatSettings3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):433224
                                          Entropy (8bit):6.039004575572842
                                          Encrypted:false
                                          SSDEEP:6144:YdpTIZ1jpHHcuR73SRkORzV3QZLIm3isqXcum6fDmfI0OsUOl0yWMQP8eXK:epTIFHHcuR7nOpvMyK
                                          MD5:2E56B390DFB21618188185C3AF0C48AD
                                          SHA1:7F1EE4E751D3542E4D3002E06D9E7CB554CC7834
                                          SHA-256:887616F776DC762F46B0CB8E2862714F24C23B9E6E73E48D2ACC2E56F5006A8E
                                          SHA-512:EC6294F745426655E5F1ABDBC2CDABB5393B35D1D2AFA03B4EEC7E6DFC0D99C9CBD101A7E72FFD50F1F30177F42916AAE78B6DA884004B7C462C2F29518BD6D0
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........}.}d..}d..}d.....}d.]....}d.....}d.....}d..r;..}d..}e.U}d..r9..}d.....}d.....}d.....}d.....}d.Rich.}d.........................PE..L....L.I...........!.....@...@......%%.......P......................................s9...............................z......lo..........................H.......(k...R..............................(...@............P..`............................text....<.......@.................. ..`.rdata...+...P...0...P..............@..@.data....o.......p..................@....rsrc...............................@..@.reloc..n...........................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaGrabber4.ax (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):56392
                                          Entropy (8bit):5.272318628723546
                                          Encrypted:false
                                          SSDEEP:768:KAb9ezKJatv7Q+ShWLdUVgpXLMn6NGoeSJ96OXJRuv81Djo1LbP:z9Pc7Qh4IgpXLyRST6Onuv81Y1nP
                                          MD5:68333F39D88F2ADA09B91A36F30C3016
                                          SHA1:E30855EE2E149A4C53660A8489F69A4D5F1BA658
                                          SHA-256:685846B921E0A5DE253DF7CB3605C06F34740E0217FD1B819B7B88B74C6628C6
                                          SHA-512:04D4E8560E743B41AA2232F7566A197ED92C76686AEAAD36D73C942E8CF58FE0F3DAD46AC7560358C32ABECC67B6D3BA89F93462C7E212E6B8501E8734447974
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... x..d..d..d.....g..C..f.....e..C..b..C..b.....i..d..:..:..e..=..m..C..g..C..e..C..e..C..e..Richd..........PE..L...e8vH...........!.....`...`...............p......................................J>.........................................x.......................H............................................................p.. ............................text....].......`.................. ..`.rdata..^....p... ...p..............@..@.data...............................@....CRT................................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2ActiveSync.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):105544
                                          Entropy (8bit):5.750165861484716
                                          Encrypted:false
                                          SSDEEP:1536:0aoSdXbBAk10HEJo5bRaX1lLfa/V/Av1ondglDMOA20WkxRZPJHarFUnD:0apBtJKZ41lL8dAv1msYOA207n5+e
                                          MD5:71FF68B63D023D42F3079EA7C6351D16
                                          SHA1:C9973A44C03740D5A2C77EC0890EF70320E5BC2C
                                          SHA-256:5618FBA3AE6CDB0481BC3C3563D51721A9F764642DD7A6581CA1A593C5D25B46
                                          SHA-512:9D2F6384EA11365F48B19407804142ACC03CA4B0C0C90EF0167EF6B316404550E1F31F05A4B94FA405900CBB6D323A92A6A8373958EA02A7DC64C982A18EE476
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3U..R;..R;..R;..@..R;.C.E..R;..V..R;..F..R;..]d..R;..]f..R;.+r?..R;..R:..R;..U..R;..A..R;..G..R;..C..R;.Rich.R;.................PE..L......H...........!................................................................kx..............................P................@...)..............H....p..8.......................................@............................................text...-........................... ..`.rdata...0.......@..................@..@.data...p....0.......0..............@....rsrc....)...@...0...@..............@..@.reloc.......p... ...p..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2MTP.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):166984
                                          Entropy (8bit):6.312796534413094
                                          Encrypted:false
                                          SSDEEP:3072:Ka96pwWsy4KDy2L18tpdW3E5KQYDdzOAjTAL6:J6uWsy40bLmtDWdzOAj1
                                          MD5:EAD25709A4FC066DC4275FB032AD87D8
                                          SHA1:EBC3398370E04F1E579B6A1C8BCE9E98720224C7
                                          SHA-256:E1F07A4962132E0DBED7F73538C516BF6DDB3AB2FF68C259688518BD17B720AD
                                          SHA-512:4867870D4EDD909A9B40C9F0F5151F27E4A6B6435393880A5A6FE35E8109ADC35EA975A7429DE4347FEF9E0F6F9B7AE467DD75C9A7CA5ED954D342A48DEBEBB3
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!.@..@..@....@......@..BO..@..BO..@..@..(@....@....@....@....@....@....@..Rich.@..........PE..L......H...........!................y...............................................o................................................0...(..............H....`..X.......................................@...............x............................text...}........................... ..`.rdata..`a.......p..................@..@.data... ........ ..................@....rsrc....(...0...0...0..............@..@.reloc..^....`... ...`..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2ToshBT.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):150600
                                          Entropy (8bit):6.227312732629775
                                          Encrypted:false
                                          SSDEEP:3072:YHVeDEVhCmzvaIcx7ZOUbN+w7Olwp0ggOMk+:KeDEbf7azIs+w7Olwp0Pk+
                                          MD5:78EB1E3BB574545ED50BDC14973203CD
                                          SHA1:1F9437B6936464388DAA85C692AE3D186F335DAC
                                          SHA-256:1956825C5CEE486429DC238DACE30568123DA96885396BDA3DA26AB449E3C8F1
                                          SHA-512:BD370CBDD588375B484CB951654AD4F575EA6FF11BC0BF0E9CC6170F085AA208A54BDDAE3039522961DBEAC18622FCD2EBCB902D9978414137E712B472311110
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................#......!.....#.....#.....I........B...I.....#.....#.....#.....#.....Rich............PE..L.....KG...........!.................t.......................................@......'\..............................`....................+...........@..H.... ..D.......................................@............................................text...\{.......................... ..`.rdata...E.......P..................@..@.data...d...........................@....rsrc....+.......0..................@..@.reloc..n.... ... ... ..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2UMS.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):629832
                                          Entropy (8bit):7.4355535066010745
                                          Encrypted:false
                                          SSDEEP:12288:8lNOGfB4SHAwVuRXHh6iMiDavaLOHkiryCrO:FYFruR3uiDaDHkArO
                                          MD5:948BE7CD2668F1207EAADFE480006827
                                          SHA1:DFDFAEEC6278E5018F5481C42A104A681B00C525
                                          SHA-256:42CA78E207B90158F0C86D7D248D838C8F0F45434EBF1875C3EF2828F85965DB
                                          SHA-512:056169D8E9891543681B8F6519A3E399F3F1CC2D857D9CC54227AFEC0B10CB5C075CE23F65BD546BFA18242CE75B3DE59048A3CF22F88F8BA6139634156FC650
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*.. n..sn..sn..s.).sl..sI+.sh..sI+.sh..s..so..s..sa..sn..s...sn..so..sI+.sv..sI+.sc..sI+.so..sI+.so..sI+.so..sRichn..s........PE..L....N;J...........!.....P...0......^>.......`......................................................................0.......(........ ...-..............H....P..H(...................................................`...............................text....@.......P.................. ..`.rdata...o...`...p...`..............@..@.data....I.......P..................@....rsrc....-... ...0... ..............@..@.reloc...1...P...@...P..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2Wire.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):126024
                                          Entropy (8bit):6.046434197596888
                                          Encrypted:false
                                          SSDEEP:3072:draLRznP33cy+gUWUiUt5xMGopYrn4FwpVNmOAqVd5V:YLp+BWUiUt/hpLmOAqn
                                          MD5:6692A4B2DA9738D07C31CD0DBDED8A8F
                                          SHA1:539195AC5C5E8A5EF11F28AD24A3B969F7F73CA8
                                          SHA-256:F89847E7D0839446126AA3BD95C0D6E44FC4D08CCD3DBF6F280C748D8585B471
                                          SHA-512:8F1DA3035ED981D9D6675C22CFE40B20D9D63EA2BD4A98D9029F091250267F27447031995E5297C13BFEE6AADED6731C1D0F9CD9B1E73346FF952B0F8514E520
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L...kQ..N....S..M...kQ..I......N......G...L......kQ.\...kQ.B...kQ..M...kQ..M...kQ..M...RichL...........PE..L....n@J...........!.....@...........<.......P......................................F................................z......Xo...........,..............H...........................................P]..@............P..4............................text...H7.......@.................. ..`.rdata...+...P...0...P..............@..@.data...............................@....rsrc....,.......0..................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2Wireless.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):175176
                                          Entropy (8bit):5.992681980642242
                                          Encrypted:false
                                          SSDEEP:3072:CI3herM4vbGnublLufiGWjzF0dTeBbHNfPIOvajIaDFIOWkJBz1PCT:CHM4vbX6gjzFIeBqOvajBIOWkBw
                                          MD5:FC14DF13FF2760B169B9B66D3587A7E8
                                          SHA1:BAA604F21B04B1BB890220BE0578DA4515B645B6
                                          SHA-256:8B65BA418EAB3704FA4DFBE3F958DAEC428A48C6C936017A171A83F6B85BC042
                                          SHA-512:34F50E38736C2A3F28337BB552420A1642674E1A63FD10C9633A2C88160E66E10849B08542976E4E466D2CE1CD09E13B22E6DFD3C285B18F6135F56B1D9843BE
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.D............Z..............7.............c.......c...........f......................................Rich....................PE..L.....DG...........!................................................................E................................4.......&.......P..l,..............H...............................................@............................................text...<........................... ..`.rdata..U5.......@..................@..@.data...<....@.......@..............@....rsrc...l,...P...0...P..............@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2iConnectService2.exe (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):52296
                                          Entropy (8bit):4.709998284021842
                                          Encrypted:false
                                          SSDEEP:768:J2xSe9ZPywV2IiLSNKm4z+xL1j7nSGalZRULbi:J2xSe9ZPywV2iNppxL1HSJDRUni
                                          MD5:9C6CB2B963EACEF79C25095F32A1051D
                                          SHA1:FC697B3F2B4C313F3916A8C226798304F116E76C
                                          SHA-256:7FB49DCAFFDFC80D41E5189E6ADA1D2A43D96523719FAC05FA32C395807A77BC
                                          SHA-512:B7226E04867CED7C2C6CB8DF4B86CBFDD0E88E65BBC40EFEB497E9635346A13477EA48C1B9A205BC01689F89FEA4871DA3CE997DC7282D13E353E3A43F7B729C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h.9J..................... ........... ........@.. ....................................@.....................................S.......p...............H........................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMobileDevice2iDevice.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):662600
                                          Entropy (8bit):7.451916135453707
                                          Encrypted:false
                                          SSDEEP:12288:VLthpWr/8yvqIRXHh6iMiDavaLOHkiryCrfWhqk:zTOlqIR3uiDaDHkAruAk
                                          MD5:65AC8C02B020EAD9684898B75047DE33
                                          SHA1:A58D2E4056468BAFBE95D0F94958313BB65EEED6
                                          SHA-256:7AB14346B8BDF8F9131CCF1A73433CACEDA7F59C434EC87910D8A97E80F3B493
                                          SHA-512:E97E4A443DA820B806DAFA77C84043A480218C85925A890252B79537C1726FB16B56455F0F87B77D94A05B284D3828714A736FFE67E02A0EA2FC03A85413BA78
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 2%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.X.X...X...X.......X..gW...X..gW...X...X...X...X...X.......X.......X.......X.......X.......X..Rich.X..................PE..L...b.?J...........!.....p................................................... ......................................:.......,...........+..............H........+......................................................p............................text....j.......p.................. ..`.rdata..............................@..@.data...@f...@...`...@..............@....rsrc....+.......0..................@..@.reloc..f=.......@..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSNSVFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):117832
                                          Entropy (8bit):5.789381690422656
                                          Encrypted:false
                                          SSDEEP:1536:jBGBSoSH2v1bz74yyWO1q9Lv17UVSkZgWcII2ul95uYYOAvn7EJ/lSrYdg+nN:CSH25z/y9ETkZ5cIIhuYYOAvATmY2q
                                          MD5:387C5EE2AD7FC1EDCD02F52A8AB4731F
                                          SHA1:68E868426483E79641B04C08BD9B28659BD70F72
                                          SHA-256:67FDAAD382768570F655B3A6EB10D1FA501ADB77CCD849D3F42281A104151FA1
                                          SHA-512:3D47A3D4E713508AEBD1D85A1992C722D10F80BE4D54693799C7BFB9A279BA769353069A7E93B63F2D67BF99004767F5C6842BBC016FDFF07ECDCB1A1D3F372C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............@...@...@..d>...@..f-...@..f=...@..f;...@.X.....@.X.....@...A.4.@..f....@..f:...@..f<...@..f8...@.Rich..@.........................PE..L....y.J...........!.................................................................................................B.......4.......p..."..............H...........................................p...@...............|............................text............................... ..`.rdata...B.......P..................@..@.data........P... ...P..............@....rsrc...."...p...0...p..............@..@.reloc..V........ ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSOGMFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):289864
                                          Entropy (8bit):6.276254515126954
                                          Encrypted:false
                                          SSDEEP:6144:LPYh8DeyY4BdCyck5L1TBS6v8TWOquNIx1TOllZ2R0nk:chpyPBdsonOtN/wL
                                          MD5:079260F3EAD6323355825264280C6C47
                                          SHA1:BB84727DF22087EE1B242726DBAC358412E25344
                                          SHA-256:02C24588B98BF57C99E7D43048612A20A49F753BA0572B2F0713CA6471E3548F
                                          SHA-512:4289A87FC361B7FCF77F7C157AEB21CA0A8DEF099CAA66C9CCA03529BD5B0154B3574B97C66EDB8F8B6E156794A48F223B581E3A14C15D07BFE0169574BD591E
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................p......r......p......p.....Z.........\...Z......p......p......p......p.....Rich....................PE..L......J...........!..... ...0.......c.......0...............................`..............................................hq...........!...........`..H....0.......3...............................................0...............................text............ .................. ..`.rdata...P...0...`...0..............@..@.data...8n.......p..................@....rsrc....!.......0..................@..@.reloc...$...0...0...0..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSPPTFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):494664
                                          Entropy (8bit):6.579021947502978
                                          Encrypted:false
                                          SSDEEP:6144:VlNiAugvDt4NSb6AieN4nUrOWAzc45GsKvUfUl8atdAUeHC:VengveNSb6NeN4UrjAzc1sfUztdQC
                                          MD5:63C409CAB29B27CA82D66CA371DF53C6
                                          SHA1:33E91016739392A8993464C3F7E1A57F8E5EDB93
                                          SHA-256:382262692704DF3C58F748DFF65CCCD1529A7515C75D0A53E60ECB2303ECED1F
                                          SHA-512:7CCE5462E7B559B190BF816CFB008EFEA990AC466E8768455AFF27B91BF41AEC6DFABAF22B738C1A50A02675137CE6D3A69A7356AF34278FD3B83472D3968A8E
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 2%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..sb..sb..sb...b..sb...b..sb_.,b..sb_..b..sb..rb..sb...b..sb...b..sb...b..sb...b..sbRich..sb................PE..L....%.J...........!................?...............................................q.......................................X...........t!..............H.... ...b..................................x...@...............0............................text............................... ..`.rdata..:...........................@..@.data....Z.......@..................@....rsrc...t!.......0..................@..@.reloc.."|... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSPSCore3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):474184
                                          Entropy (8bit):6.299420404033466
                                          Encrypted:false
                                          SSDEEP:6144:ANrGMKgonJ4TOKrH02WHd1Jwm9ArxNyX0OfwTywcqYDa:kZKbJkOd2a5D0O3Da
                                          MD5:BAA0CC8CB921FA5B40FEC8DF6609AABF
                                          SHA1:3465801EBFC46077DE4629D55D3104C5D2A6EDCD
                                          SHA-256:3C75613B3E46ACBBE3FC5D0727B7A17E242AEC6989361B69B10F2E8232BBB1C0
                                          SHA-512:AC0F041DF7724887E046F875B67E6FB0BCE441F6E219E3898D99592041AE42C11D06D896C91806770724426EF99E86810C3A9F57542F002042953BD4A9F09F83
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X......\...\...\;P.\...\;P.\e..\..\...\..\...\...\...\;P.\t..\;P.\...\;P.\...\;P.\...\Rich...\................PE..L...3..J...........!.........P...............................................P.......................................................`..<p...........0..H.......pK...................................W..@...............D............................text...q........................... ..`.rdata..............................@..@.data............p..................@....rsrc...<p...`.......@..............@..@.reloc...c.......p..................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSQuickTimeFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):281672
                                          Entropy (8bit):6.367033456218542
                                          Encrypted:false
                                          SSDEEP:6144:aZBo7hinm8DbKOKQZTfz5/o8flEeDCvT1EtS5G1COA9TEiZ+jY:aZK7QmijKYfaeDCxEw5ZZwY
                                          MD5:02EA2CEC0AEDC330EFDC73776A91BE3A
                                          SHA1:BD8F604245B15D4928B136F5133C6D6984AE31A1
                                          SHA-256:C1403A15EDA443C9246FF793F3CBEC51E9C6816817E282EF165DACFD44DFD844
                                          SHA-512:3CFC5BFE8733D726FD85428553828A3D057AD42CE914D497EFB6812A8B5643E61B6A981944BF77F3026384E269F9D1021BA65C85E20A0437FAD8CB4B7481B6B1
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;....ft..ft..ft.X...}ft....}ft.X...qft.X...wft.zj..~ft..i+.zft..i).rft..fu..ft.X...kft.X...~ft.X...~ft.X...~ft.Rich.ft.........................PE..L......J...........!.....0...................@...............................@..............................................@............"...........@..H........!...C...............................k..@............@...............................text....-.......0.................. ..`.rdata...p...@.......@..............@..@.data...\........ ..................@....rsrc....".......0..................@..@.reloc...).......0..................@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSRMFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):535624
                                          Entropy (8bit):6.830773144149034
                                          Encrypted:false
                                          SSDEEP:12288:uk3iDkakBVCw/cdChAJQrQtaAVZDf79OyN2p2lz:ukwkNVV/cdCPrINfh7N2p2x
                                          MD5:CD15B7EC1280F41D5A4134E58DE80A49
                                          SHA1:6C9AFA35464607A8F27794F4B55357E3B1FAF7B7
                                          SHA-256:3C14CC0317D757107D084A23B5A11B96ECEC867FFE9FCAA045D2DB0CB756787F
                                          SHA-512:440F170FE46D3FBEE0536CBADA17ABE34E24422090EF9380774C2ACCA3F024FDBB67F7D3DA52D1BE1E80A74704F039B8040099AF4F57D710ED947B80EB8B7A8C
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........YQe..Qe..Qe..v...Se.....Ze..v...Xe...j..Re...j..^e..Qe...e..v...pe..v...ne..v...Pe..v...Pe..v...Pe..RichQe..................PE..L...ao.I...........!.........0......R........................................P.....................................0....................!........... ..H.......T/..P...............................@...@............... ............................text...}........................... ..`.rdata...-.......0..................@..@.data...l.... ....... ..............@....rsrc....!.......0..................@..@.reloc...6.......@..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSSWFFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):224328
                                          Entropy (8bit):6.272249986580459
                                          Encrypted:false
                                          SSDEEP:6144:MKXg54pP4SV3X21v7clj4BDQFaTBqwv2IOgKBiE:MZMn21vjTswvlE
                                          MD5:0056D495E71B6BEC4E5A4B9C1E2734FF
                                          SHA1:9C90FB6C82C225AF7996A1BD0723153F2A4E010D
                                          SHA-256:A6F8DBE393CCED84EE4F33FB804060B82B6F33327866A0355ECA601403FEE034
                                          SHA-512:08B1FF1E89914B7577F0E96B046DC13A23F250B2C2767610D86C3AE751E11D8AC6437A20DB04B19B80747E56CDEBCCF0EE210A8ECA4748DEFC22118A2EB576B5
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............|...|...|...n...|.q7....|..5....|..5....|..5....|..5....|...}._.|..5....|..5....|..5....|..5....|.Rich..|.........................PE..L...B7.J...........!.........................................................`..........................................................!...........`..H.... ...+...................................................................................text...]........................... ..`.rdata..............................@..@.data....<.......@..................@....rsrc....!.......0..................@..@.reloc...7... ...@... ..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSStreamParsers.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):171080
                                          Entropy (8bit):6.1971195517679085
                                          Encrypted:false
                                          SSDEEP:3072:ozuzZab9Tvl1oHZON84oTSyuX2OkUPc5u/yhY/mKLs9lv5EmI3zSp4OAKFjD01:7zYb9Tvzk5KmAy4OAKA
                                          MD5:76F4703D47E149C896FF9D51670E60CB
                                          SHA1:F0574334FA2A351238437C3977FF7EA42549A73D
                                          SHA-256:EECDEE565862C831438E6AE3CC8C7CE83BDFC0E6A30D162239ACAB8071610D0A
                                          SHA-512:DCB398BDBDCF85930767F121B1C698818664DFD5C09E2D8E0160B0CB45A0B552B95AE24DE7A7AA7133978306C8D8EAFC746265AD2292C7BD834DB6C71579E50C
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O..................5.................a!.....a!....................................Rich....................PE..L....I...........!................................................................9................................&...............P..................H....p......................................@...@...............x............................text...m........................... ..`.rdata...F.......P..................@..@.data........0... ...0..............@....rsrc........P... ...P..............@..@.reloc.......p... ...p..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSTSCore4.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):498760
                                          Entropy (8bit):6.275559960942112
                                          Encrypted:false
                                          SSDEEP:6144:G0BWM9IWn4f4RkjLNzIOYCr3pYjarafaBXqqMe:G0BWMqn6kjLNzIOYCrWwaSBr
                                          MD5:8E3A4B08E85DBD20B810779C2BFA6301
                                          SHA1:0322A138B773894336056956961D356E6E69E49E
                                          SHA-256:C92991E10D324FD7A030F0DEAB472079ED554EB8132AC412CE8053C1A4249B9C
                                          SHA-512:F26F698A8D3F8A67F55589109AE0B9D288643BFFF7A6637CE0644E045AA9B7AFE484B6F3DE0FFD32A4D80D604DED16D7A863BAF839BFD13C63CCF8FCB3507BD6
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9&6]XHe]XHe]XHez.5eFXHez.%e.XHe.W.eYXHe.W.ePXHe]XIe.XHez.&e1XHez.2e\XHez.4e\XHez.0e\XHeRich]XHe........................PE..L.....J...........!...............................................................m^...................................................v..............H....@..$l......................................@...............L............................text.............................. ..`.rdata..9...........................@..@.data........0...P...0..............@....rsrc....v..........................@..@.reloc......@......................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSTSFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):183368
                                          Entropy (8bit):6.073192965724942
                                          Encrypted:false
                                          SSDEEP:3072:tPvhNKVkh+XV1KyddRwATAhurlMJ8c6mfLl1eU0wM1U7Ill0sLM/8nwMOAsiqfHY:dzKVBRn8IfD8MOAjqhC
                                          MD5:3C6EC649825A52B7955A2F1C5F41C957
                                          SHA1:90EF1D8AEE8F5EB5D3E383DD95889A89581FF8A2
                                          SHA-256:787FAB7E014E8446C55AC32C2A08FEFC66FAD7EEF2C80C75885B9A0CCA142035
                                          SHA-512:C61D467D2FB676E0FFC73E2F1564BDF9546935784F7A0B43D1B3A461DC28EBB04B051EB1E7FEF0E7239C0B4E7B32523CFF2DFCB9D73BD2FAF8D3D954B230A341
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Yf......d.......d......d......................U....d......d......d......d.....Rich...........PE..L...R..J...........!...............................................................................................0.......%.......`..L"..............H...........p...................................@...............8............................text............................... ..`.rdata..9Q.......`..................@..@.data........@... ...@..............@....rsrc...L"...`...0...`..............@..@.reloc..N#.......0..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSUniversalVideoConverter.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):396360
                                          Entropy (8bit):6.394605775877511
                                          Encrypted:false
                                          SSDEEP:6144:XjxW6gxZVJAu5RR5Cr1bpsdoSGMWibwZOlNG+XIYbiC:zk6CR5uVs9GZibgMHbiC
                                          MD5:7996B091C22205888CB8A96619A83DDC
                                          SHA1:1D1DD341E1DCC129E27B0A6614EA651E4F98AC3D
                                          SHA-256:1519F60117756E8930748BAAEE3BDBC3383438F76BA627D774B9A21E94930992
                                          SHA-512:3B0B379BBDFDB6C54880DD9042902FA9748553EB7C29C7580E0C33D8FEE30AE0CCDF0BBA19DCDCE12B23FF9844ACFE539923A71E8E4C7A540688A9A9A1129B4E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*.".n.L.n.L.n.L.Ig7.l.L..e2.o.L.Ig!.c.L.Ig1.h.L.....j.L.....a.L.n.M..L.Ig".~.L.Ig6.o.L.Ig0.o.L.Ig4.o.L.Richn.L.........PE..L...d.:J...........!................................................................0.......................................l........p...7..............H....... H..@..................................@............................................text............................... ..`.rdata........... ..................@..@.data...HC... ...@... ..............@....rsrc....7...p...@...`..............@..@.reloc..vT.......`..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVOBFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):158792
                                          Entropy (8bit):6.170328143059685
                                          Encrypted:false
                                          SSDEEP:3072:Vzw0rMLkmM3R3gokG1hdNY/kurW5M9LsOAhpl8ElG:+0oLgR3tkwdYrWGxsOAhp5M
                                          MD5:8E3D1B9F613833A2E557AAEA51BF2812
                                          SHA1:804EA893FA96E6B96E1736663CC0D7CD6ECD6053
                                          SHA-256:2CFDB8CBDDAB40B8592C791986AEAF8F82AAC550151F1A2B83FCC553F901544C
                                          SHA-512:CA93F2317FAEF638CDE03C0E2E71FD3C908B814B1D1D7D79DC9A2A509EFB4D96893112A2EE9711595B7878800B8DA2F86D328FA402E91F3CEA65B2B659DED7A5
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............F..F..F.j.F..F]h.F..F.j.F..F.j.F..F...F..F...F..F..Fh..F.j.F..F.j.F..F.j.F..F.j.F..FRich..F........PE..L...Y..J...........!................Ev.......................................`......<...................................................4"...........`..H....@......................................x...@...............p............................text...={.......................... ..`.rdata..zQ.......`..................@..@.data...$........ ..................@....rsrc...4".......0..................@..@.reloc..n....@... ...@..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVRMFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):130120
                                          Entropy (8bit):6.078834324369387
                                          Encrypted:false
                                          SSDEEP:1536:+T7VVCGi6SmyO78e9SpKRyydffsvmDQTvEPfIHUokM1aj+sibROAe33z5SgIMlUo:+T7VVCGx2O7mQJ7D2EolJ1aqdOAC95PZ
                                          MD5:BCAB06C20D64830F11711E54AD4A1C76
                                          SHA1:93E2E65658B43C7A966F9E7FD4F941DBC76A0049
                                          SHA-256:791AADB0E62029539CC6152DE794CCDAB6F70E1576F4F06E7D697DA94E906401
                                          SHA-512:893A5DF69D4FBB24CDD96DA311AF17E78DDFF66F4FC1CE54A6847A56A9D225340E3ADB9049D06C060F083AE23B54D0827A163FF11648F45F9FBE68BC6BB9166D
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J..............)c......a......)c......)c...........................)c......)c......)c......)c......Rich............PE..L......I...........!..... ..........<........0.......................................................................x......Xm..........|"..............H............2...............................I..@............0..D............................text...-........ .................. ..`.rdata..JI...0...P...0..............@..@.data...$........ ..................@....rsrc...|".......0..................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVRMIFOFiles3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):334920
                                          Entropy (8bit):6.044394448627665
                                          Encrypted:false
                                          SSDEEP:6144:FwtRN4LDuhO1wGz255WSfafUDVnOAFeXlmt4XEgTrY:FwfN4nuCwGz26Sf2tlCgTrY
                                          MD5:DB09552239CF65731090511E599DF86E
                                          SHA1:93661E36B97971FD69210140F47E010F60B007DB
                                          SHA-256:EE629A43ABE3945522CDA51382122E37F9F56655C0351FBDE9088B0374952E25
                                          SHA-512:2090A03DC11AADC5F1A8FA1E4FFA9FE06FC21156931E2AA4021381D58B0AA6EEE1B8E4F7B9B6E639EF8CEA0B20C6807C3A10F5A50EBC38FA5044EE1692D3DCBE
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........RD..<...<...<..QG...<.2SB...<..QQ...<..QA...<.f.c...<.f.a...<...=.9.<..QR...<..QF...<..Q@...<..QD...<.Rich..<.........................PE..L......I...........!.....p..........&U....................................... ......................................Pv.......j..........P...............H.......lJ..................................@...@...............X............................text....b.......p.................. ..`.rdata..............................@..@.data...............................@....rsrc...P...........................@..@.reloc...Y.......`..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoCompress3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):89160
                                          Entropy (8bit):5.544035731485942
                                          Encrypted:false
                                          SSDEEP:1536:/fg6S3kwJ6UFsDWSQm4RpUjT5lUmUEemrFGcBwXOASu6A8Lrn3:n3S3kcHsiSiDUfUmMmrFt8OASuYX
                                          MD5:2503C08DB98BD03AE359AFD5FE5C5213
                                          SHA1:51ED833E6BD3F2AC3C126B84678930257C3185BC
                                          SHA-256:229E5F6F3D4A910DDCDEB4F70382DA1E7988A7D2F1C675E3348B626053023402
                                          SHA-512:73CD28CBCCB62D1B9BA0E1C0429178B697B579E65A148E269ABD18BE627BF758FF2581FFB238BD787EF7B9BFFE0B1A212241ABD7E635BDA1C9B04069DA3C36BC
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w..X...X...X......Z......Y......].......[.......S...X...'......H......V......Y......Y......Y...RichX...........PE..L......J...........!................V........................................P......b...............................`...................<$...........P..H....0..........................................@............................................text...8........................... ..`.rdata...1.......@..................@..@.data...............................@....rsrc...<$.......0..................@..@.reloc..N....0... ...0..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoDVDMenu3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):941128
                                          Entropy (8bit):6.381427254915849
                                          Encrypted:false
                                          SSDEEP:12288:mfM0eMzoPE9i6VK/UxjJb0B61cAzSVJPW1:mfMfMzoPE9i6VK/UlJb0B6GW1
                                          MD5:BE2AA9838DC319C6974F8F52DCAE300D
                                          SHA1:A9492DD434790424C0CF2838671CDC33D2C0736E
                                          SHA-256:2B0059E6098156CE6810802B3C9D3FD4CEE038D2A1AE5C71FD642FB535E20DC4
                                          SHA-512:0537B34D2E2C90725E0880E29AEAC7948EF6628CD4F55F92FF09757ECC2B3D78194D8C76E890EE69B5B8FCAD6BA80AE347275A54BF9E76A5ED6BE4E9CEB3D16A
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................V.....*T.....V.....V.....~......~......~...........V.....V.....V.....V.....Rich............PE..L...)7.I...........!................m!.......................................`.......................................................................P..H.......<...................................z..@...............X............................text...,........................... ..`.rdata..o .......0..................@..@.data..............................@....rsrc................p..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoDxCapture4.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):216136
                                          Entropy (8bit):6.068192152281209
                                          Encrypted:false
                                          SSDEEP:3072:AuFZqrgwxB2SixUSfxA1CjNq6yylMTAe0z2GjBLefe6KwEeXOAZO0GFlc2M15s4i:ygkB2SixUSfOcRqekGjBGXOAZO0GFC2f
                                          MD5:0A64F2C0495701AA013A2D1B155297C8
                                          SHA1:78C1A8762BE4A1D259F5F6EE1CE90B73153A8BE4
                                          SHA-256:020B8308768DAF0D493B8F310DA09974C9DFF3FB5850EA18DF7CF4C8E888B0D9
                                          SHA-512:75C8530C0DD3B47C83A1A6D991377089569FCBD7079FA0C5D184543C90CCEECC14715F8F4883FEFDBE907A99C632443770666113DFA499BDFB0DA0B6B9888A1E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................$...............p.....p.......B......................Rich...........................PE..L.....SI...........!.........@......a........................................@......{...............................0........}...........2...........@..H........'...................................=..@............................................text............................... ..`.rdata.............................@..@.data...l).......0..................@....rsrc....2.......@..................@..@.reloc...........0..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):166984
                                          Entropy (8bit):6.091341176673403
                                          Encrypted:false
                                          SSDEEP:3072:9VCaRE1IMtFNpOAMDt0/LHanchjZH8Ol7Pqc1a:GkEpfNINDt0pjx8Ol7Pu
                                          MD5:65B8EDC2D0718BE536EF0D1FE0BBE2C8
                                          SHA1:A8B3808316E148C546C7A036706C2B9A96556BA5
                                          SHA-256:71FEEE98BEFF9E52264DA0161B719835692EA4E9AE3E45258FAF412B731805F1
                                          SHA-512:5916730762762D5D3F0CBA1F74F47F193BC9DCF4F4A858A7BF925ACB9EED09DEA13023B454E1F2D3F4156C47C10C23F18CB8B94F1DC58D3F4E127E2305F80222
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P.M.>UM.>UM.>Uj*EUO.>U.(@UO.>Uj*SU@.>Uj*CUK.>U..aUN.>U..cUB.>UM.?U..>Uj*PUB.>Uj*DUL.>Uj*BUL.>Uj*FUL.>URichM.>U........PE..L...F .J...........!................................................................................................ ................ ..`*..............H....P...................................... ...@...............l............................text............................... ..`.rdata...[.......`..................@..@.data...8........ ..................@....rsrc...`*... ...0... ..............@..@.reloc..4%...P...0...P..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOutFilter3.ax (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):64584
                                          Entropy (8bit):5.310602189963078
                                          Encrypted:false
                                          SSDEEP:1536:JMl7msnlppTtq2RnnoWbU+WOW4XeTW7nM/nV:JMl7mWvRnnoWY+WOW4Xb7nMt
                                          MD5:AC2ECFD26E330619A1FAD88CB0FE6C06
                                          SHA1:D86C7D155BD3C6972080B5E7EBD0888ADB7CA33B
                                          SHA-256:A6CD33AFE7F50ACD6ADBBFFA7FFE4E50DC063DCBA91044DFC9B4ED069CDAD8C4
                                          SHA-512:7A584AC6868F90782D27A7689EC40F41A1C9789CB96558B1B7C459003458D7F3ED424E016EC460E8F8EA750B6C4131E247C6F7968CCED4BB4002E8667F306A7C
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........RC~..C~..C~...q..@~...q..O~..C~.. ~..d...@~.....B~..d...F~..d...O~...]..B~..d...M~..d...B~..d...B~..d...B~..RichC~..........PE..L......I...........!.........`.......u..............................................................................@..........x.......................H.......l...`...................................@...............@............................text....q.......................... ..`.rdata...".......0..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOutput3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):80968
                                          Entropy (8bit):5.805056547315456
                                          Encrypted:false
                                          SSDEEP:1536:SSU/SHVVVA8XEig+e8yN/8yclbmOlb0zlVn3:SSIMdAEjyN/PA6Olb0z
                                          MD5:7E85DDC4628A1024FD895D0AD1BA0B05
                                          SHA1:FFF4CCD0B376F7C8E2AD010A88D6507F432CA06E
                                          SHA-256:F88F78897DD1F04DFD074387675B007D21BDF28E76FB0AEFD4645140F506681F
                                          SHA-512:8A7D31299A9D02BE736203B25BD790AE6316E30F1CB10C74CAA531A2D748939291B9933F22A4E6B8760A9F87ED56E57E6EB2E2222D6D5BEA9ABA777F617421AC
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1...1...1....2..3...0..0....2..=....2..5.......3.......<...1.........0....2..?....2..0....2..0....2..0...Rich1...........PE..L......I...........!................{........................................0..............................................X........................0..H...........@...................................@............................................text............................... ..`.rdata...........0..................@..@.data...<...........................@....rsrc............ ..................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOverlay.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):117832
                                          Entropy (8bit):6.024104061860402
                                          Encrypted:false
                                          SSDEEP:1536:2W2JmU8L4INRB3sVBqh+sjHGWOyUEUFn2ezHp5ONzWe7Ksd8zwMl0y8kOlDkP6KU:2WcmU64OUwwymJyUg6e7KsdWG/kOlQPU
                                          MD5:4EAA081041F838FACDFDCEB831507F71
                                          SHA1:68319DBD06E9F804C10D9A4A5883F25608C6677F
                                          SHA-256:F903D0F6D045BC9F705D91DC1CF9AC3439B9E9DDFD2AB1B4D5DE6A39276AC956
                                          SHA-512:D3A97C8DF9C2C0001EC5283A17A86FA5B4F98C2C42A38522E94523B6796046C50E1BF569AB647E892B8FB8EEF8F9CBAAFEDDCB51438E1A69CCCEC272F3E4A0C0
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=.^.S.^.S.^.S.y%(.\.S..'-._.S.y%>.S.S.y%..X.S.....].S.....Q.S.^.R...S.y%=.N.S.y%)._.S.y%/._.S.y%+._.S.Rich^.S.................PE..L.....6J...........!..... ...................0......................................................................@p......0b..........X...............H............2..............................p?..@............0...............................text............ .................. ..`.rdata...@...0...P...0..............@..@.data...X...........................@....rsrc...X...........................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoPlayer.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):371784
                                          Entropy (8bit):6.21143291043149
                                          Encrypted:false
                                          SSDEEP:6144:1s4BDFA12aZ3tk8wBYZwh8fFvy0k5hOAh+ggXiM5Pc:Kk/aNtkZmwh8tcZ
                                          MD5:46EBB6FD77F6EE8CA2B7C46C054713A7
                                          SHA1:C78459E2B702A4A8F0C09FDA66D238462D3B14FA
                                          SHA-256:AE8C0358F992C68341EA40C3D061CD58E491ECD12E53F3C693045DF695792A41
                                          SHA-512:9AAAB532AC7B9B1F6ACE658CAED5F084A253F9A255C88D2381CDCF1E8C80B44706B20EDFA01CDE92E8DE2908BD0D5DF68D427B7F706EDDB95187B8E1C8B90F73
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........z...z...z..w....z......z......z......z...z...z......z......z......z......z..Rich.z..........PE..L......I...........!.....`...0.......M.......p.......................................4.............................. Z.......G..........xp..............H....@...I...s..................................@............p...............................text...._.......`.................. ..`.rdata.......p.......p..............@..@.data....W...`...`...`..............@....rsrc...xp..........................@..@.reloc...V...@...`...@..............@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoXmlDVDMenu.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):179272
                                          Entropy (8bit):6.179607231382282
                                          Encrypted:false
                                          SSDEEP:3072:1m1IpKpIqwWH1vpkFbPu5mqTOlPwnpZoY:+IpEOPOm0OlPysY
                                          MD5:7392ABFBD080C88BA57D2BDF885BAEB1
                                          SHA1:4A7A66C85AAA96CE34869A936635201999B7E699
                                          SHA-256:2CF7FD34D2FFFACFD5E1FB611C6976A4B3AC7756153FB1551AB37653C56CF72F
                                          SHA-512:1FFDFFC650152E20065086AC4CA82BCCF24B13D1D7D001B0AA70B8C67FD2E34301AB2A2B4C0464F9F7ACFB5546538CC5F213BCEB0497C3BB13D82D9A4BFABF19
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%..SDtASDtASDtAt..AQDtA..ARDtAt..A^DtAt..AUDtA.K+AWDtA.K)A^DtASDuA.DtAt..A@DtAt..ARDtAt..ARDtAt..ARDtARichSDtA........................PE..L...p..I...........!................:................................................................................7.......*.......p..t...............H.......D!......................................@............................................text............................... ..`.rdata..Ah.......p..................@..@.data....#...@... ...@..............@....rsrc...t....p... ...`..............@..@.reloc...(.......0..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSWMVFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):220232
                                          Entropy (8bit):6.233005829179236
                                          Encrypted:false
                                          SSDEEP:3072:KZNigTHjzfynjRQy0erNJaZReTXb9sGi+X4Pj+kRTkDRbiUOALZRNGNt:GigjfKJUeTXCGi+X4P3cbiUOALZzw
                                          MD5:347A700910EAAD8300401B642245E8A9
                                          SHA1:5C6CD7DEE658BD2FD8620D03A0B1B5DAF52250E1
                                          SHA-256:F74B965E1D80638EB7FC15DC61AB37941CEB32A19BD1DE8B0966489022A46EFD
                                          SHA-512:4389FD87AE2C87932D9173A2E16D10788E650DF21F6A45795B5C47FFF6430A399160C38370A2BFE0755E1E3E187FA9C286E0A321A5970050E5A766A02921D8BD
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5..;q.`hq.`hq.`hVp.hs.`h.r.hp.`hVp.h..`hVp.hy.`h..?hw.`h..=h|.`hq.ah.`hVp.hb.`hVp.hp.`hVp.hp.`hVp.hp.`hRichq.`h........................PE..L..../.J...........!.....P...........=.......`...............................P......lX.................................................."...........P..H.... .......c..................................@............`...............................text...|L.......P.................. ..`.rdata..:k...`...p...`..............@..@.data............ ..................@....rsrc....".......0..................@..@.reloc..&'... ...0... ..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSm2vFile3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):199752
                                          Entropy (8bit):6.259121428208719
                                          Encrypted:false
                                          SSDEEP:3072:wUswumEk7zVgJSgeEW+i9COum7iFStF1lt4vU2f8p3:o/eEW+1q7QYQvz85
                                          MD5:01FDE3A477F79E869730E37C3042532B
                                          SHA1:DDC397EADDDE00D65CD03248ECFF038163AC8E71
                                          SHA-256:436FDFA728C307E673D9173204397CF9D6A4EB94C927B3B0B844A73119825DC0
                                          SHA-512:24CE5BD30B3C5A3FFAF5AF6E455DDEE38D3DBDF1B704842521E7876934194F3C61D786B49D2F1A36FA5D74F602B5A8DE376E68B51A30275B9987196ED3F68C4B
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d...7...7...7.`.7...7.`.7.7E..7...7E..7...7...7'..7.`.7...7.`.7...7.`.7...7.`.7...7Rich...7........PE..L...S.XI...........!......................................................... .......................................g.......[..........T!..............H............................................0..@...............@............................text...A........................... ..`.rdata...g.......p..................@..@.data....@...p...0...p..............@....rsrc...T!.......0..................@..@.reloc...........0..................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\100% Quality Download (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2786
                                          Entropy (8bit):4.900760319907551
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAAEXGhQXmxGZCVrwQdiOSEQAQdiFSESSAQdiCSbQAQdiCSbSSE:fpXGhQXmQkrwQdiOSEQAQdiFSErAQdiC
                                          MD5:5D7B439263EB75B6227E51BD37B79AE2
                                          SHA1:2D785F343437ADC2F78DD06280B6FC3F2227FD95
                                          SHA-256:F23D3EA032819EDF9575FD7284DD78C2CF63DE57E8532EBC2F3DB534F54CDE7A
                                          SHA-512:56CA3A349F836B11990D2C077C980380170EE899B240A3747922BCA312F9CB871C27D240D357BE74F907A7BD6582579A1FDCC4950EFF76DA75767570CBF12772
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">5000000</avgBitrate>.. <maxBitrate type="uint">10000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\128k Dual ISDN.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2773
                                          Entropy (8bit):4.892963874866102
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUA90GhQXmbd6CVrwQdiwSEQAQdiSSESSAQdiOSbQAQdiCSbSSE:f90GhQXmZFrwQdiwSEQAQdiSSErAQdiO
                                          MD5:D93D7D90A09D5C70EB4DA26291313D06
                                          SHA1:9C554F9FE121A93EF7FF9DC36D7606D0328E5E64
                                          SHA-256:7E5D4FBBDE6766DF96575F1BE3F376FCAF973EF9457E4D80820609E2BB2D9441
                                          SHA-512:D815A9CAFD8B5AA29419D97D703C039AEA14D9E6C1A40B5196E58812C09561397F94679A897C0275D760C24F3DA063C696425E27F8771B665F81622BFECBFC30
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">100000</avgBitrate>.. <maxBitrate type="uint">200000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">40</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\12k Substream for 28k Dial-up.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2769
                                          Entropy (8bit):4.886617018932608
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAn2GhQXmbm6CVrwQdiXSEQAQdijSESSAQdi+SbQAQdikSbSSE:fn2GhQXmaFrwQdiXSEQAQdijSErAQdio
                                          MD5:CBEDCAB30E616A115973115340B36146
                                          SHA1:A5B9C5A1A2F9E37A6CCF2F5E578C1A9C55D3B68C
                                          SHA-256:00442F4CD2C183505B0B5DF3796CA8FFCBCE6BE02BFCEE9E666A12EE7C3AE882
                                          SHA-512:8E28EF41EB89E5E5741CC837AFC02A7C49EC7A6C9D8DAD78CB44FBE5BBDBFD972A550A1F66915DAB3F2CD3E813A84942984F9B22DD433BE4F20982E0CACD0E9D
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">12000</avgBitrate>.. <maxBitrate type="uint">24000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\150k LAN.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2774
                                          Entropy (8bit):4.898279100458865
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUA7ExGhQXmbfZCVrwQdiGSEQAQdi2SESSAQdiOSbQAQdiCSbSSE:f7ExGhQXmbkrwQdiGSEQAQdi2SErAQd1
                                          MD5:74D3A101D199809C2D5162F09AE1FDCB
                                          SHA1:B54E08E6BE8E4F8F61EF1819CDCF5366BFA6195E
                                          SHA-256:0CE611955AAD8AF165042230B7F4AF5D9668E3A5E1C157554E0E8CD93611BA67
                                          SHA-512:12428D43FB4630139F017377B9DD3CB776061E76A78E1514C775B8328E97BD91858B05C87A72FEE8ED190C762DF3CAA20AA554D8CCF6FCC8DC2DFEC1B89E528E
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">150000</avgBitrate>.. <maxBitrate type="uint">300000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">60</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\16k Substream for 28k Dial-up.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2769
                                          Entropy (8bit):4.888076695342852
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUADzGhQXmbm6CVrwQdiXSEQAQdijSESSAQdiwSbQAQdiZSbSSE:fDzGhQXmaFrwQdiXSEQAQdijSErAQdix
                                          MD5:01BA77EC69B97759673494289721A7A1
                                          SHA1:EE5F2EAD3DCBD460D3B3785CBA05B9E5FF7ADAD4
                                          SHA-256:5456F4CD1A39B7AB2524340C8E56FC0F9E3D5F4EAB8A460B3877D582B68AE08A
                                          SHA-512:2474E8F5E578BA2110ACFB6B0D5A2C6471F724968400AE7EB2A420F27E50608321F8CFACC241ADB10F4B49223C6FDF9D3F292973500CB33173095857E7C6C88D
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">16000</avgBitrate>.. <maxBitrate type="uint">32000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\1M Download (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.899820695443051
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAlCGhQXmxMZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:flCGhQXm6krwQdiOSEQAQdiCSErAQdiC
                                          MD5:3D7059100F8CF93797B50707E579F404
                                          SHA1:C0EB19A6D7A6346645B9D4C88923C69F47C3368F
                                          SHA-256:F7CAFA941211364CFF275EEE988066071D26BE2A22A3066E7AC77B5EC008FAD2
                                          SHA-512:9BCE2F2491ADF41CD9DAAE3941CD09CA66317632E10ADA425748A51066B02074E33E9CFE41CB8F34EB0D610CFDCC05E31E2F08868D2130328E657DD96DC36328
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">1000000</avgBitrate>.. <maxBitrate type="uint">2000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">90</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\1M Multichannel (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.897203254179472
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAlCGhQXmxMZCVrwQdiqtSEQAQdiqtSESSAQdi5SbQAQdi5SbSSE:flCGhQXm6krwQdiqtSEQAQdiqtSErAQR
                                          MD5:A2BED710F1CF410F3FD33970D3D267AE
                                          SHA1:D3B1C227E851B43596AF7DD8B3FB25A97A516BC7
                                          SHA-256:1BEF17720FF6C88365AA7E7DF0C3DD490205786A7DEE5B45932D30FDE56264DF
                                          SHA-512:E7FEFA43DDAEC6C233F77DE670E3BD8F88FDF73A5EE04AD807576E31296E29C93D749FA2489C224FBA068F9AD71A9C28677E8409C3F4486083A65EB707E38CC6
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">1000000</avgBitrate>.. <maxBitrate type="uint">2000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">90</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\1M Surround Stereo (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.900208739789838
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAlCGhQXmxMZCVrwQdir4SEQAQdiCSESSAQdiCSbQAQdiCSbSSE:flCGhQXm6krwQdir4SEQAQdiCSErAQdx
                                          MD5:C553F56300A54DBF9B3293F0265BE113
                                          SHA1:D411084A1B93C2DD778F4D118F5413CD787F8A0A
                                          SHA-256:462A635F1EC39F3FEA18D555D09BC2A6C0BC51BB71FBFF7DD56F20B09D203CE7
                                          SHA-512:7246F0D1130512876769DEB1155A8CC73E2D86669A012C38E5E09629991DE2F582AEDA52096DE55D45346D40052FAB1F1BB1E73B60EC68607E627960F6DF23FE
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">1000000</avgBitrate>.. <maxBitrate type="uint">2000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">90</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\256k DSL or Cable.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2774
                                          Entropy (8bit):4.899204992683194
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAZtGhQXmbaZCVrwQdiGSEQAQdiISESSAQdiOSbQAQdiCSbSSE:fZtGhQXmmkrwQdiGSEQAQdiISErAQdiO
                                          MD5:D86218B5C90A79AD4722E00C637B2C37
                                          SHA1:9B8441BC9FB364B25E99842E2B91F102C8A90AF8
                                          SHA-256:136742FE009FE8E2E3C579B20E363B10F3DB4D78D7A7D6BF488B9BC76D0AC26D
                                          SHA-512:7B6739B8B55E8CFCE79DD0206809D43389D37013C5A7144851399BEEF0617CCA9C478DD4D8FE85B96CA967F40EC7E4AD1FDBF5623D3B5E1F45F33D9FB4F25ACF
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">225000</avgBitrate>.. <maxBitrate type="uint">450000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\26k Substream for 56k Dial-up.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2769
                                          Entropy (8bit):4.887012888493202
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAQdGhQXmbm6CVrwQdiFSEQAQdi7SESSAQdiwSbQAQdiSSbSSE:fQdGhQXmaFrwQdiFSEQAQdi7SErAQdiY
                                          MD5:7B08034A769601CA7423A8E5CB3BA023
                                          SHA1:27D77173000FC265F784ACB1F9441A79DCE1B92C
                                          SHA-256:B2814E8A44302ECD53A035F65A3ED0359A7C31076B32EE64DADA09D52D0CD901
                                          SHA-512:4DB8FD610A0AFD1DA24C35CB0F32873A45E07984191FE6BC9B2D71A10DC5BB5B559344640C017C27C879C2C773B06BA725DC5C4933BBE0C9C67299C6662D824D
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">26000</avgBitrate>.. <maxBitrate type="uint">52000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\28k Dial-up.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2769
                                          Entropy (8bit):4.884427653572266
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAy4GhQXmbm6CVrwQdiFSEQAQdi7SESSAQdiwSbQAQdiSSbSSE:fy4GhQXmaFrwQdiFSEQAQdi7SErAQdiY
                                          MD5:D00A40C77A68E94D1C5E8B228A8699A6
                                          SHA1:702DB15DB02B370632CDFB0625F55794C6B223DD
                                          SHA-256:622C669B93980B8CA46416BF683B1AD9554B1E984970FF3FE06B379122CBD640
                                          SHA-512:B3C5182FEA25DE82507C40D2253EE9E583C820ECBD37D4982B81F7A1C7DABEA07D07DCAA88C3E2E3B868B083193EDB052AF3505C06F991CA7FE57CB77F3A7C8C
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">20000</avgBitrate>.. <maxBitrate type="uint">40000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\2M Download (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.902211089463482
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAqAGhQXmxDZCVrwQdiOSEQAQdir4SESSAQdiCSbQAQdiCSbSSE:fqAGhQXm5krwQdiOSEQAQdir4SErAQdx
                                          MD5:81DE0C06D6497EC2A7CB7B8658986EC9
                                          SHA1:159F250531109C135FFB44DB8F297A74E647FB27
                                          SHA-256:987ED4FBF8403E67A70B17F62D20321F6A4B1A253846FFDB09915F7492814CEF
                                          SHA-512:5C8A243DD003BECBAAAF104E13A6E50BB5855CC5A68EA638C99AC6925EE8165256900D0FE920A81C1F62C37A9DEFDB30F072A323332DBADDFF50D1070582BE7C
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">95</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\2M Multichannel (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.899310933601001
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAqAGhQXmxDZCVrwQdi5SEQAQdi5SESSAQdi5SbQAQdi5SbSSE:fqAGhQXm5krwQdi5SEQAQdi5SErAQdiQ
                                          MD5:90EE424A1EFEE8B9115B06DCB311C814
                                          SHA1:EB9F2DB4E3CE695AAE9DB7AB4AEF57F15F2D8239
                                          SHA-256:0B691ACE022931A7E8CF60E8B45AC8A39537216B5F219BC631385F6A70D618FA
                                          SHA-512:F6546DED7442D49E243F6AE1BD195D7345C49724343F18449937C71223292BC4FDF08DE4918F88B2D7979AA546D498A12DD2F734B03A86659E9DE3108CA65508
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">95</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\2M Surround Stereo (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.900855328863332
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAqAGhQXmxDZCVrwQdiFSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fqAGhQXm5krwQdiFSEQAQdiCSErAQdiC
                                          MD5:38E965EA1276ED6B62C6EF060D978E9E
                                          SHA1:4080BA407618A8B684446A950FA8204D48BB33B9
                                          SHA-256:9C92417E9AC0F855358A2983BA74F32B80A0955E2AFEB975FB75532A98125593
                                          SHA-512:F8BFF9C4D3AD036EA5C7C775E7865EA0B8B115C875D7070E9E2AD26E910F8B897B3A06C892937D0A22064EB2C919685E820D09F296B0C0002EAF7EC296638C54
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">95</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\350k Download (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2782
                                          Entropy (8bit):4.901135504160747
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAy9GhQXmxfZCVrwQdiOSEQAQdiJSESSAQdiCSbQAQdiCSbSSE:fy9GhQXmxkrwQdiOSEQAQdiJSErAQdiC
                                          MD5:0F1839E97AF9EAC1C407E4EDBE43FFB4
                                          SHA1:647EEFA3A0B2C04F626B1D519B64E240472CF9A0
                                          SHA-256:C1E4D129BEC794F4966C6D895ACA2B91E9D0A7A05CF0D5B3A4E774EC420CE29D
                                          SHA-512:BA9901A0E2950410AE046D6DD14A580F50C9495B81F5CD604ECA5E3CCEAB40D5C5A15C3F77C9C9142C1DE9A6B39BEDEA8451551B30E3078CC789D2E8C305A56F
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">350000</avgBitrate>.. <maxBitrate type="uint">700000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">60</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\350k Multichannel (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2782
                                          Entropy (8bit):4.897602688600901
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAy9GhQXmxfZCVrwQdiESEQAQdiESESSAQdiqtSbQAQdi5SbSSE:fy9GhQXmxkrwQdiESEQAQdiESErAQdiz
                                          MD5:41F4DBF923105EC11F65BA2144A4AA1C
                                          SHA1:08944B39295DA9DCB2C9552621B18F2675D72A28
                                          SHA-256:A1B83BDBF455584BD9CB52F4046DD11F2C0C344BDD9AAF3A9C86026CD5A19539
                                          SHA-512:152E8B1F6FC5BCD4E8F552E777B97470D551A00ADC99328EAF35ECD4489EA4E5F784DB8DFC118CA96E9F2A264F9FC79533BE2D94AE07C38A804FE383378697F8
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">350000</avgBitrate>.. <maxBitrate type="uint">700000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">60</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\350k Surround Stereo (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2782
                                          Entropy (8bit):4.901729136243566
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAy9GhQXmxfZCVrwQdiTSSEQAQdiTSSESSAQdiCSbQAQdiCSbSSE:fy9GhQXmxkrwQdi+SEQAQdi+SErAQdiC
                                          MD5:1B8A5FAC7AFDAF1D1065544D28FA8032
                                          SHA1:6ECBF75BBBCCAC4D1E489092EC1AE6CA04933A87
                                          SHA-256:65FABDFBD8EC6FCD83E98773617549F3A429743CC6353A07BE47E8FB3D596E73
                                          SHA-512:65FF373816011F1651642B1874842457DF57837FB99613AE34F43161EDDEB2CC77F88ED7BDEB683535DCEF2091ACC37A581D2EF325E45881C6C5CD1A562971E6
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">350000</avgBitrate>.. <maxBitrate type="uint">700000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">60</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\384k DSL or Cable.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2775
                                          Entropy (8bit):4.9006782402039955
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAy9GhQXmbPZCVrwQdiOSEQAQdiJSESSAQdiCSbQAQdiCSbSSE:fy9GhQXmzkrwQdiOSEQAQdiJSErAQdiC
                                          MD5:369D6681BBB69CA6BB29A106D4F3C3FA
                                          SHA1:7D392F609C16AC010857180CE09802EA11D0C4FA
                                          SHA-256:DEB1CC555647073A4E0410054FABFDD8303E53F1F50B16EB126E559F49E445BD
                                          SHA-512:E05A64636DBB75D8BEFD95049FEB054E9BFBFEBCE144E97B53DD49A09B386A7E820309C0AF089BBB77A56089FE7BADCAF690F3D3304A37868ED389505AC7AB61
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">350000</avgBitrate>.. <maxBitrate type="uint">700000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">77</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\450k Download (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2782
                                          Entropy (8bit):4.900959291006299
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUA7vGhQXmxaZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:f7vGhQXmskrwQdiOSEQAQdiCSErAQdiC
                                          MD5:8EC1E3994954979297D6451177C609B1
                                          SHA1:0BB6EA34A8D18245C6D8E296E6F21FE9FB7B342D
                                          SHA-256:9488DFD2A418D2039AB92616FC0C4D641B1ADB8BE57B683C05FF640B76D73651
                                          SHA-512:6B8418FB1E39FCDFE4C814B1D72EFA935A700895DBC00B82D9EAE5A4B625DD721FC7C81DE484A7104FA047B785CDC6B58F4E1EBCD09BF90CE80E3BFE2A1C54B0
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">450000</avgBitrate>.. <maxBitrate type="uint">900000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\450k Multichannel (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2782
                                          Entropy (8bit):4.898446871040008
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUA7vGhQXmxaZCVrwQdiESEQAQdiESESSAQdiqtSbQAQdi5SbSSE:f7vGhQXmskrwQdiESEQAQdiESErAQdiz
                                          MD5:C4516399B1272FB46728BC44D0F8AF75
                                          SHA1:90F1632637FDD6F712CD729517BADD1BD76242E3
                                          SHA-256:2AACFEDF24629B3CFF4056521D4C140F98B98E9FE779E4CA1700AAA4CE8B8EE0
                                          SHA-512:C8B0526E1FFDAD76C570131B1A9B73640B6FAABF5E92C5E7905D89597BDACAA2769360F1C2A8205682A01F335DF66DD38EE4E14A12ABECE9560D8523CCB23F82
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">450000</avgBitrate>.. <maxBitrate type="uint">900000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\450k Surround Stereo (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2782
                                          Entropy (8bit):4.901010228982603
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUA7vGhQXmxaZCVrwQdiTSSEQAQdiTSSESSAQdiCSbQAQdiCSbSSE:f7vGhQXmskrwQdi+SEQAQdi+SErAQdiC
                                          MD5:51469FA9523E74A5D541E564E1B0F9D2
                                          SHA1:A68F5A8B71367728FFA6228D663BC266DCBFE7EC
                                          SHA-256:28395B9FC5DFE974EA4F395DC31DB91ED23D89A2AEC9F5BB6CB7650BDC851BEE
                                          SHA-512:A93A199C127A4F9A49B62D5DEF541A678F2F943AC77655DD50DFF0180A61531B667A25A5E1585B2474E70355EC22CFBB93403AD8351CDB5B2D93B3D2834A9DF1
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">450000</avgBitrate>.. <maxBitrate type="uint">900000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\512k DSL or Cable.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2775
                                          Entropy (8bit):4.900324924891799
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUA7vGhQXmbNZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:f7vGhQXm5krwQdiOSEQAQdiCSErAQdiC
                                          MD5:C955F947CDC39D2466CCC1CC522EAD5D
                                          SHA1:85D9EA0E5A7B1635C53FE6DF44D30B90B8445C4C
                                          SHA-256:AC597B9207A05CA0DD7CE8D1609169A3A6536FA798C06F923DD0B1C6FA2AB087
                                          SHA-512:72F4F0AB335FB21FDC739AF31E367EAEA864518BFE674BCD7410DCFB5BC2C1EF97009C1D00D57D21EB6584021BE832680270B8054E89BBE316D27F2316865939
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">450000</avgBitrate>.. <maxBitrate type="uint">900000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">84</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\56k Dial-up.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2770
                                          Entropy (8bit):4.89211739812396
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAfmGhQXmbm6CVrwQdiFSEQAQdi7SESSAQdiGSbQAQdi2SbSSE:ffmGhQXmaFrwQdiFSEQAQdi7SErAQdi6
                                          MD5:C8859FEBE57ACD0411A0963530D90430
                                          SHA1:ED75101906B45656BCFEEA1038B70A6C8B4ADF79
                                          SHA-256:FEA8E082BB13EA02C2F60B91837664637F4325E1DCC26F50183C996FE9FB7761
                                          SHA-512:4D30E7D56828EB87B2C95A2142160114A4E0B09F530292CD56B57258BA1EDD436F3C32118D964148C0186305F116A74F7AA84BD19903FF330F3E35307206BE57
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">34000</avgBitrate>.. <maxBitrate type="uint">68000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\5M Download (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2786
                                          Entropy (8bit):4.900760319907551
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAAEXGhQXmxGZCVrwQdiOSEQAQdiFSESSAQdiCSbQAQdiCSbSSE:fpXGhQXmQkrwQdiOSEQAQdiFSErAQdiC
                                          MD5:5D7B439263EB75B6227E51BD37B79AE2
                                          SHA1:2D785F343437ADC2F78DD06280B6FC3F2227FD95
                                          SHA-256:F23D3EA032819EDF9575FD7284DD78C2CF63DE57E8532EBC2F3DB534F54CDE7A
                                          SHA-512:56CA3A349F836B11990D2C077C980380170EE899B240A3747922BCA312F9CB871C27D240D357BE74F907A7BD6582579A1FDCC4950EFF76DA75767570CBF12772
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">5000000</avgBitrate>.. <maxBitrate type="uint">10000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\5M Multichannel (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2786
                                          Entropy (8bit):4.8982790656137905
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAAEXGhQXmxGZCVrwQdi5SEQAQdi5SESSAQdi5SbQAQdi5SbSSE:fpXGhQXmQkrwQdi5SEQAQdi5SErAQdiQ
                                          MD5:258A87EC71859D3E7A0B92D82792C48E
                                          SHA1:10EB812873308C393A85A0BA95D552F3ED137D97
                                          SHA-256:3C020749A6B145A812323332E5C2EEA48A14025091B25B5CD3B8EE3E19AAEB94
                                          SHA-512:0C0C2088B8CE3C8B1E12B717656B17497B364F9B0BEE886959DE58F7DB30518ACA0E421750EB78F780EE142266DED80663BF4CBCE3D3C25467A17DBA6139F6D3
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">5000000</avgBitrate>.. <maxBitrate type="uint">10000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\5M Surround Stereo (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2786
                                          Entropy (8bit):4.900152461503551
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAAEXGhQXmxGZCVrwQdiFSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fpXGhQXmQkrwQdiFSEQAQdiCSErAQdiC
                                          MD5:152840C49C7B27E86872A003EC913575
                                          SHA1:49C460DFAFF5238A6C0C0D73BE97F742D1AA9A07
                                          SHA-256:AEFAC4EE115419A8BF432D18D2B3D60FA59AC199D7402F83382917994EE16EC8
                                          SHA-512:AEDEE1D44A6FE9B25F3CD020820F178D2C2701FD95AE60CD471F4A0BA6EF34F10CB1CFAE7F9F6F8E76C11D84C0D38BD74DF8CF29DE3D9DD0D4FBBDC3F7008D0F
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">5000000</avgBitrate>.. <maxBitrate type="uint">10000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\64k Single ISDN.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2771
                                          Entropy (8bit):4.891825004332733
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAA8XGhQXmbt6CVrwQdi+SEQAQdikSESSAQdiGSbQAQdiISbSSE:fJXGhQXmZFrwQdi+SEQAQdikSErAQdi0
                                          MD5:EB5AE1A2971541214DBFB0F9A62C09D3
                                          SHA1:CC8BC9251B7F016C38D8004983458A92E6BD2F86
                                          SHA-256:EE4604416BDC01B355F7E420DD865B2238FD2A624B1DF80CA87528AE049F2246
                                          SHA-512:36211EC09C4CABCE6246623E50F5BABB558E981A13C0E1BB7F19F1FEFDAA687CF0572720F54D7699C7AA40C03E657E1C0A7D7A923773F28A2E5103D0CD92B40E
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">50000</avgBitrate>.. <maxBitrate type="uint">100000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">35</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>.

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\70% Quality Download (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2783
                                          Entropy (8bit):4.900947577390879
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUALbGhQXmxaZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fLbGhQXmskrwQdiOSEQAQdiCSErAQdiC
                                          MD5:5307E2EFBE96D3E1AFE609C6A6C0E591
                                          SHA1:3FF1A198ED0F16E77BEDC71FA7888C95039B2F69
                                          SHA-256:D8C7CABD3C82CC58BB255229C3A77091C631767A437C1C58AC3085BB1069473E
                                          SHA-512:E03982089972F26A590D2CDC3E29085EA955AE06DF1CB4CF509DE19339EAD43A2879127C579E30C6182AEAC41AD0B22CAB6E05ED432451513BEC6EDF75C2BDB9
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">700000</avgBitrate>.. <maxBitrate type="uint">1400000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plu

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\750k Download (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2783
                                          Entropy (8bit):4.901505287509225
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAW7aGhQXmxRZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fW7aGhQXm/krwQdiOSEQAQdiCSErAQdx
                                          MD5:A58F9D142858D86DE5744B13508A1277
                                          SHA1:DD54CE0714F09B54D22E3B6D2F84F19CE1549D5F
                                          SHA-256:68D2CF05EDFC6361FAEC27FBE85C915E9D5339375956EE9289EEB80BFAAD4AEC
                                          SHA-512:9937AAD9A78398D8F77271D4F41C740470BFD613F7BC0BD71486181141FAA84A5CA255C7D272084CAFDD97F15C956411365DDBB90BC4A31FBA8B5EE703B377AD
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">750000</avgBitrate>.. <maxBitrate type="uint">1500000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">80</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plu

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\750k Multichannel (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2783
                                          Entropy (8bit):4.898526134677562
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUALbGhQXmxRZCVrwQdibSEQAQdibSESSAQdi5SbQAQdi5SbSSE:fLbGhQXm/krwQdibSEQAQdibSErAQdiQ
                                          MD5:F6BCCFD4B20A2A381D3618422E56D9C5
                                          SHA1:E55E7D62C8D97611CA4BC069D260A883FF67C55B
                                          SHA-256:6D6DAC09AB8E5DF5C46F455061116039CD8AD124411C439B5437B56E96647D12
                                          SHA-512:5F31ED103D227EB67E3E92B6B5C0EA86A9CBEDFA0A2E476F2381687DEFA4B6AF38D8E4975F1E3003B988A806699033261489B5BFF5B27CDBBC13108B9FBC2A62
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">700000</avgBitrate>.. <maxBitrate type="uint">1400000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">80</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plu

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\750k Surround Stereo (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2783
                                          Entropy (8bit):4.900953331049162
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUALbGhQXmxRZCVrwQdir4SEQAQdiFSESSAQdiCSbQAQdiCSbSSE:fLbGhQXm/krwQdir4SEQAQdiFSErAQdx
                                          MD5:C307D31594EDC65F24723B9CEB54CB53
                                          SHA1:20A092A476CADE15C29259F08D8488D12C0AC441
                                          SHA-256:230435126A87E06C08E04D1DD51D7218CAED36CF5859592D9E9F52DC2A710884
                                          SHA-512:D4BA746C291CFD9E94FD3547B36B29D627ADA184EB2BE67013EBC2DA1F52FB359DDDD9375C630D6E1EB7A3EEAD8952E0F134AC6B25D7658EDF5A408ACA7DDECE
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">700000</avgBitrate>.. <maxBitrate type="uint">1400000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">80</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plu

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\768k DSL or Cable.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2776
                                          Entropy (8bit):4.9012380435446525
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUALbGhQXmbJZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fLbGhQXm9krwQdiOSEQAQdiCSErAQdiC
                                          MD5:59704A98B21B5D7977FE72173FEA8AED
                                          SHA1:B365E8A0476B57955C77C12923B08EAA5BBCBE42
                                          SHA-256:7BD5781745DFB8FF0D92E803C8D55FC3E3524CBC3D4E415826881F5CA3201648
                                          SHA-512:D476E393BFF6F4156EE6AFCF069FB881061F1AA45BB031ABFAC85B2728B502CBAEBEC8772AB66A114590C222227F479235685A7B2A3F66DC093081D4B612F505
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">700000</avgBitrate>.. <maxBitrate type="uint">1400000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">88</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\80% Quality Download (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.899102304638453
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAlCGhQXmxRZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:flCGhQXm/krwQdiOSEQAQdiCSErAQdiC
                                          MD5:A615E0394F584B4A2F062F453DAE6E80
                                          SHA1:57C818FDBE9D55C0DA232CCBD3D38233A3D2CE07
                                          SHA-256:0A2D12393DC0029DB5B16022C1EAEC6B57A0944623B92153B95178ADF9847240
                                          SHA-512:4BE1D760825071B36A18B7020E5E2E2CD3E1D9A925F940CC823BFF0B294839F29A2D12A42925681FB9817C69C4702ECB1E50E61BD70DEBC37CFD664E8792762D
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">1000000</avgBitrate>.. <maxBitrate type="uint">2000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">80</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\90% Quality Download (VBR).rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.90111726170542
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAqAGhQXmxMZCVrwQdiOSEQAQdir4SESSAQdiCSbQAQdiCSbSSE:fqAGhQXm6krwQdiOSEQAQdir4SErAQdx
                                          MD5:F328E233516EA0EBA47CB6067880E4EA
                                          SHA1:E6CC429F94C0CB93FB4B47F4C016AFD71BDBC8BC
                                          SHA-256:E21A0F10C91D6D6D06CABE5E3AE3A3ED96CDFF821DBEFDCDF1C887358FC1F175
                                          SHA-512:A967F72A2656EB9F48B3B2917BA241D7FE17E2FE2C6A7520221D2D2528F3991D5125F6881C09E81938362A467F437DE21D697D4350E09AE6A744078292042CF9
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">90</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\General Mobile Local Playback.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2800
                                          Entropy (8bit):4.8498080202398155
                                          Encrypted:false
                                          SSDEEP:48:cF880UA0KGrDorWbYs43kQX7iVQdXDSCkpK73QdXDQkpKCRVQdXDSCnpKXVQdXDg:L0KGrcrWsuQX7iVQdXDtkpK73QdXDQk9
                                          MD5:9BDB0DE024E3113C93493CC856B74273
                                          SHA1:B58E715BD23CBDFBEC96CE9812104EBA5F6442E0
                                          SHA-256:51B7EAAD90181FF7D3585632A14CF6964B449241D4CD194AC84A6D27E45AABD4
                                          SHA-512:AC73D4F01C7A15FE5C100CFB412446DB6E93332FB7EBE874E5140F86DD15CA6A2E6E12CBEA571D9177567072ECD36554187D52B5474163A1CE6B3C52EDEFB3D5
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">80000</avgBitrate>.. <maxBitrate type="uint">112000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <codecName type="string">rv8</codecName>.. <enableLossProtection type="bool">false</enableLossProtection>.. <encodingType type="string">cbr</encodingType>.. <maxFrameRate type="double">7.500000</maxFrameRate>.. <maxKeyFrameInterval type="double">10.000000</maxKeyFrameInterval>.. <maxStartupLatency type="double">4.000000</maxStartupLatency>.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <quality type="uint">40</quality>.. </stream>.. <stream xsi:type="audioStream">.. <codecFlavor type="uint">2</codecFlavor>.. <codecN

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\General Mobile Streaming.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2798
                                          Entropy (8bit):4.839744521077124
                                          Encrypted:false
                                          SSDEEP:48:cF880UAyCGrDorWbYZ43kQXiwVQdXDSCkpKw3QdXDQkpKiVQdXDSCnpK73QdXDQH:LyCGrcrWs1QXiwVQdXDtkpKw3QdXDQk5
                                          MD5:3931BA0423004139D1FCB58DCC4434B9
                                          SHA1:E5C4E12B0DDCF2570C9B32E7FFB9495022C0B8E5
                                          SHA-256:F1ADB2B4B1F1A6598AED0BD70761E869599A3D503ECE5E980EA1551A075492F8
                                          SHA-512:EA242F5147E4A57475D9BBAA7B8AFDCF0A514DD18A3904EE281D784920C8A4F2158586007B9C776BC0649194F00C41AE3F4B865630B21E47D43CC85E9637AAD5
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">20000</avgBitrate>.. <maxBitrate type="uint">28000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <codecName type="string">rv8</codecName>.. <enableLossProtection type="bool">false</enableLossProtection>.. <encodingType type="string">cbr</encodingType>.. <maxFrameRate type="double">5.000000</maxFrameRate>.. <maxKeyFrameInterval type="double">10.000000</maxKeyFrameInterval>.. <maxStartupLatency type="double">4.000000</maxStartupLatency>.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <quality type="uint">30</quality>.. </stream>.. <stream xsi:type="audioStream">.. <codecFlavor type="uint">0</codecFlavor>.. <codecNa

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\Lossless Audio.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2777
                                          Entropy (8bit):4.89018673094656
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAqAGhQXmxGZCVrwQ5iISEQAQ5iISESSAQ5iISbQAQ5iISbSSE:fqAGhQXmQkrwQ5iISEQAQ5iISErAQ5iw
                                          MD5:A8A1F53B88491643AF854DA1BFED49C5
                                          SHA1:9E193975DEF484AEA1C449571E0B12C6A73C3A44
                                          SHA-256:B221266E1EBC54F4007A815918DA4ACF867A9CFEEB2DBDB5CFEE8C0ECECF9390
                                          SHA-512:6E8FD5CA8E4C6DDE545CDA73468AB734212B814C08DA4A684B6905D7E3A55AC0210A486EBDC4E7104A9C582DACF5EA2C799068FC0E7EF86576E10E8A6DF93B5A
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-lossless</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\PocketPC Local Playback.rpad (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2803
                                          Entropy (8bit):4.8551933948648225
                                          Encrypted:false
                                          SSDEEP:48:cF880UA8hGrDorWbYs43kQXGdVQdXDSCkpKXVQdXDQkpKhVQdXDSCnpKXVQdXDQH:L8hGrcrWsuQXGdVQdXDtkpKXVQdXDQke
                                          MD5:341F17366A7ED4FB2FA3CC4B1FEB6B07
                                          SHA1:BB6FABB2F9D4B3E97C4662C3545F8FD3B38ACEE3
                                          SHA-256:1595698CB16144131F0669CE166EDE6FCA0E0B942CB34FCF9D9B095660750D9A
                                          SHA-512:EFB0271C11681C6C1C3293979D357B6A2C666F5DE7F9A48EDD03F8912292835D16B4BA8F500F01A0CCA0DACBFD7F86203CF40FF1DF18EC1F9FBED7F7B2F9698B
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">200000</avgBitrate>.. <maxBitrate type="uint">256000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <codecName type="string">rv8</codecName>.. <enableLossProtection type="bool">false</enableLossProtection>.. <encodingType type="string">cbr</encodingType>.. <maxFrameRate type="double">15.000000</maxFrameRate>.. <maxKeyFrameInterval type="double">10.000000</maxKeyFrameInterval>.. <maxStartupLatency type="double">4.000000</maxStartupLatency>.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <quality type="uint">70</quality>.. </stream>.. <stream xsi:type="audioStream">.. <codecFlavor type="uint">16</codecFlavor>.. <cod

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-1G2PH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.899820695443051
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAlCGhQXmxMZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:flCGhQXm6krwQdiOSEQAQdiCSErAQdiC
                                          MD5:3D7059100F8CF93797B50707E579F404
                                          SHA1:C0EB19A6D7A6346645B9D4C88923C69F47C3368F
                                          SHA-256:F7CAFA941211364CFF275EEE988066071D26BE2A22A3066E7AC77B5EC008FAD2
                                          SHA-512:9BCE2F2491ADF41CD9DAAE3941CD09CA66317632E10ADA425748A51066B02074E33E9CFE41CB8F34EB0D610CFDCC05E31E2F08868D2130328E657DD96DC36328
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">1000000</avgBitrate>.. <maxBitrate type="uint">2000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">90</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-1V9F9.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2782
                                          Entropy (8bit):4.901135504160747
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAy9GhQXmxfZCVrwQdiOSEQAQdiJSESSAQdiCSbQAQdiCSbSSE:fy9GhQXmxkrwQdiOSEQAQdiJSErAQdiC
                                          MD5:0F1839E97AF9EAC1C407E4EDBE43FFB4
                                          SHA1:647EEFA3A0B2C04F626B1D519B64E240472CF9A0
                                          SHA-256:C1E4D129BEC794F4966C6D895ACA2B91E9D0A7A05CF0D5B3A4E774EC420CE29D
                                          SHA-512:BA9901A0E2950410AE046D6DD14A580F50C9495B81F5CD604ECA5E3CCEAB40D5C5A15C3F77C9C9142C1DE9A6B39BEDEA8451551B30E3078CC789D2E8C305A56F
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">350000</avgBitrate>.. <maxBitrate type="uint">700000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">60</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-24FFT.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2776
                                          Entropy (8bit):4.9012380435446525
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUALbGhQXmbJZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fLbGhQXm9krwQdiOSEQAQdiCSErAQdiC
                                          MD5:59704A98B21B5D7977FE72173FEA8AED
                                          SHA1:B365E8A0476B57955C77C12923B08EAA5BBCBE42
                                          SHA-256:7BD5781745DFB8FF0D92E803C8D55FC3E3524CBC3D4E415826881F5CA3201648
                                          SHA-512:D476E393BFF6F4156EE6AFCF069FB881061F1AA45BB031ABFAC85B2728B502CBAEBEC8772AB66A114590C222227F479235685A7B2A3F66DC093081D4B612F505
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">700000</avgBitrate>.. <maxBitrate type="uint">1400000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">88</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-2GPG2.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2771
                                          Entropy (8bit):4.891825004332733
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAA8XGhQXmbt6CVrwQdi+SEQAQdikSESSAQdiGSbQAQdiISbSSE:fJXGhQXmZFrwQdi+SEQAQdikSErAQdi0
                                          MD5:EB5AE1A2971541214DBFB0F9A62C09D3
                                          SHA1:CC8BC9251B7F016C38D8004983458A92E6BD2F86
                                          SHA-256:EE4604416BDC01B355F7E420DD865B2238FD2A624B1DF80CA87528AE049F2246
                                          SHA-512:36211EC09C4CABCE6246623E50F5BABB558E981A13C0E1BB7F19F1FEFDAA687CF0572720F54D7699C7AA40C03E657E1C0A7D7A923773F28A2E5103D0CD92B40E
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">50000</avgBitrate>.. <maxBitrate type="uint">100000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">35</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>.

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-5M38V.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.900855328863332
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAqAGhQXmxDZCVrwQdiFSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fqAGhQXm5krwQdiFSEQAQdiCSErAQdiC
                                          MD5:38E965EA1276ED6B62C6EF060D978E9E
                                          SHA1:4080BA407618A8B684446A950FA8204D48BB33B9
                                          SHA-256:9C92417E9AC0F855358A2983BA74F32B80A0955E2AFEB975FB75532A98125593
                                          SHA-512:F8BFF9C4D3AD036EA5C7C775E7865EA0B8B115C875D7070E9E2AD26E910F8B897B3A06C892937D0A22064EB2C919685E820D09F296B0C0002EAF7EC296638C54
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">95</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-6SPLN.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2782
                                          Entropy (8bit):4.901729136243566
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAy9GhQXmxfZCVrwQdiTSSEQAQdiTSSESSAQdiCSbQAQdiCSbSSE:fy9GhQXmxkrwQdi+SEQAQdi+SErAQdiC
                                          MD5:1B8A5FAC7AFDAF1D1065544D28FA8032
                                          SHA1:6ECBF75BBBCCAC4D1E489092EC1AE6CA04933A87
                                          SHA-256:65FABDFBD8EC6FCD83E98773617549F3A429743CC6353A07BE47E8FB3D596E73
                                          SHA-512:65FF373816011F1651642B1874842457DF57837FB99613AE34F43161EDDEB2CC77F88ED7BDEB683535DCEF2091ACC37A581D2EF325E45881C6C5CD1A562971E6
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">350000</avgBitrate>.. <maxBitrate type="uint">700000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">60</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-7PEBG.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2786
                                          Entropy (8bit):4.900760319907551
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAAEXGhQXmxGZCVrwQdiOSEQAQdiFSESSAQdiCSbQAQdiCSbSSE:fpXGhQXmQkrwQdiOSEQAQdiFSErAQdiC
                                          MD5:5D7B439263EB75B6227E51BD37B79AE2
                                          SHA1:2D785F343437ADC2F78DD06280B6FC3F2227FD95
                                          SHA-256:F23D3EA032819EDF9575FD7284DD78C2CF63DE57E8532EBC2F3DB534F54CDE7A
                                          SHA-512:56CA3A349F836B11990D2C077C980380170EE899B240A3747922BCA312F9CB871C27D240D357BE74F907A7BD6582579A1FDCC4950EFF76DA75767570CBF12772
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">5000000</avgBitrate>.. <maxBitrate type="uint">10000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-82G1B.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2769
                                          Entropy (8bit):4.886617018932608
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAn2GhQXmbm6CVrwQdiXSEQAQdijSESSAQdi+SbQAQdikSbSSE:fn2GhQXmaFrwQdiXSEQAQdijSErAQdio
                                          MD5:CBEDCAB30E616A115973115340B36146
                                          SHA1:A5B9C5A1A2F9E37A6CCF2F5E578C1A9C55D3B68C
                                          SHA-256:00442F4CD2C183505B0B5DF3796CA8FFCBCE6BE02BFCEE9E666A12EE7C3AE882
                                          SHA-512:8E28EF41EB89E5E5741CC837AFC02A7C49EC7A6C9D8DAD78CB44FBE5BBDBFD972A550A1F66915DAB3F2CD3E813A84942984F9B22DD433BE4F20982E0CACD0E9D
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">12000</avgBitrate>.. <maxBitrate type="uint">24000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-8OJPS.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.902211089463482
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAqAGhQXmxDZCVrwQdiOSEQAQdir4SESSAQdiCSbQAQdiCSbSSE:fqAGhQXm5krwQdiOSEQAQdir4SErAQdx
                                          MD5:81DE0C06D6497EC2A7CB7B8658986EC9
                                          SHA1:159F250531109C135FFB44DB8F297A74E647FB27
                                          SHA-256:987ED4FBF8403E67A70B17F62D20321F6A4B1A253846FFDB09915F7492814CEF
                                          SHA-512:5C8A243DD003BECBAAAF104E13A6E50BB5855CC5A68EA638C99AC6925EE8165256900D0FE920A81C1F62C37A9DEFDB30F072A323332DBADDFF50D1070582BE7C
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">95</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-8RPPB.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2782
                                          Entropy (8bit):4.900959291006299
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUA7vGhQXmxaZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:f7vGhQXmskrwQdiOSEQAQdiCSErAQdiC
                                          MD5:8EC1E3994954979297D6451177C609B1
                                          SHA1:0BB6EA34A8D18245C6D8E296E6F21FE9FB7B342D
                                          SHA-256:9488DFD2A418D2039AB92616FC0C4D641B1ADB8BE57B683C05FF640B76D73651
                                          SHA-512:6B8418FB1E39FCDFE4C814B1D72EFA935A700895DBC00B82D9EAE5A4B625DD721FC7C81DE484A7104FA047B785CDC6B58F4E1EBCD09BF90CE80E3BFE2A1C54B0
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">450000</avgBitrate>.. <maxBitrate type="uint">900000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-A3115.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2782
                                          Entropy (8bit):4.897602688600901
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAy9GhQXmxfZCVrwQdiESEQAQdiESESSAQdiqtSbQAQdi5SbSSE:fy9GhQXmxkrwQdiESEQAQdiESErAQdiz
                                          MD5:41F4DBF923105EC11F65BA2144A4AA1C
                                          SHA1:08944B39295DA9DCB2C9552621B18F2675D72A28
                                          SHA-256:A1B83BDBF455584BD9CB52F4046DD11F2C0C344BDD9AAF3A9C86026CD5A19539
                                          SHA-512:152E8B1F6FC5BCD4E8F552E777B97470D551A00ADC99328EAF35ECD4489EA4E5F784DB8DFC118CA96E9F2A264F9FC79533BE2D94AE07C38A804FE383378697F8
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">350000</avgBitrate>.. <maxBitrate type="uint">700000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">60</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-A5HME.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2769
                                          Entropy (8bit):4.884427653572266
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAy4GhQXmbm6CVrwQdiFSEQAQdi7SESSAQdiwSbQAQdiSSbSSE:fy4GhQXmaFrwQdiFSEQAQdi7SErAQdiY
                                          MD5:D00A40C77A68E94D1C5E8B228A8699A6
                                          SHA1:702DB15DB02B370632CDFB0625F55794C6B223DD
                                          SHA-256:622C669B93980B8CA46416BF683B1AD9554B1E984970FF3FE06B379122CBD640
                                          SHA-512:B3C5182FEA25DE82507C40D2253EE9E583C820ECBD37D4982B81F7A1C7DABEA07D07DCAA88C3E2E3B868B083193EDB052AF3505C06F991CA7FE57CB77F3A7C8C
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">20000</avgBitrate>.. <maxBitrate type="uint">40000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-AGGM8.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2783
                                          Entropy (8bit):4.900953331049162
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUALbGhQXmxRZCVrwQdir4SEQAQdiFSESSAQdiCSbQAQdiCSbSSE:fLbGhQXm/krwQdir4SEQAQdiFSErAQdx
                                          MD5:C307D31594EDC65F24723B9CEB54CB53
                                          SHA1:20A092A476CADE15C29259F08D8488D12C0AC441
                                          SHA-256:230435126A87E06C08E04D1DD51D7218CAED36CF5859592D9E9F52DC2A710884
                                          SHA-512:D4BA746C291CFD9E94FD3547B36B29D627ADA184EB2BE67013EBC2DA1F52FB359DDDD9375C630D6E1EB7A3EEAD8952E0F134AC6B25D7658EDF5A408ACA7DDECE
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">700000</avgBitrate>.. <maxBitrate type="uint">1400000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">80</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plu

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-AL4IC.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2773
                                          Entropy (8bit):4.892963874866102
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUA90GhQXmbd6CVrwQdiwSEQAQdiSSESSAQdiOSbQAQdiCSbSSE:f90GhQXmZFrwQdiwSEQAQdiSSErAQdiO
                                          MD5:D93D7D90A09D5C70EB4DA26291313D06
                                          SHA1:9C554F9FE121A93EF7FF9DC36D7606D0328E5E64
                                          SHA-256:7E5D4FBBDE6766DF96575F1BE3F376FCAF973EF9457E4D80820609E2BB2D9441
                                          SHA-512:D815A9CAFD8B5AA29419D97D703C039AEA14D9E6C1A40B5196E58812C09561397F94679A897C0275D760C24F3DA063C696425E27F8771B665F81622BFECBFC30
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">100000</avgBitrate>.. <maxBitrate type="uint">200000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">40</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-B4EHI.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2783
                                          Entropy (8bit):4.898526134677562
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUALbGhQXmxRZCVrwQdibSEQAQdibSESSAQdi5SbQAQdi5SbSSE:fLbGhQXm/krwQdibSEQAQdibSErAQdiQ
                                          MD5:F6BCCFD4B20A2A381D3618422E56D9C5
                                          SHA1:E55E7D62C8D97611CA4BC069D260A883FF67C55B
                                          SHA-256:6D6DAC09AB8E5DF5C46F455061116039CD8AD124411C439B5437B56E96647D12
                                          SHA-512:5F31ED103D227EB67E3E92B6B5C0EA86A9CBEDFA0A2E476F2381687DEFA4B6AF38D8E4975F1E3003B988A806699033261489B5BFF5B27CDBBC13108B9FBC2A62
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">700000</avgBitrate>.. <maxBitrate type="uint">1400000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">80</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plu

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-DOLCM.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2777
                                          Entropy (8bit):4.89018673094656
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAqAGhQXmxGZCVrwQ5iISEQAQ5iISESSAQ5iISbQAQ5iISbSSE:fqAGhQXmQkrwQ5iISEQAQ5iISErAQ5iw
                                          MD5:A8A1F53B88491643AF854DA1BFED49C5
                                          SHA1:9E193975DEF484AEA1C449571E0B12C6A73C3A44
                                          SHA-256:B221266E1EBC54F4007A815918DA4ACF867A9CFEEB2DBDB5CFEE8C0ECECF9390
                                          SHA-512:6E8FD5CA8E4C6DDE545CDA73468AB734212B814C08DA4A684B6905D7E3A55AC0210A486EBDC4E7104A9C582DACF5EA2C799068FC0E7EF86576E10E8A6DF93B5A
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-lossless</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-DSAK1.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.897203254179472
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAlCGhQXmxMZCVrwQdiqtSEQAQdiqtSESSAQdi5SbQAQdi5SbSSE:flCGhQXm6krwQdiqtSEQAQdiqtSErAQR
                                          MD5:A2BED710F1CF410F3FD33970D3D267AE
                                          SHA1:D3B1C227E851B43596AF7DD8B3FB25A97A516BC7
                                          SHA-256:1BEF17720FF6C88365AA7E7DF0C3DD490205786A7DEE5B45932D30FDE56264DF
                                          SHA-512:E7FEFA43DDAEC6C233F77DE670E3BD8F88FDF73A5EE04AD807576E31296E29C93D749FA2489C224FBA068F9AD71A9C28677E8409C3F4486083A65EB707E38CC6
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">1000000</avgBitrate>.. <maxBitrate type="uint">2000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">90</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-E4B4P.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2775
                                          Entropy (8bit):4.9006782402039955
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAy9GhQXmbPZCVrwQdiOSEQAQdiJSESSAQdiCSbQAQdiCSbSSE:fy9GhQXmzkrwQdiOSEQAQdiJSErAQdiC
                                          MD5:369D6681BBB69CA6BB29A106D4F3C3FA
                                          SHA1:7D392F609C16AC010857180CE09802EA11D0C4FA
                                          SHA-256:DEB1CC555647073A4E0410054FABFDD8303E53F1F50B16EB126E559F49E445BD
                                          SHA-512:E05A64636DBB75D8BEFD95049FEB054E9BFBFEBCE144E97B53DD49A09B386A7E820309C0AF089BBB77A56089FE7BADCAF690F3D3304A37868ED389505AC7AB61
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">350000</avgBitrate>.. <maxBitrate type="uint">700000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">77</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-E4R62.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2783
                                          Entropy (8bit):4.900947577390879
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUALbGhQXmxaZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fLbGhQXmskrwQdiOSEQAQdiCSErAQdiC
                                          MD5:5307E2EFBE96D3E1AFE609C6A6C0E591
                                          SHA1:3FF1A198ED0F16E77BEDC71FA7888C95039B2F69
                                          SHA-256:D8C7CABD3C82CC58BB255229C3A77091C631767A437C1C58AC3085BB1069473E
                                          SHA-512:E03982089972F26A590D2CDC3E29085EA955AE06DF1CB4CF509DE19339EAD43A2879127C579E30C6182AEAC41AD0B22CAB6E05ED432451513BEC6EDF75C2BDB9
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">700000</avgBitrate>.. <maxBitrate type="uint">1400000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plu

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-ETHJA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2786
                                          Entropy (8bit):4.900152461503551
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAAEXGhQXmxGZCVrwQdiFSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fpXGhQXmQkrwQdiFSEQAQdiCSErAQdiC
                                          MD5:152840C49C7B27E86872A003EC913575
                                          SHA1:49C460DFAFF5238A6C0C0D73BE97F742D1AA9A07
                                          SHA-256:AEFAC4EE115419A8BF432D18D2B3D60FA59AC199D7402F83382917994EE16EC8
                                          SHA-512:AEDEE1D44A6FE9B25F3CD020820F178D2C2701FD95AE60CD471F4A0BA6EF34F10CB1CFAE7F9F6F8E76C11D84C0D38BD74DF8CF29DE3D9DD0D4FBBDC3F7008D0F
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">5000000</avgBitrate>.. <maxBitrate type="uint">10000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-ETK6M.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2803
                                          Entropy (8bit):4.8551933948648225
                                          Encrypted:false
                                          SSDEEP:48:cF880UA8hGrDorWbYs43kQXGdVQdXDSCkpKXVQdXDQkpKhVQdXDSCnpKXVQdXDQH:L8hGrcrWsuQXGdVQdXDtkpKXVQdXDQke
                                          MD5:341F17366A7ED4FB2FA3CC4B1FEB6B07
                                          SHA1:BB6FABB2F9D4B3E97C4662C3545F8FD3B38ACEE3
                                          SHA-256:1595698CB16144131F0669CE166EDE6FCA0E0B942CB34FCF9D9B095660750D9A
                                          SHA-512:EFB0271C11681C6C1C3293979D357B6A2C666F5DE7F9A48EDD03F8912292835D16B4BA8F500F01A0CCA0DACBFD7F86203CF40FF1DF18EC1F9FBED7F7B2F9698B
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">200000</avgBitrate>.. <maxBitrate type="uint">256000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <codecName type="string">rv8</codecName>.. <enableLossProtection type="bool">false</enableLossProtection>.. <encodingType type="string">cbr</encodingType>.. <maxFrameRate type="double">15.000000</maxFrameRate>.. <maxKeyFrameInterval type="double">10.000000</maxKeyFrameInterval>.. <maxStartupLatency type="double">4.000000</maxStartupLatency>.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <quality type="uint">70</quality>.. </stream>.. <stream xsi:type="audioStream">.. <codecFlavor type="uint">16</codecFlavor>.. <cod

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-GH57E.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2786
                                          Entropy (8bit):4.8982790656137905
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAAEXGhQXmxGZCVrwQdi5SEQAQdi5SESSAQdi5SbQAQdi5SbSSE:fpXGhQXmQkrwQdi5SEQAQdi5SErAQdiQ
                                          MD5:258A87EC71859D3E7A0B92D82792C48E
                                          SHA1:10EB812873308C393A85A0BA95D552F3ED137D97
                                          SHA-256:3C020749A6B145A812323332E5C2EEA48A14025091B25B5CD3B8EE3E19AAEB94
                                          SHA-512:0C0C2088B8CE3C8B1E12B717656B17497B364F9B0BEE886959DE58F7DB30518ACA0E421750EB78F780EE142266DED80663BF4CBCE3D3C25467A17DBA6139F6D3
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">5000000</avgBitrate>.. <maxBitrate type="uint">10000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-GOH18.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2786
                                          Entropy (8bit):4.900760319907551
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAAEXGhQXmxGZCVrwQdiOSEQAQdiFSESSAQdiCSbQAQdiCSbSSE:fpXGhQXmQkrwQdiOSEQAQdiFSErAQdiC
                                          MD5:5D7B439263EB75B6227E51BD37B79AE2
                                          SHA1:2D785F343437ADC2F78DD06280B6FC3F2227FD95
                                          SHA-256:F23D3EA032819EDF9575FD7284DD78C2CF63DE57E8532EBC2F3DB534F54CDE7A
                                          SHA-512:56CA3A349F836B11990D2C077C980380170EE899B240A3747922BCA312F9CB871C27D240D357BE74F907A7BD6582579A1FDCC4950EFF76DA75767570CBF12772
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">5000000</avgBitrate>.. <maxBitrate type="uint">10000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-HKUUO.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2798
                                          Entropy (8bit):4.839744521077124
                                          Encrypted:false
                                          SSDEEP:48:cF880UAyCGrDorWbYZ43kQXiwVQdXDSCkpKw3QdXDQkpKiVQdXDSCnpK73QdXDQH:LyCGrcrWs1QXiwVQdXDtkpKw3QdXDQk5
                                          MD5:3931BA0423004139D1FCB58DCC4434B9
                                          SHA1:E5C4E12B0DDCF2570C9B32E7FFB9495022C0B8E5
                                          SHA-256:F1ADB2B4B1F1A6598AED0BD70761E869599A3D503ECE5E980EA1551A075492F8
                                          SHA-512:EA242F5147E4A57475D9BBAA7B8AFDCF0A514DD18A3904EE281D784920C8A4F2158586007B9C776BC0649194F00C41AE3F4B865630B21E47D43CC85E9637AAD5
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">20000</avgBitrate>.. <maxBitrate type="uint">28000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <codecName type="string">rv8</codecName>.. <enableLossProtection type="bool">false</enableLossProtection>.. <encodingType type="string">cbr</encodingType>.. <maxFrameRate type="double">5.000000</maxFrameRate>.. <maxKeyFrameInterval type="double">10.000000</maxKeyFrameInterval>.. <maxStartupLatency type="double">4.000000</maxStartupLatency>.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <quality type="uint">30</quality>.. </stream>.. <stream xsi:type="audioStream">.. <codecFlavor type="uint">0</codecFlavor>.. <codecNa

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-IFS0K.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2800
                                          Entropy (8bit):4.8498080202398155
                                          Encrypted:false
                                          SSDEEP:48:cF880UA0KGrDorWbYs43kQX7iVQdXDSCkpK73QdXDQkpKCRVQdXDSCnpKXVQdXDg:L0KGrcrWsuQX7iVQdXDtkpK73QdXDQk9
                                          MD5:9BDB0DE024E3113C93493CC856B74273
                                          SHA1:B58E715BD23CBDFBEC96CE9812104EBA5F6442E0
                                          SHA-256:51B7EAAD90181FF7D3585632A14CF6964B449241D4CD194AC84A6D27E45AABD4
                                          SHA-512:AC73D4F01C7A15FE5C100CFB412446DB6E93332FB7EBE874E5140F86DD15CA6A2E6E12CBEA571D9177567072ECD36554187D52B5474163A1CE6B3C52EDEFB3D5
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">80000</avgBitrate>.. <maxBitrate type="uint">112000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <codecName type="string">rv8</codecName>.. <enableLossProtection type="bool">false</enableLossProtection>.. <encodingType type="string">cbr</encodingType>.. <maxFrameRate type="double">7.500000</maxFrameRate>.. <maxKeyFrameInterval type="double">10.000000</maxKeyFrameInterval>.. <maxStartupLatency type="double">4.000000</maxStartupLatency>.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <quality type="uint">40</quality>.. </stream>.. <stream xsi:type="audioStream">.. <codecFlavor type="uint">2</codecFlavor>.. <codecN

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-IIRDE.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.90111726170542
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAqAGhQXmxMZCVrwQdiOSEQAQdir4SESSAQdiCSbQAQdiCSbSSE:fqAGhQXm6krwQdiOSEQAQdir4SErAQdx
                                          MD5:F328E233516EA0EBA47CB6067880E4EA
                                          SHA1:E6CC429F94C0CB93FB4B47F4C016AFD71BDBC8BC
                                          SHA-256:E21A0F10C91D6D6D06CABE5E3AE3A3ED96CDFF821DBEFDCDF1C887358FC1F175
                                          SHA-512:A967F72A2656EB9F48B3B2917BA241D7FE17E2FE2C6A7520221D2D2528F3991D5125F6881C09E81938362A467F437DE21D697D4350E09AE6A744078292042CF9
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">90</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-J543C.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2770
                                          Entropy (8bit):4.89211739812396
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAfmGhQXmbm6CVrwQdiFSEQAQdi7SESSAQdiGSbQAQdi2SbSSE:ffmGhQXmaFrwQdiFSEQAQdi7SErAQdi6
                                          MD5:C8859FEBE57ACD0411A0963530D90430
                                          SHA1:ED75101906B45656BCFEEA1038B70A6C8B4ADF79
                                          SHA-256:FEA8E082BB13EA02C2F60B91837664637F4325E1DCC26F50183C996FE9FB7761
                                          SHA-512:4D30E7D56828EB87B2C95A2142160114A4E0B09F530292CD56B57258BA1EDD436F3C32118D964148C0186305F116A74F7AA84BD19903FF330F3E35307206BE57
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">34000</avgBitrate>.. <maxBitrate type="uint">68000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-JQVEE.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2782
                                          Entropy (8bit):4.898446871040008
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUA7vGhQXmxaZCVrwQdiESEQAQdiESESSAQdiqtSbQAQdi5SbSSE:f7vGhQXmskrwQdiESEQAQdiESErAQdiz
                                          MD5:C4516399B1272FB46728BC44D0F8AF75
                                          SHA1:90F1632637FDD6F712CD729517BADD1BD76242E3
                                          SHA-256:2AACFEDF24629B3CFF4056521D4C140F98B98E9FE779E4CA1700AAA4CE8B8EE0
                                          SHA-512:C8B0526E1FFDAD76C570131B1A9B73640B6FAABF5E92C5E7905D89597BDACAA2769360F1C2A8205682A01F335DF66DD38EE4E14A12ABECE9560D8523CCB23F82
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">450000</avgBitrate>.. <maxBitrate type="uint">900000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-JUHV5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2782
                                          Entropy (8bit):4.901010228982603
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUA7vGhQXmxaZCVrwQdiTSSEQAQdiTSSESSAQdiCSbQAQdiCSbSSE:f7vGhQXmskrwQdi+SEQAQdi+SErAQdiC
                                          MD5:51469FA9523E74A5D541E564E1B0F9D2
                                          SHA1:A68F5A8B71367728FFA6228D663BC266DCBFE7EC
                                          SHA-256:28395B9FC5DFE974EA4F395DC31DB91ED23D89A2AEC9F5BB6CB7650BDC851BEE
                                          SHA-512:A93A199C127A4F9A49B62D5DEF541A678F2F943AC77655DD50DFF0180A61531B667A25A5E1585B2474E70355EC22CFBB93403AD8351CDB5B2D93B3D2834A9DF1
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">450000</avgBitrate>.. <maxBitrate type="uint">900000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-K65N0.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2775
                                          Entropy (8bit):4.900324924891799
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUA7vGhQXmbNZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:f7vGhQXm5krwQdiOSEQAQdiCSErAQdiC
                                          MD5:C955F947CDC39D2466CCC1CC522EAD5D
                                          SHA1:85D9EA0E5A7B1635C53FE6DF44D30B90B8445C4C
                                          SHA-256:AC597B9207A05CA0DD7CE8D1609169A3A6536FA798C06F923DD0B1C6FA2AB087
                                          SHA-512:72F4F0AB335FB21FDC739AF31E367EAEA864518BFE674BCD7410DCFB5BC2C1EF97009C1D00D57D21EB6584021BE832680270B8054E89BBE316D27F2316865939
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">450000</avgBitrate>.. <maxBitrate type="uint">900000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">84</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-KA2ES.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2769
                                          Entropy (8bit):4.888076695342852
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUADzGhQXmbm6CVrwQdiXSEQAQdijSESSAQdiwSbQAQdiZSbSSE:fDzGhQXmaFrwQdiXSEQAQdijSErAQdix
                                          MD5:01BA77EC69B97759673494289721A7A1
                                          SHA1:EE5F2EAD3DCBD460D3B3785CBA05B9E5FF7ADAD4
                                          SHA-256:5456F4CD1A39B7AB2524340C8E56FC0F9E3D5F4EAB8A460B3877D582B68AE08A
                                          SHA-512:2474E8F5E578BA2110ACFB6B0D5A2C6471F724968400AE7EB2A420F27E50608321F8CFACC241ADB10F4B49223C6FDF9D3F292973500CB33173095857E7C6C88D
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">16000</avgBitrate>.. <maxBitrate type="uint">32000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-O8LRE.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.899102304638453
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAlCGhQXmxRZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:flCGhQXm/krwQdiOSEQAQdiCSErAQdiC
                                          MD5:A615E0394F584B4A2F062F453DAE6E80
                                          SHA1:57C818FDBE9D55C0DA232CCBD3D38233A3D2CE07
                                          SHA-256:0A2D12393DC0029DB5B16022C1EAEC6B57A0944623B92153B95178ADF9847240
                                          SHA-512:4BE1D760825071B36A18B7020E5E2E2CD3E1D9A925F940CC823BFF0B294839F29A2D12A42925681FB9817C69C4702ECB1E50E61BD70DEBC37CFD664E8792762D
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">1000000</avgBitrate>.. <maxBitrate type="uint">2000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">80</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-RD7QB.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.899310933601001
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAqAGhQXmxDZCVrwQdi5SEQAQdi5SESSAQdi5SbQAQdi5SbSSE:fqAGhQXm5krwQdi5SEQAQdi5SErAQdiQ
                                          MD5:90EE424A1EFEE8B9115B06DCB311C814
                                          SHA1:EB9F2DB4E3CE695AAE9DB7AB4AEF57F15F2D8239
                                          SHA-256:0B691ACE022931A7E8CF60E8B45AC8A39537216B5F219BC631385F6A70D618FA
                                          SHA-512:F6546DED7442D49E243F6AE1BD195D7345C49724343F18449937C71223292BC4FDF08DE4918F88B2D7979AA546D498A12DD2F734B03A86659E9DE3108CA65508
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">95</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-SQEJ9.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2783
                                          Entropy (8bit):4.901505287509225
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAW7aGhQXmxRZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fW7aGhQXm/krwQdiOSEQAQdiCSErAQdx
                                          MD5:A58F9D142858D86DE5744B13508A1277
                                          SHA1:DD54CE0714F09B54D22E3B6D2F84F19CE1549D5F
                                          SHA-256:68D2CF05EDFC6361FAEC27FBE85C915E9D5339375956EE9289EEB80BFAAD4AEC
                                          SHA-512:9937AAD9A78398D8F77271D4F41C740470BFD613F7BC0BD71486181141FAA84A5CA255C7D272084CAFDD97F15C956411365DDBB90BC4A31FBA8B5EE703B377AD
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">750000</avgBitrate>.. <maxBitrate type="uint">1500000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">80</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plu

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-TU2AC.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2774
                                          Entropy (8bit):4.898279100458865
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUA7ExGhQXmbfZCVrwQdiGSEQAQdi2SESSAQdiOSbQAQdiCSbSSE:f7ExGhQXmbkrwQdiGSEQAQdi2SErAQd1
                                          MD5:74D3A101D199809C2D5162F09AE1FDCB
                                          SHA1:B54E08E6BE8E4F8F61EF1819CDCF5366BFA6195E
                                          SHA-256:0CE611955AAD8AF165042230B7F4AF5D9668E3A5E1C157554E0E8CD93611BA67
                                          SHA-512:12428D43FB4630139F017377B9DD3CB776061E76A78E1514C775B8328E97BD91858B05C87A72FEE8ED190C762DF3CAA20AA554D8CCF6FCC8DC2DFEC1B89E528E
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">150000</avgBitrate>.. <maxBitrate type="uint">300000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">60</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-UC8GA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2774
                                          Entropy (8bit):4.899204992683194
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAZtGhQXmbaZCVrwQdiGSEQAQdiISESSAQdiOSbQAQdiCSbSSE:fZtGhQXmmkrwQdiGSEQAQdiISErAQdiO
                                          MD5:D86218B5C90A79AD4722E00C637B2C37
                                          SHA1:9B8441BC9FB364B25E99842E2B91F102C8A90AF8
                                          SHA-256:136742FE009FE8E2E3C579B20E363B10F3DB4D78D7A7D6BF488B9BC76D0AC26D
                                          SHA-512:7B6739B8B55E8CFCE79DD0206809D43389D37013C5A7144851399BEEF0617CCA9C478DD4D8FE85B96CA967F40EC7E4AD1FDBF5623D3B5E1F45F33D9FB4F25ACF
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">225000</avgBitrate>.. <maxBitrate type="uint">450000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-UKIJQ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2769
                                          Entropy (8bit):4.887012888493202
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAQdGhQXmbm6CVrwQdiFSEQAQdi7SESSAQdiwSbQAQdiSSbSSE:fQdGhQXmaFrwQdiFSEQAQdi7SErAQdiY
                                          MD5:7B08034A769601CA7423A8E5CB3BA023
                                          SHA1:27D77173000FC265F784ACB1F9441A79DCE1B92C
                                          SHA-256:B2814E8A44302ECD53A035F65A3ED0359A7C31076B32EE64DADA09D52D0CD901
                                          SHA-512:4DB8FD610A0AFD1DA24C35CB0F32873A45E07984191FE6BC9B2D71A10DC5BB5B559344640C017C27C879C2C773B06BA725DC5C4933BBE0C9C67299C6662D824D
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">26000</avgBitrate>.. <maxBitrate type="uint">52000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\audiences\is-VDOIS.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2784
                                          Entropy (8bit):4.900208739789838
                                          Encrypted:false
                                          SSDEEP:48:cFx8DUAlCGhQXmxMZCVrwQdir4SEQAQdiCSESSAQdiCSbQAQdiCSbSSE:flCGhQXm6krwQdir4SEQAQdiCSErAQdx
                                          MD5:C553F56300A54DBF9B3293F0265BE113
                                          SHA1:D411084A1B93C2DD778F4D118F5413CD787F8A0A
                                          SHA-256:462A635F1EC39F3FEA18D555D09BC2A6C0BC51BB71FBFF7DD56F20B09D203CE7
                                          SHA-512:7246F0D1130512876769DEB1155A8CC73E2D86669A012C38E5E09629991DE2F582AEDA52096DE55D45346D40052FAB1F1BB1E73B60EC68607E627960F6DF23FE
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">1000000</avgBitrate>.. <maxBitrate type="uint">2000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">90</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\atrc.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):73793
                                          Entropy (8bit):5.5605243298434965
                                          Encrypted:false
                                          SSDEEP:768:z84NgbRXrRdn8hHNp57RoeTX79c9sI4gA5Ii/hQVCVL8jDOeIJunlkonm+SQYq4W:zIXrRMp57zsD4GiZO+8+onGUdSQT4DS
                                          MD5:107A64D31CB2DAD1746B060886440F60
                                          SHA1:BC89B6AFD11FDDE240DAE5DE8C43C567B96C8240
                                          SHA-256:11D85AED01DA3581D659B18B406F5C188C95EDB7C574B9A4881E0DC0229D849B
                                          SHA-512:F9DEF5B32D0141395AACF5E852A74841584DDD042B439172FDE8C017EC7B26C3374FC486C549CEE05649CC99B83D7A386C2CC26631DA990F3EC9ADD18363C6CD
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d............!.............................................e...............].......Rich............................PE..L...M$.>...........!..............................U`.........................`..................................................(....@..h....................P......P...................................................D............................text...D........................... ..`.rdata........... ..................@..@.data...<]....... ..................@....rsrc...h....@......................@..@.reloc..@....P......................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\colorcvt.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):548919
                                          Entropy (8bit):6.4777190361374535
                                          Encrypted:false
                                          SSDEEP:12288:5LfLv74Iq4S1K2hTxlSLR8QegKXHLEU+RONk76RyP0oBrfdtW:NnMuR8JxXHLEU+RONk76RyP0oBrfPW
                                          MD5:FEE174FA75745239446F0D1F1D365C28
                                          SHA1:D86A90F33A507FBD8278CC58B1D0C2CE6FB809A2
                                          SHA-256:219A8E99B8002E72E48732D502E3A6BB194B4554104F9E58D4A28D443A1EBDBE
                                          SHA-512:159456DCD6351C443F1379FD44DE3A79ED624CDDD1BBB91E778A9865EAF6557F52189096AC54D4C5D9B0B73147AE7705A3E2ACA2E6510D36644757D273475AFA
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2x..S...S...S..@O...S...L...S...L...S...S...S...L...S...U...S...p...S...p...S...S...S..<s...S..Rich.S..........................PE..L...}Vr@...........!..............................U`.........................`.................................................<................................f..0...................................................$............................text.............................. ..`.rdata..............................@..@.data...t........ ..................@....rsrc...............................@..@.reloc...i.......p..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\cook.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):65602
                                          Entropy (8bit):5.507533722705891
                                          Encrypted:false
                                          SSDEEP:768:tBrGeYp8LkLF7JlJa6Cvu+iZK4nGlo7dCYtVykJK+t6tj6tVDWBE3Ghv+XbG:tS8LkzNCvViZNnyYdRK+t6t1F
                                          MD5:FEC421F11F3E143665387A26B05B696E
                                          SHA1:881DF4F3E97FCB2E671F4DC54BA6B5D56F0EFF54
                                          SHA-256:A51BFF72ECE803500283517AC3D35E25D17295B094CB453687B75D159353BAFA
                                          SHA-512:F30AE4FF177C625DAAABAFD497E191E98571A0A35DE096BBD54A406CD56F85998269D9F720B6BEEB192BAFD1A6EF5A0E747EF313BD0C450F747E199E6380C1F6
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?K.^%..^%..^%..B+..^%..A/..^%..A!..^%..^$..^%..}/..^%.JX#..^%..}...^%.r~!..^%.Rich.^%.................PE..L....Vr@...........!.....p...........{............q`.........................P......................................`...(...|...(.... ..`....................@..<...0...................................................,............................text....k.......p.................. ..`.rdata...,.......0..................@..@.data....j....... ..................@....rsrc...`.... ... ..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\drv1.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):102464
                                          Entropy (8bit):5.749974043070897
                                          Encrypted:false
                                          SSDEEP:1536:Hre+EuDd38Nd72KNClBpdHZZd9CBpdHZZd9gr4QcuMV+D8Kf5PL0QTsXcAPZF1:Ha1483FN6rC1mXTGcAPP1
                                          MD5:9AE31533C71CB4094B6681F0A7D055E8
                                          SHA1:DDC683257E4C75649FAD93C0543FE5F12CC846DE
                                          SHA-256:051B7C1F3BC06B34260C16AA4E8EF75018E2C142480027FC5C0D384A545041F9
                                          SHA-512:E1B8E3678017C0060BB8C047890DB2E4D76FE6E21CDD6CE1EB3893DE8C12B41DEA04CBB2EB3D766DC5384184304591568DD32D8C900C76BBA30D23DAE01F7C57
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f..R.a.R.a.R.a.R.`.S.a.0.r.P.a.R.a.T.a...c.A.a...g.S.a.T$j.S.a.T$k._.a..'e.S.a.RichR.a.........PE..L....;.@...........!..... ..........P&.......0.....`................................h................................1..}....0..<...................................@0...............................................0..4............................text...@........ .................. ..`.rdata..=....0.......0..............@..@.data....o...@...0...@..............@....rsrc................p..............@..@.reloc..............................@..B.....#..z.IK...5&.~.....79X...@z#.`....V%..~...o.}&......4.(..Q.~.;........<?..v.5z8....Xij...(?.HkB.}(...M.........Z.G}.yxk.....................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\drv2.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):176195
                                          Entropy (8bit):6.0377378471977226
                                          Encrypted:false
                                          SSDEEP:3072:61Exx64kgPNRE0/WFOBC/Wgf11y1rgEedRjlbDDDDDDDkYzbDd:3NRE/gBC/Wgf11y1rgEeXlbDDDDDDDk0
                                          MD5:C1237664CC679ECDEBB955981DC8786A
                                          SHA1:2BBFF876F29F23CFFA55780B28C98504A5BAB6ED
                                          SHA-256:1E902223D3E4EC7BAA4580AF3B28A15B866340301434090B2F11AF29A021501B
                                          SHA-512:85AADC138EAD2925D26D164A536D6D39CC893EB412D7B8EE4251022D1B5F6C39FE25D7DC0C24330701001127AF21070947644267346CDCD1E8FECB87DC6E8789
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C............................b...............".......................Rich....................PE..L....;.@...........!................`U.............a................................w...............................0W..p....U..P...................................@...................................................@............................text....F.......P.................. ..`IACODE2. 4...`...@...`.............. ..`IACODE1.......... .................. ..`MMXCODE1.;.......@.................. ..`.rdata...X.......`..................@..@.data....*...`.......`..............@...MMXDATA1......... ...p..............@....rsrc...............................@..@.reloc..............................@..B....g..E@...p$#C..8..3...u...8.d.34..78....)n.9..\p.2..g.7.O._x.. T.B...8..%......tc.>1.aD0X.N.".@f..,.o.........X..Vz.S{2.r.......................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\drvc.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):327749
                                          Entropy (8bit):6.6610539163254865
                                          Encrypted:false
                                          SSDEEP:6144:H62Ol7Ss4LQZp0Suz1QfJyKEGfWoQaioeygljEzi:dOr0SuzaDEGfWo5glYzi
                                          MD5:079525F2434437FA1624285657B617BD
                                          SHA1:E9EB76039AC262F6731C38FCE133C6C99D12A20B
                                          SHA-256:52D8322E5285EC81044E49CDA3C429ECD275FF168368271239224742C3B4CCE4
                                          SHA-512:C667A14DF291DFA9E701D0B5DE17F7D2D5724462B5624924D29CDCA29CCFB2FA4AE56D4B6ED38B262542B86B9C3686D0487DAA803E1575623F7D1768DA005C7E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........^......................b..........................."....................Rich...................PE..L...)<.@...........!.........P.....................a......................... ......................................0.......(...P...............................\....................................................................................text...*........................... ..`.rdata..............................@..@.data...P...........................@....data1..............................@....rsrc...............................@..@.reloc........... ..................@..B....\..Y`....-.o..`u.k.R.R...9.r|.y.r..nq....!...t.*.(...TO1...~...Yi. .....X..vZ.z.*...5.....g.{.m........aU...6...4\.....#pbved. .Intel(R) C++ Compiler for 32-bit applications, Version 5.0.1 Build 010922Z : D:\Intel\rv2001\enc\x86\winterp4.cpp : -Qvc6 -Qlocatio

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\erv3.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):266306
                                          Entropy (8bit):6.610971834095742
                                          Encrypted:false
                                          SSDEEP:6144:nwbEScIpZH6B7HZDQAfmLSieQu/tWOwFt5ZRsNZmljEz7:qE4aBTZDX7T/thwFt5Z+ZmlYz7
                                          MD5:C1C3701481221AB39365C2F300643A63
                                          SHA1:1983AA9BDA31856CC000E280AECD906F54B4E0FB
                                          SHA-256:91D5A17FF6FCFAB890D24D57C9C64F03F540979E949D4883433CC44B8CC32700
                                          SHA-512:C115C4599716CF43D0FD3A450AF14A7655A486C2B01DCB02CA4EA8413716C924F57E1B37195223D70B87414FD1B6F86E66EC4CA85EC69AA3B7FDE7978DCD2A95
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E..$...$...$..98...$...;...$...;...$...$...$...;...$...$...$..F....$.......$..}"...$.......$..E....$..Rich.$..........PE..L....Wr@...........!................a..............`.........................P...................................... ...........P.... ..P....................0..l....................................................................................text............................... ..`MMXCODE1............................ ..`.rdata..'R.......`..................@..@.data........0.......0..............@....data1..............................@..._RDATA.. ...........................@....rsrc...P.... ......................@..@.reloc.......0... ..................@..BIntel(R) C++ Compiler for 32-bit applications Version 5.0 Beta 1 000517 Copyright (C) 1985-2000 Intel Corporation. All rights reserved. .Intel(R) C++ Compiler for 32-bit applications

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\erv4.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):479298
                                          Entropy (8bit):6.491323519270892
                                          Encrypted:false
                                          SSDEEP:6144:02yjLfQhD7QvWTM9HZ5kf7kqHda6aDKfFZSScAoyus7Vd/pojh1vczmDJ1u+BilC:eBHzaI/6ymF520j/pch1vcCDJA+8lYz7
                                          MD5:93B0942D1A70B8D7D59D90089E246C25
                                          SHA1:2170EADA30779AF102964EA05DD8A6F449876C97
                                          SHA-256:3B27565278CC6B3A499F3EB041161A8E1E002D7FBD7AD17BE79BFF79E0F5CBBB
                                          SHA-512:E01EFA89D17DE9658E7974DB3AE1EDB4849AA41D3CA966A064AE4DA68631F83F19450642C515188D13AC4988FE5A2016322C3242445243990CB2E8820D9E4127
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>...P..P..P.3.^..P...Z..P...T..P..Q...P...C..P..P...P..Z..P.w.V..P..[..P.O.T..P.Rich..P.................PE..L...TWr@...........!.................v.............`............................................................................x....`..x....................p......0...................................................,............................text...jg.......p.................. ..`MMXCODE14........................... ..`.rdata...#.......0..................@..@.data...............................@....data1..p............P..............@....rsrc...x....`......................@..@.reloc...,...p...0... ..............@..B................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-2EVDU.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):73793
                                          Entropy (8bit):5.5605243298434965
                                          Encrypted:false
                                          SSDEEP:768:z84NgbRXrRdn8hHNp57RoeTX79c9sI4gA5Ii/hQVCVL8jDOeIJunlkonm+SQYq4W:zIXrRMp57zsD4GiZO+8+onGUdSQT4DS
                                          MD5:107A64D31CB2DAD1746B060886440F60
                                          SHA1:BC89B6AFD11FDDE240DAE5DE8C43C567B96C8240
                                          SHA-256:11D85AED01DA3581D659B18B406F5C188C95EDB7C574B9A4881E0DC0229D849B
                                          SHA-512:F9DEF5B32D0141395AACF5E852A74841584DDD042B439172FDE8C017EC7B26C3374FC486C549CEE05649CC99B83D7A386C2CC26631DA990F3EC9ADD18363C6CD
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d............!.............................................e...............].......Rich............................PE..L...M$.>...........!..............................U`.........................`..................................................(....@..h....................P......P...................................................D............................text...D........................... ..`.rdata........... ..................@..@.data...<]....... ..................@....rsrc...h....@......................@..@.reloc..@....P......................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-3281E.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):266306
                                          Entropy (8bit):6.610971834095742
                                          Encrypted:false
                                          SSDEEP:6144:nwbEScIpZH6B7HZDQAfmLSieQu/tWOwFt5ZRsNZmljEz7:qE4aBTZDX7T/thwFt5Z+ZmlYz7
                                          MD5:C1C3701481221AB39365C2F300643A63
                                          SHA1:1983AA9BDA31856CC000E280AECD906F54B4E0FB
                                          SHA-256:91D5A17FF6FCFAB890D24D57C9C64F03F540979E949D4883433CC44B8CC32700
                                          SHA-512:C115C4599716CF43D0FD3A450AF14A7655A486C2B01DCB02CA4EA8413716C924F57E1B37195223D70B87414FD1B6F86E66EC4CA85EC69AA3B7FDE7978DCD2A95
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E..$...$...$..98...$...;...$...;...$...$...$...;...$...$...$..F....$.......$..}"...$.......$..E....$..Rich.$..........PE..L....Wr@...........!................a..............`.........................P...................................... ...........P.... ..P....................0..l....................................................................................text............................... ..`MMXCODE1............................ ..`.rdata..'R.......`..................@..@.data........0.......0..............@....data1..............................@..._RDATA.. ...........................@....rsrc...P.... ......................@..@.reloc.......0... ..................@..BIntel(R) C++ Compiler for 32-bit applications Version 5.0 Beta 1 000517 Copyright (C) 1985-2000 Intel Corporation. All rights reserved. .Intel(R) C++ Compiler for 32-bit applications

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-4KV4D.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):479298
                                          Entropy (8bit):6.491323519270892
                                          Encrypted:false
                                          SSDEEP:6144:02yjLfQhD7QvWTM9HZ5kf7kqHda6aDKfFZSScAoyus7Vd/pojh1vczmDJ1u+BilC:eBHzaI/6ymF520j/pch1vcCDJA+8lYz7
                                          MD5:93B0942D1A70B8D7D59D90089E246C25
                                          SHA1:2170EADA30779AF102964EA05DD8A6F449876C97
                                          SHA-256:3B27565278CC6B3A499F3EB041161A8E1E002D7FBD7AD17BE79BFF79E0F5CBBB
                                          SHA-512:E01EFA89D17DE9658E7974DB3AE1EDB4849AA41D3CA966A064AE4DA68631F83F19450642C515188D13AC4988FE5A2016322C3242445243990CB2E8820D9E4127
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>...P..P..P.3.^..P...Z..P...T..P..Q...P...C..P..P...P..Z..P.w.V..P..[..P.O.T..P.Rich..P.................PE..L...TWr@...........!.................v.............`............................................................................x....`..x....................p......0...................................................,............................text...jg.......p.................. ..`MMXCODE14........................... ..`.rdata...#.......0..................@..@.data...............................@....data1..p............P..............@....rsrc...x....`......................@..@.reloc...,...p...0... ..............@..B................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-9S32E.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):102465
                                          Entropy (8bit):6.701185053572777
                                          Encrypted:false
                                          SSDEEP:1536:q0JYC+dEQ8OMBhyGfnVI7ZWTsrfrI7ZWTsWm:q0iELlMOVI7ZWTErI7ZWTZm
                                          MD5:A781F8AB9720EFA9C4F198BD79866E11
                                          SHA1:0111066B577B2CA6098CD77EED2473590E288719
                                          SHA-256:7961CEAC07ACE2628967D015F78B9E64B71D280CEC641CB9D58926785E47F64B
                                          SHA-512:CE89D98E3241142F7C0F655D7A479EBA407060464FCC868A0D692C81F3F4713454CE8FFB0418D52FDBDE3EE8B694FE6004C478B4B6E01DBE18EF344507577655
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}O..9.y.9.y.9.y..2w.;.y.V1s.=.y.9.x.).y.V1}.:.y.?.s.8.y..(..8.y.?.r.i.y...}.8.y.Rich9.y.................PE..L....Vr@...........!................G.............s`....................................................................(...T...(....p..@.......................@...P...................................................D............................text............................... ..`.rdata..............................@..@.data....~..........................@....rsrc...@....p.......p..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-AUQGE.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):548940
                                          Entropy (8bit):6.292254057074961
                                          Encrypted:false
                                          SSDEEP:12288:qM7FGk3xrXrzfN3IBk0hLwPiHRE6sHjFr12d9TNcKKKKYYYYYHZ+dKixv65fxg0:qM7FGkB77N3IWqLwPixE6sHjFUdVNcKx
                                          MD5:284B66AA31D1B4117141BC4DB6B9210C
                                          SHA1:2A7B870F34B15643CBE98CC28224250ECDB0E2EF
                                          SHA-256:0EE3AE8F2FF1324BF4F153AE3BD4FE20505A2DD3049ABC5F23DC4F378D578C81
                                          SHA-512:EE01E967EF37D7B3358CB57632ED30388CD1A27F1933238AE9B42D2CFA632BB6DC4A9BC425D153370B5BD672ABE7074C2A0BB6E8FA1C0431F320CFC237C55EF2
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..C..C..!..A..,..@..8..B.....G..,..F..,..@..C..X..C../.....B..E..A..E..J.....B..RichC..........................PE..L....Vr@...........!.........@......c..............`............................................................................<....... ........................ ..p...................................................l............................text...*........................... ..`.text1.............................. ..`.rdata........... ..................@..@.data............ ..................@....data1...(.......0..................@....rsrc... ............ ..............@..@.reloc...(.......0...0..............@..B........................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-GA6GV.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):176195
                                          Entropy (8bit):6.0377378471977226
                                          Encrypted:false
                                          SSDEEP:3072:61Exx64kgPNRE0/WFOBC/Wgf11y1rgEedRjlbDDDDDDDkYzbDd:3NRE/gBC/Wgf11y1rgEeXlbDDDDDDDk0
                                          MD5:C1237664CC679ECDEBB955981DC8786A
                                          SHA1:2BBFF876F29F23CFFA55780B28C98504A5BAB6ED
                                          SHA-256:1E902223D3E4EC7BAA4580AF3B28A15B866340301434090B2F11AF29A021501B
                                          SHA-512:85AADC138EAD2925D26D164A536D6D39CC893EB412D7B8EE4251022D1B5F6C39FE25D7DC0C24330701001127AF21070947644267346CDCD1E8FECB87DC6E8789
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C............................b...............".......................Rich....................PE..L....;.@...........!................`U.............a................................w...............................0W..p....U..P...................................@...................................................@............................text....F.......P.................. ..`IACODE2. 4...`...@...`.............. ..`IACODE1.......... .................. ..`MMXCODE1.;.......@.................. ..`.rdata...X.......`..................@..@.data....*...`.......`..............@...MMXDATA1......... ...p..............@....rsrc...............................@..@.reloc..............................@..B....g..E@...p$#C..8..3...u...8.d.34..78....)n.9..\p.2..g.7.O._x.. T.B...8..%......tc.>1.aD0X.N.".@f..,.o.........X..Vz.S{2.r.......................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-GH07P.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):65602
                                          Entropy (8bit):5.507533722705891
                                          Encrypted:false
                                          SSDEEP:768:tBrGeYp8LkLF7JlJa6Cvu+iZK4nGlo7dCYtVykJK+t6tj6tVDWBE3Ghv+XbG:tS8LkzNCvViZNnyYdRK+t6t1F
                                          MD5:FEC421F11F3E143665387A26B05B696E
                                          SHA1:881DF4F3E97FCB2E671F4DC54BA6B5D56F0EFF54
                                          SHA-256:A51BFF72ECE803500283517AC3D35E25D17295B094CB453687B75D159353BAFA
                                          SHA-512:F30AE4FF177C625DAAABAFD497E191E98571A0A35DE096BBD54A406CD56F85998269D9F720B6BEEB192BAFD1A6EF5A0E747EF313BD0C450F747E199E6380C1F6
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?K.^%..^%..^%..B+..^%..A/..^%..A!..^%..^$..^%..}/..^%.JX#..^%..}...^%.r~!..^%.Rich.^%.................PE..L....Vr@...........!.....p...........{............q`.........................P......................................`...(...|...(.... ..`....................@..<...0...................................................,............................text....k.......p.................. ..`.rdata...,.......0..................@..@.data....j....... ..................@....rsrc...`.... ... ..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-JDLCC.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):548919
                                          Entropy (8bit):6.4777190361374535
                                          Encrypted:false
                                          SSDEEP:12288:5LfLv74Iq4S1K2hTxlSLR8QegKXHLEU+RONk76RyP0oBrfdtW:NnMuR8JxXHLEU+RONk76RyP0oBrfPW
                                          MD5:FEE174FA75745239446F0D1F1D365C28
                                          SHA1:D86A90F33A507FBD8278CC58B1D0C2CE6FB809A2
                                          SHA-256:219A8E99B8002E72E48732D502E3A6BB194B4554104F9E58D4A28D443A1EBDBE
                                          SHA-512:159456DCD6351C443F1379FD44DE3A79ED624CDDD1BBB91E778A9865EAF6557F52189096AC54D4C5D9B0B73147AE7705A3E2ACA2E6510D36644757D273475AFA
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2x..S...S...S..@O...S...L...S...L...S...S...S...L...S...U...S...p...S...p...S...S...S..<s...S..Rich.S..........................PE..L...}Vr@...........!..............................U`.........................`.................................................<................................f..0...................................................$............................text.............................. ..`.rdata..............................@..@.data...t........ ..................@....rsrc...............................@..@.reloc...i.......p..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-RIIUT.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):155702
                                          Entropy (8bit):5.898078968562479
                                          Encrypted:false
                                          SSDEEP:3072:sHWOqg0q2eZa8tMS+4L2XKhQlR9k2AX4G2c78RUtq82OEk74n:gZD/Za8x+I2ahwDAXt2cgRUtV/LE
                                          MD5:408D468086D281F526A84836E0C49E71
                                          SHA1:2E339077D0C5BDD0E0A6DB892054289E24AD7682
                                          SHA-256:B07CC92E6CF0A2609BB20BEF9A4D469A77C6CCE6BC5A147F4125A456CDB429EC
                                          SHA-512:5A6689890BBC3F13925D73076018F8EBB75F314E732336A8163D563B2959C48D11C347BE997C1F9EE5459AFE52134500A11FFBAB94B8FB632C8597F1D375C096
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7t..s...s...s.......q.......r.......v.......p...s...x.......r...u6..w...u6..u....5..r...Richs...................PE..L....Vr@...........!..........#...................w`.........................@$........................................u......<.....$.`.................... $.....0...................................................,............................text...d........................... ..`.rdata..U...........................@..@.data....U#.........................@....rsrc...`.....$......0..............@..@.reloc....... $.. ...@..............@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-V74MG.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):327749
                                          Entropy (8bit):6.6610539163254865
                                          Encrypted:false
                                          SSDEEP:6144:H62Ol7Ss4LQZp0Suz1QfJyKEGfWoQaioeygljEzi:dOr0SuzaDEGfWo5glYzi
                                          MD5:079525F2434437FA1624285657B617BD
                                          SHA1:E9EB76039AC262F6731C38FCE133C6C99D12A20B
                                          SHA-256:52D8322E5285EC81044E49CDA3C429ECD275FF168368271239224742C3B4CCE4
                                          SHA-512:C667A14DF291DFA9E701D0B5DE17F7D2D5724462B5624924D29CDCA29CCFB2FA4AE56D4B6ED38B262542B86B9C3686D0487DAA803E1575623F7D1768DA005C7E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........^......................b..........................."....................Rich...................PE..L...)<.@...........!.........P.....................a......................... ......................................0.......(...P...............................\....................................................................................text...*........................... ..`.rdata..............................@..@.data...P...........................@....data1..............................@....rsrc...............................@..@.reloc........... ..................@..B....\..Y`....-.o..`u.k.R.R...9.r|.y.r..nq....!...t.*.(...TO1...~...Yi. .....X..vZ.z.*...5.....g.{.m........aU...6...4\.....#pbved. .Intel(R) C++ Compiler for 32-bit applications, Version 5.0.1 Build 010922Z : D:\Intel\rv2001\enc\x86\winterp4.cpp : -Qvc6 -Qlocatio

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\is-VUG13.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):102464
                                          Entropy (8bit):5.749974043070897
                                          Encrypted:false
                                          SSDEEP:1536:Hre+EuDd38Nd72KNClBpdHZZd9CBpdHZZd9gr4QcuMV+D8Kf5PL0QTsXcAPZF1:Ha1483FN6rC1mXTGcAPP1
                                          MD5:9AE31533C71CB4094B6681F0A7D055E8
                                          SHA1:DDC683257E4C75649FAD93C0543FE5F12CC846DE
                                          SHA-256:051B7C1F3BC06B34260C16AA4E8EF75018E2C142480027FC5C0D384A545041F9
                                          SHA-512:E1B8E3678017C0060BB8C047890DB2E4D76FE6E21CDD6CE1EB3893DE8C12B41DEA04CBB2EB3D766DC5384184304591568DD32D8C900C76BBA30D23DAE01F7C57
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f..R.a.R.a.R.a.R.`.S.a.0.r.P.a.R.a.T.a...c.A.a...g.S.a.T$j.S.a.T$k._.a..'e.S.a.RichR.a.........PE..L....;.@...........!..... ..........P&.......0.....`................................h................................1..}....0..<...................................@0...............................................0..4............................text...@........ .................. ..`.rdata..=....0.......0..............@..@.data....o...@...0...@..............@....rsrc................p..............@..@.reloc..............................@..B.....#..z.IK...5&.~.....79X...@z#.`....V%..~...o.}&......4.(..Q.~.;........<?..v.5z8....Xij...(?.HkB.}(...M.........Z.G}.yxk.....................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\raac.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):548940
                                          Entropy (8bit):6.292254057074961
                                          Encrypted:false
                                          SSDEEP:12288:qM7FGk3xrXrzfN3IBk0hLwPiHRE6sHjFr12d9TNcKKKKYYYYYHZ+dKixv65fxg0:qM7FGkB77N3IWqLwPixE6sHjFUdVNcKx
                                          MD5:284B66AA31D1B4117141BC4DB6B9210C
                                          SHA1:2A7B870F34B15643CBE98CC28224250ECDB0E2EF
                                          SHA-256:0EE3AE8F2FF1324BF4F153AE3BD4FE20505A2DD3049ABC5F23DC4F378D578C81
                                          SHA-512:EE01E967EF37D7B3358CB57632ED30388CD1A27F1933238AE9B42D2CFA632BB6DC4A9BC425D153370B5BD672ABE7074C2A0BB6E8FA1C0431F320CFC237C55EF2
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..C..C..!..A..,..@..8..B.....G..,..F..,..@..C..X..C../.....B..E..A..E..J.....B..RichC..........................PE..L....Vr@...........!.........@......c..............`............................................................................<....... ........................ ..p...................................................l............................text...*........................... ..`.text1.............................. ..`.rdata........... ..................@..@.data............ ..................@....data1...(.......0..................@....rsrc... ............ ..............@..@.reloc...(.......0...0..............@..B........................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\ralf.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):155702
                                          Entropy (8bit):5.898078968562479
                                          Encrypted:false
                                          SSDEEP:3072:sHWOqg0q2eZa8tMS+4L2XKhQlR9k2AX4G2c78RUtq82OEk74n:gZD/Za8x+I2ahwDAXt2cgRUtV/LE
                                          MD5:408D468086D281F526A84836E0C49E71
                                          SHA1:2E339077D0C5BDD0E0A6DB892054289E24AD7682
                                          SHA-256:B07CC92E6CF0A2609BB20BEF9A4D469A77C6CCE6BC5A147F4125A456CDB429EC
                                          SHA-512:5A6689890BBC3F13925D73076018F8EBB75F314E732336A8163D563B2959C48D11C347BE997C1F9EE5459AFE52134500A11FFBAB94B8FB632C8597F1D375C096
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7t..s...s...s.......q.......r.......v.......p...s...x.......r...u6..w...u6..u....5..r...Richs...................PE..L....Vr@...........!..........#...................w`.........................@$........................................u......<.....$.`.................... $.....0...................................................,............................text...d........................... ..`.rdata..U...........................@..@.data....U#.........................@....rsrc...`.....$......0..............@..@.reloc....... $.. ...@..............@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\codecs\sipr.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):102465
                                          Entropy (8bit):6.701185053572777
                                          Encrypted:false
                                          SSDEEP:1536:q0JYC+dEQ8OMBhyGfnVI7ZWTsrfrI7ZWTsWm:q0iELlMOVI7ZWTErI7ZWTZm
                                          MD5:A781F8AB9720EFA9C4F198BD79866E11
                                          SHA1:0111066B577B2CA6098CD77EED2473590E288719
                                          SHA-256:7961CEAC07ACE2628967D015F78B9E64B71D280CEC641CB9D58926785E47F64B
                                          SHA-512:CE89D98E3241142F7C0F655D7A479EBA407060464FCC868A0D692C81F3F4713454CE8FFB0418D52FDBDE3EE8B694FE6004C478B4B6E01DBE18EF344507577655
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}O..9.y.9.y.9.y..2w.;.y.V1s.=.y.9.x.).y.V1}.:.y.?.s.8.y..(..8.y.?.r.i.y...}.8.y.Rich9.y.................PE..L....Vr@...........!................G.............s`....................................................................(...T...(....p..@.......................@...P...................................................D............................text............................... ..`.rdata..............................@..@.data....~..........................@....rsrc...@....p.......p..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\is-RU82L.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):272896
                                          Entropy (8bit):6.523120738605816
                                          Encrypted:false
                                          SSDEEP:6144:P/pb95LIbfMWZskFONizSLLsCn3cEFMWiFtNF7R5Lgr1A09:PBHEML25BkA09
                                          MD5:78A2145443852E9297D38D70C88AEC06
                                          SHA1:AC0F6FC47DF474C17792F6EBE3C568EE15B52431
                                          SHA-256:A3061F0938B309D24524A03A4C7356C396B5DE48F3BB70A13DC5AE2221DFC7CA
                                          SHA-512:F07B3588AB555B8D4ED0C7566C70C48F2B9A110D206CB796C384C2196111016171A79001EFC6E829AC1C4E462D7CF2BB7C363BA4A698E6B2021E4208CF0186BD
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....X5...........!.....H..........0........`.....b.........................p......................................P....;... ..(....0.......................@..h&..................................................T"..,............................text.../F.......H.................. ..`.rdata../]...`...^...X..............@..@.data...@P.......8..................@....idata..R.... ......................@....rsrc........0......................@..@.reloc...(...@...*..................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\auth3260.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):4.6602334406323
                                          Encrypted:false
                                          SSDEEP:768:6m6CjTBuCjDr0M6L32+cSsnbInD1tmSOlX/UxbV:zzVuCjDrLy31vGbIpqCb
                                          MD5:791A9D804A7430D1170D39C0BCDAD904
                                          SHA1:2A0D7AACDD0C6D0580736E01642C478D239255CB
                                          SHA-256:57ABD3EE33952EA698AD82029F0397796221A82DEB2F42050A9CC357245D186D
                                          SHA-512:D2C15B34792474DA8BE3470147F888C184ECACF2E8A2E0A739ADC85FF4B0314771553EFE6EAD966C9C5D4C1F5E565266132D9F334D13AC7DF1501BAAD8FE2257
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.^h:.0;:.0;:.0;A.<;;.0;:.1;0.0;X.#;>.0;:.0;<.0;..2; .0;..6;;.0;<.;;5.0;.4;;.0;Rich:.0;................PE..L.....=...........!.....`...P......@i.......p....9`....................................................................g....~..<...............................h....................................................p..L............................text....Z.......`.................. ..`.rdata..'....p... ...p..............@..@.data...h...........................@....rsrc...............................@..@.reloc..:...........................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\basc3260.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):4.516940717479657
                                          Encrypted:false
                                          SSDEEP:384:QcI3vT+ceoy8tbnSEJK+NSmLedj96qrr0m6akPVKdo:kr+Ky8tbn3JK+NSIed5Drrfq6
                                          MD5:CC63DC6E942B646B6052E02C1C7142FB
                                          SHA1:D5FEB9C48B68BCE7B58EA86EC00C7238B8128C48
                                          SHA-256:B98685C985B325CAA4208263D7DFEA2E66C76951BAB313C87CF5F0AD2C17D063
                                          SHA-512:402D8F12206997FCF1285CE409CD2EB2DACAB7C10B9BAB8D57E443E4A074A79E051DAA12B7872608AD774CB6D5C779444F933C180A87EEE4A75B1147AAFAFF39
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#.vp.vp.vp..zp.vp.wp.vp..ep.vp.vp.vpT.tp.vp..pp.vp.}p.vp,.rp.vpRich.vp................PE..L.....=...........!.....@...P......pM.......P....;`................................................................0a..g...X_..<.......x............................................................................P..X............................text....>.......@.................. ..`.rdata.......P... ...P..............@..@.data........p.......p..............@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-7L63O.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):61493
                                          Entropy (8bit):5.5587880881632845
                                          Encrypted:false
                                          SSDEEP:768:qvmCzyQ2W+V028BTjy5U/Kx9nELA0RmI6RleZDG2tqZrBht0wx:aD3+V028BTjM9EsXbMGv/t0wx
                                          MD5:3F823B4A0072A63493D5520ABA54E667
                                          SHA1:F799505F167224B375D7CF46541E419BC336AEF0
                                          SHA-256:193618D489E76BEF9BBBCEA7369721170874AFE2D6722A156CE70914E49963C8
                                          SHA-512:4C545BD7567361B3B3A5D8E01CCA49BD21FB7E74082955E59C346728F47BB27AD710051CF3EE6FED629601E52DC17D91F9A61656F7C96B4DC057EB7E656BC73F
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........cu....V...V...V...V...V...V...V...V...V...V...V...V...V...V...V...V...V.!.V...VV..V...V.!.V...Vn".V...VRich...V........PE..L...YWr@...........!.........P.....................`................................................................`...{.......P...............................H...................................................................................text..."........................... ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-8SO74.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):4.516940717479657
                                          Encrypted:false
                                          SSDEEP:384:QcI3vT+ceoy8tbnSEJK+NSmLedj96qrr0m6akPVKdo:kr+Ky8tbn3JK+NSIed5Drrfq6
                                          MD5:CC63DC6E942B646B6052E02C1C7142FB
                                          SHA1:D5FEB9C48B68BCE7B58EA86EC00C7238B8128C48
                                          SHA-256:B98685C985B325CAA4208263D7DFEA2E66C76951BAB313C87CF5F0AD2C17D063
                                          SHA-512:402D8F12206997FCF1285CE409CD2EB2DACAB7C10B9BAB8D57E443E4A074A79E051DAA12B7872608AD774CB6D5C779444F933C180A87EEE4A75B1147AAFAFF39
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#.vp.vp.vp..zp.vp.wp.vp..ep.vp.vp.vpT.tp.vp..pp.vp.}p.vp,.rp.vpRich.vp................PE..L.....=...........!.....@...P......pM.......P....;`................................................................0a..g...X_..<.......x............................................................................P..X............................text....>.......@.................. ..`.rdata.......P... ...P..............@..@.data........p.......p..............@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-J7I7G.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):45056
                                          Entropy (8bit):4.853195739293399
                                          Encrypted:false
                                          SSDEEP:768:ua+EuN+JpcTEMIBuk+vS+r/ktVEgr+9otjj:BuNSEhD6+r8t+9oF
                                          MD5:D5D93E823FA7258D34DFFA6D15AFA59F
                                          SHA1:E9FCD7ED97D659A09FD64DCCFF8DAB5749F1C7A9
                                          SHA-256:95CF864D738A9765B1295BA5CA1B653EBF3C6E325B5AF0785F1B46CE05D688F4
                                          SHA-512:657D5801B9A37F4D2234C6DB844EB4E1CA30EFB5956CCEDA0118C5D44D6B1E1EE49AC26B3B53E18DE0C0EE6579B19D872999B6E33B1D8DC147667948EA28C86B
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........".#.C.p.C.p.C.p._.p.C.p.C.p.C.p.\.p.C.p.C.p.C.pl_.p.C.p.`.p.C.p,E.p.C.p.`.p.C.p.c.p.C.pRich.C.p........................PE..L.....=...........!.....`...@......P`.......p....:`................................................................`~..g...t|..<............................... ....................................................p..\............................text....Q.......`.................. ..`.rdata.......p.......p..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-SI8BA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):262204
                                          Entropy (8bit):6.472369609358146
                                          Encrypted:false
                                          SSDEEP:6144:hODHwsiXglutYxyv3wPwLjgG2V/hakgl7Tr23znV/ym2v/KGYg6oX3q/x20SvC2t:hODHwsiXglutYxyv3wPwLj92V/hakgll
                                          MD5:420ACE51F164B0951A993EE8C9A71DB9
                                          SHA1:2EFA3807A850332CDDF3B2F5D99CD50ADE195970
                                          SHA-256:3CD05F6A3DBD061BB90C50770F8B2F1C9DE73EEDEBC14BDACCF7AFCF3A70A0D9
                                          SHA-512:ADC3E476453228C706768E73DC17361A9B4DDA14DC2BCBE6BCCC9CE1C55B4BDF623AE769E34FF2023AF68524402FD270494AEB68B3500049D4E57C1A1EB7AAAC
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\>D\=P.\=P.\=P.'!\.Q=P..!^.^=P.3"[.]=P.3"Z.Y=P.3"T.^=P.>"C.[=P.\=Q..=P.Z.Z.]=P..;V.]=P.Z.[..=P...T.]=P.Rich\=P.........PE..L....Vr@...........!.....P...........Q.......`.....`....................................................................O......P....................................a...............................................`...............................text...eC.......P.................. ..`.rdata...D...`...P...`..............@..@.data...h........ ..................@....rsrc...............................@..@.reloc.. ........ ..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-UG8SB.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):4.6602334406323
                                          Encrypted:false
                                          SSDEEP:768:6m6CjTBuCjDr0M6L32+cSsnbInD1tmSOlX/UxbV:zzVuCjDrLy31vGbIpqCb
                                          MD5:791A9D804A7430D1170D39C0BCDAD904
                                          SHA1:2A0D7AACDD0C6D0580736E01642C478D239255CB
                                          SHA-256:57ABD3EE33952EA698AD82029F0397796221A82DEB2F42050A9CC357245D186D
                                          SHA-512:D2C15B34792474DA8BE3470147F888C184ECACF2E8A2E0A739ADC85FF4B0314771553EFE6EAD966C9C5D4C1F5E565266132D9F334D13AC7DF1501BAAD8FE2257
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.^h:.0;:.0;:.0;A.<;;.0;:.1;0.0;X.#;>.0;:.0;<.0;..2; .0;..6;;.0;<.;;5.0;.4;;.0;Rich:.0;................PE..L.....=...........!.....`...P......@i.......p....9`....................................................................g....~..<...............................h....................................................p..L............................text....Z.......`.................. ..`.rdata..'....p... ...p..............@..@.data...h...........................@....rsrc...............................@..@.reloc..:...........................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\is-UI9OL.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):61440
                                          Entropy (8bit):5.3597251485932915
                                          Encrypted:false
                                          SSDEEP:768:wTijBJRj+KSZhWJrFwW/Rwu177rwnfF0PunStYoA0I89xus+mx7y+:wTijBJRyNZhWJHRwkwf2WSrIIw
                                          MD5:52E1316205C14C5DE7F16DB53C18052D
                                          SHA1:3F2EF67E5BF18DCC7ACAD84C9A9AD8B5554F1BDD
                                          SHA-256:9D61A772F8FF721F4E6F03403CC3A9A1C97347E700364975B8D4D67DEBAEBC54
                                          SHA-512:142765AEB5A4259C00628833E58881D9B008AE548AC44F982533048563B950742772B9589E45D68EAF64FB10DCE08C07AC857E94C2641E462A95C3CBBCA74E9E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c@..'!.W'!.W'!.W\=.W$!.W'!.W-!.WE>.W#!.W'!.W !.W.=.W.!.W.'.W&!.W!..W)!.W...W&!.WRich'!.W................PE..L...m.=...........!.........P....................8`....................................................................e.......P.......8............................................................................................................text...`........................... ..`.rdata........... ..................@..@.data...............................@....rsrc...8...........................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\rmwrtr.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):262204
                                          Entropy (8bit):6.472369609358146
                                          Encrypted:false
                                          SSDEEP:6144:hODHwsiXglutYxyv3wPwLjgG2V/hakgl7Tr23znV/ym2v/KGYg6oX3q/x20SvC2t:hODHwsiXglutYxyv3wPwLj92V/hakgll
                                          MD5:420ACE51F164B0951A993EE8C9A71DB9
                                          SHA1:2EFA3807A850332CDDF3B2F5D99CD50ADE195970
                                          SHA-256:3CD05F6A3DBD061BB90C50770F8B2F1C9DE73EEDEBC14BDACCF7AFCF3A70A0D9
                                          SHA-512:ADC3E476453228C706768E73DC17361A9B4DDA14DC2BCBE6BCCC9CE1C55B4BDF623AE769E34FF2023AF68524402FD270494AEB68B3500049D4E57C1A1EB7AAAC
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\>D\=P.\=P.\=P.'!\.Q=P..!^.^=P.3"[.]=P.3"Z.Y=P.3"T.^=P.>"C.[=P.\=Q..=P.Z.Z.]=P..;V.]=P.Z.[..=P...T.]=P.Rich\=P.........PE..L....Vr@...........!.....P...........Q.......`.....`....................................................................O......P....................................a...............................................`...............................text...eC.......P.................. ..`.rdata...D...`...P...`..............@..@.data...h........ ..................@....rsrc...............................@..@.reloc.. ........ ..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\rn5a3260.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):45056
                                          Entropy (8bit):4.853195739293399
                                          Encrypted:false
                                          SSDEEP:768:ua+EuN+JpcTEMIBuk+vS+r/ktVEgr+9otjj:BuNSEhD6+r8t+9oF
                                          MD5:D5D93E823FA7258D34DFFA6D15AFA59F
                                          SHA1:E9FCD7ED97D659A09FD64DCCFF8DAB5749F1C7A9
                                          SHA-256:95CF864D738A9765B1295BA5CA1B653EBF3C6E325B5AF0785F1B46CE05D688F4
                                          SHA-512:657D5801B9A37F4D2234C6DB844EB4E1CA30EFB5956CCEDA0118C5D44D6B1E1EE49AC26B3B53E18DE0C0EE6579B19D872999B6E33B1D8DC147667948EA28C86B
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........".#.C.p.C.p.C.p._.p.C.p.C.p.C.p.\.p.C.p.C.p.C.pl_.p.C.p.`.p.C.p,E.p.C.p.`.p.C.p.c.p.C.pRich.C.p........................PE..L.....=...........!.....`...@......P`.......p....:`................................................................`~..g...t|..<............................... ....................................................p..\............................text....Q.......`.................. ..`.rdata.......p.......p..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\sdpp3260.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):61440
                                          Entropy (8bit):5.3597251485932915
                                          Encrypted:false
                                          SSDEEP:768:wTijBJRj+KSZhWJrFwW/Rwu177rwnfF0PunStYoA0I89xus+mx7y+:wTijBJRyNZhWJHRwkwf2WSrIIw
                                          MD5:52E1316205C14C5DE7F16DB53C18052D
                                          SHA1:3F2EF67E5BF18DCC7ACAD84C9A9AD8B5554F1BDD
                                          SHA-256:9D61A772F8FF721F4E6F03403CC3A9A1C97347E700364975B8D4D67DEBAEBC54
                                          SHA-512:142765AEB5A4259C00628833E58881D9B008AE548AC44F982533048563B950742772B9589E45D68EAF64FB10DCE08C07AC857E94C2641E462A95C3CBBCA74E9E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c@..'!.W'!.W'!.W\=.W$!.W'!.W-!.WE>.W#!.W'!.W !.W.=.W.!.W.'.W&!.W!..W)!.W...W&!.WRich'!.W................PE..L...m.=...........!.........P....................8`....................................................................e.......P.......8............................................................................................................text...`........................... ..`.rdata........... ..................@..@.data...............................@....rsrc...8...........................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\plugins\smplfsys.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):61493
                                          Entropy (8bit):5.5587880881632845
                                          Encrypted:false
                                          SSDEEP:768:qvmCzyQ2W+V028BTjy5U/Kx9nELA0RmI6RleZDG2tqZrBht0wx:aD3+V028BTjM9EsXbMGv/t0wx
                                          MD5:3F823B4A0072A63493D5520ABA54E667
                                          SHA1:F799505F167224B375D7CF46541E419BC336AEF0
                                          SHA-256:193618D489E76BEF9BBBCEA7369721170874AFE2D6722A156CE70914E49963C8
                                          SHA-512:4C545BD7567361B3B3A5D8E01CCA49BD21FB7E74082955E59C346728F47BB27AD710051CF3EE6FED629601E52DC17D91F9A61656F7C96B4DC057EB7E656BC73F
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........cu....V...V...V...V...V...V...V...V...V...V...V...V...V...V...V...V...V.!.V...VV..V...V.!.V...Vn".V...VRich...V........PE..L...YWr@...........!.........P.....................`................................................................`...{.......P...............................H...................................................................................text..."........................... ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\pncrt.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):272896
                                          Entropy (8bit):6.523120738605816
                                          Encrypted:false
                                          SSDEEP:6144:P/pb95LIbfMWZskFONizSLLsCn3cEFMWiFtNF7R5Lgr1A09:PBHEML25BkA09
                                          MD5:78A2145443852E9297D38D70C88AEC06
                                          SHA1:AC0F6FC47DF474C17792F6EBE3C568EE15B52431
                                          SHA-256:A3061F0938B309D24524A03A4C7356C396B5DE48F3BB70A13DC5AE2221DFC7CA
                                          SHA-512:F07B3588AB555B8D4ED0C7566C70C48F2B9A110D206CB796C384C2196111016171A79001EFC6E829AC1C4E462D7CF2BB7C363BA4A698E6B2021E4208CF0186BD
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....X5...........!.....H..........0........`.....b.........................p......................................P....;... ..(....0.......................@..h&..................................................T"..,............................text.../F.......H.................. ..`.rdata../]...`...^...X..............@..@.data...@P.......8..................@....idata..R.... ......................@....rsrc........0......................@..@.reloc...(...@...*..................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\CodecMapping.txt (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):489
                                          Entropy (8bit):4.442207571053521
                                          Encrypted:false
                                          SSDEEP:12:NQYNRNCc5JFfLqOVKqOcqOZdtqOEqORxqObhqOFqqOJShqOdqqOFqOM4KqOZGrqk:mQMgJFfb4XMhyGj
                                          MD5:37A1F65A0EA2D40FA5DA4F3884BFE777
                                          SHA1:06BA220E1456F460DC18678C8D5B19A7CD5BE431
                                          SHA-256:E8B65828CC8D143B45EC79EF22120E8891F7F38A509713EEDB837D7C18862ADE
                                          SHA-512:94E1899BB1004C13F781DA71C37BEFA2A04DB41A6EB3F530C50CF19FC7BD07DF81B5C14D66B23215A138BF0EEA666A77484C93D43E8047CB97A558D6E4CEDB71
                                          Malicious:false
                                          Preview:# Video codec mappings (old,,new,)..videostream,rvg2svt,,rv8,....# Audio Codec mappings..# old-name,old-flavor,new-name,new-flavor..audiostream,atrc,0,cook,24..audiostream,atrc,1,cook,25..audiostream,atrc,2,cook,25..audiostream,atrc,3,raac,2..audiostream,atrc,4,raac,2..audiostream,atrc,5,raac,3..audiostream,atrc,6,raac,5..audiostream,atrc,7,raac,6..audiostream,atrc,8,raac,7..audiostream,atrc,9,raac,7..audiostream,atrc,10,raac,8..audiostream,atrc,11,raac,10..audiostream,atrc,12,raac,11

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audiofmtconverter.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):53341
                                          Entropy (8bit):5.0149309510201965
                                          Encrypted:false
                                          SSDEEP:384:AHcXgww1529wBT1/+tNWqDoxd9qXvxVUv2A5TJDcrbU90PQ/M9jzHmSrbPTz5og+:4CcTp+/DooX/UeuSrb+E59jaqFiN
                                          MD5:BB6F628341E8B00837B6112DDACD7A12
                                          SHA1:0181410B78649483F6F4C46156439D589F635466
                                          SHA-256:683AEE9C684FB965EB35FAF6ECB99796E4B83191E5B047498540E8AEB9C06212
                                          SHA-512:E730EFBB31475E29B9DA99A08E9449027C05977251744F25C33230D3CACFE3AF7209FDD9C57C97D65CA0C8D4D318F84DF45534127AB8210A14FB224CEC83C4F3
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}..V...V...V...-...W.......W...9...S...9...T...4...U...V...t......W...P?..[...<..W...RichV...........PE..L....Ur@...........!.....p...P......{V.............`................................................................P.......4...<...................................p...................................................l............................text....`.......p.................. ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audiolimiter.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):49235
                                          Entropy (8bit):4.958930850083015
                                          Encrypted:false
                                          SSDEEP:384:SqKUEx7koAtUHPGpYgVN+Cjh4uCN0AmP1VP60P4rs9T1rbPTz5oguO1j:S5v3A/ph4v+Am3SE4rsP5
                                          MD5:0A6457A0EE22CEA6D5AC44EBA38ECD3E
                                          SHA1:43923FB66F7F59CEB5F2E2EA11100CF2D55D7EB7
                                          SHA-256:39815B0C5F0C99D0BE272670178BF41DE44B82EB3FBCFE745C568413C38C559A
                                          SHA-512:9CA573BC768FB9755626C911AC77E54FDD51A941895FAB24A03A490A5F35702C8FD3928998EB62AFB619E28FD11D4445806FFA49B6D5D03A276CB121EE35D450
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._..S_..S_..S$..S]..S..S]..S0..SZ..S0..S]..S=..S\..S_..Sy..SY..S^..S...S^..SY..SQ..S...S^..SRich_..S........................PE..L....Ur@...........!.....`...P.......O.......p..../`................................................................p....... ...<....................................p...............................................p..|............................text... Z.......`.................. ..`.rdata.......p... ...p..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audiolosslesscodec.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):65634
                                          Entropy (8bit):5.723064571271445
                                          Encrypted:false
                                          SSDEEP:768:YmBUXe/akLZ+fHk4D17cWpsUky5Ezg0EKzNZNe4PNMeyR8:Ymd/asAE4D17NpZkPFlNjhK8
                                          MD5:8DE300ACB1232AF176EC7E67DA384FBD
                                          SHA1:69236A37F4F033B96924A704F6BCE4278AEC38D2
                                          SHA-256:37FBEC440BE54651AD3E924CA5B57FCA18932458B4648BB0EA6DE2DDBD85CA45
                                          SHA-512:F4C338D7A1CA3DBB5774835E8AA4EA65F93AE15FE118FFAC61B5C5E6E7099CC11C88A647A5A182EEE4AC27DC64F034C08D66FBFAC4F2B8A9128C819E6BB93D7B
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.~.m.~.m.~.m.b.m.~.m6b.m.~.m.a.m.~.m.a.m.~.m.a.m.~.m.a.m.~.m.~.m.~.m.].m.~.mrx.m.~.m.].m.~.mJ^.m.~.mRich.~.m........................PE..L...nVr@...........!.........`....................T`................................................................p...........<....................................................................................................................text............................... ..`.rdata...,.......0..................@..@.data...............................@....rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audiometer.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):53327
                                          Entropy (8bit):5.643503698094455
                                          Encrypted:false
                                          SSDEEP:768:0KmFsZXdiKwL9SQToKnrj3Zoue1IQ4wH8Sedg1fkOBnGD:FCitij/oue1Ivxdg1MknGD
                                          MD5:6726AAC87D65C7A9C290730336BB4EF3
                                          SHA1:9EC6A6CB87D237EE0AB7CA0DAB1EFA84A223FC6D
                                          SHA-256:D748BB1634D91B84B4205997F18FFD37BE3C886A773748A6DD2A89E7ADE0B158
                                          SHA-512:3488640FA6F08893FA8F4532A1A4F79135476FC9DBBF43F1FF781B92F68A2F3155A1EC4417A110BF056004B805C47BA8E665EFED69EA5F0268C23F1C52A9FCE5
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=..\..\..\..@..\.-@..\..C..\..C..\..C..\..\..\.iZ..\.....\.Q|..\.Rich.\.........PE..L....Ur@...........!.....p...P......;c............0`...........................................................................<.......................................................................................x............................text...`m.......p.................. ..`.rdata..T........ ..................@..@.data...$...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\audioresampler.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):327767
                                          Entropy (8bit):7.692893011603594
                                          Encrypted:false
                                          SSDEEP:6144:D+cIfk6us3zzi+oiTAhBiD19rzaXTRu27U6evL8wUK7k2V3aqumtvTmzITX9y6AD:D+cIfkM3niXQAPcvaXTRZboLrjn1DxE5
                                          MD5:E9C106CD21AE3F195C9D7D6B959C0051
                                          SHA1:3488905B9420204322B5551FC234B86631CF40E3
                                          SHA-256:637DE17363E08DE7046AA314102856163259E88C054872F411BB0D7B8455BFD4
                                          SHA-512:0573AFD9492130FBD8B2538EBE1DCCC9C493EA1FFD9B1BA942431434DD377BD9F697BC6D42473957D7D7E97C8285860223C31B4E5A10CD5A8E2667F60C4B5F20
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.rP..!P..!P..!+..!R..!...!Q..!?..!U..!?..!R..!2..!S..!P..!w..!V;.!W..!...!Q..!V;.!_..!.8.!Q..!RichP..!................PE..L....Ur@...........!.........P......!.............1`............................................................................<....................................................................................................................text............................... ..`.rdata..(........ ..................@..@.data...$...........................@....rsrc...............................@..@.reloc..`...........................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\encsession.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):856132
                                          Entropy (8bit):6.631298398710922
                                          Encrypted:false
                                          SSDEEP:24576:wU2w3LbOqMLdrhBRDhp6dkBvQGKSctiW6vXMBeQKrI7cRfeR:Z3sLDES0gRf6
                                          MD5:35BB6BAD26A19E65FE5B81C5796F001A
                                          SHA1:5E3E06A5307391EC9B913F9525085EEAB99FCDED
                                          SHA-256:3F2453EC5785B8D19BF1BD9FDAD810F3EF1C3D22958F2E4FEA8855CE00340147
                                          SHA-512:1A056661C03177CC7387683224094E546A48CE8B408D289C1CC2CFADB2FBDEE67E0A0F59878C8307F38A42204DFE815FB74647863EC1A2CF0D159B5A7544ABD5
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v.............................D..........................m...4...........4.@..87....Rich...................PE..L...CUr@...........!.........`.....................`................................................................P..........x....@.......................P..8...p...................................................l............................text.............................. ..`.rdata..............................@..@.data....s..........................@....rsrc........@.......@..............@..@.reloc.......P.......P..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\enlv3260.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):36864
                                          Entropy (8bit):4.283195798719668
                                          Encrypted:false
                                          SSDEEP:384:HE3NQNp2u848+ZGithLXePb41DAPMBEX0/+flUJgI:HEd/QttuPb4DAkBEX/q
                                          MD5:260F7E5C55E9A98F3B03267D12D13E08
                                          SHA1:6870BDFD240B3BF957A4BF5633146940C9C3D7D4
                                          SHA-256:FDD81E80BD6170BB6487C1BEB0BF15271A2AB75D1D35A35ED6EBB34EEC107DB9
                                          SHA-512:463C334844C3D5A44FAA6C3AEDE141B5B723C1329E53F7F760BA1E1DC7D8CC33069ACBF9098B8D96570D8B7CD2411A60920CC3AA7D7F927888AA560CEEFF8869
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............u...u...u...i...u...u...u...j.u...u...u...i...u..Fs.u...V...u..~U.u..Rich.u..................PE..L.....=...........!.....@...@......@C.......P....C`.................................................................\..m....X..P....p..P............................................................................P...............................text...p7.......@.................. ..`.rdata.......P.......P..............@..@.data........`.......`..............@....rsrc...P....p.......p..............@..@.reloc..f...........................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\eventpack.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):53325
                                          Entropy (8bit):5.302694654024429
                                          Encrypted:false
                                          SSDEEP:384:SFhEoDhzcd3GXmlmGQZWNhmTAqSTvGcYgUm1M/ci73lLMR9U4FzeJB0PQ/xspbLE:UdeG2lmGQZWowhRxM/cCmR9taBERW9
                                          MD5:F285CDC7B5E9CFB4E5519EB02D56ECE5
                                          SHA1:2BFDC1AF79201412C08EB1DBD7B79B87CF677213
                                          SHA-256:57A790067E8C00BD58CD3EC2BB65FAD14D6A883DE417F615C48C92BAB5DB7759
                                          SHA-512:40EC86CC71C1F325E2EAEA56288256CFD9C8F9F67A0D83763053005C51993B61C7DAD772678E2778210ECD3545D0392B43AE859AE4C6CE8EE9D9628121C19419
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......852v|T\%|T\%|T\%.HP%xT\%.HR%~T\%.KV%yT\%.KX%~T\%.KW%}T\%.KO%yT\%|T]%ST\%.RZ%}T\%zwW%oT\%.tX%}T\%Rich|T\%........PE..L....Ur@...........!.....p...P.......U............7`................................................................`.......,...<...................................p...................................................p............................text....f.......p.................. ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-0IL6S.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):77920
                                          Entropy (8bit):5.999563000943942
                                          Encrypted:false
                                          SSDEEP:768:NKJxNUC1pbd3UizQP1hWWe7xOGY+xVCWByl0f5+BQ8CxxP68ajEQXPPFAATB:IOOpxkizQPXy7teW4QT76njJ3FAATB
                                          MD5:21A11C56DD3AEB5F79BF15294B1289DC
                                          SHA1:2CA65B4F67AA344571B375F452C1E5C5858B046B
                                          SHA-256:A049702599E7CA08761B4BA2D8AD9F6FFF64094D340A15A45A5A9B058CFDA3D7
                                          SHA-512:46BD236BFC259E7AB9D60CAC376C7AF798465891B80DCA1B8CFAD08A00AE87DFA74C846D9778B5F5AB827D9251542DA7A9F2B6DF1DA2B2598DCC43B52390B9AB
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._..._..._...$...]......]...0...Z...0...]...0...^...=...\..._...|.....^...Y...C.....^...Rich_...........PE..L...SVr@...........!.........P....................N`.........................0......................................`...........<............................ ..........................................................t............................text...`........................... ..`.rdata........... ..................@..@.data...<...........................@....rsrc...............................@..@.reloc..n.... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-5M71C.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):49235
                                          Entropy (8bit):4.958930850083015
                                          Encrypted:false
                                          SSDEEP:384:SqKUEx7koAtUHPGpYgVN+Cjh4uCN0AmP1VP60P4rs9T1rbPTz5oguO1j:S5v3A/ph4v+Am3SE4rsP5
                                          MD5:0A6457A0EE22CEA6D5AC44EBA38ECD3E
                                          SHA1:43923FB66F7F59CEB5F2E2EA11100CF2D55D7EB7
                                          SHA-256:39815B0C5F0C99D0BE272670178BF41DE44B82EB3FBCFE745C568413C38C559A
                                          SHA-512:9CA573BC768FB9755626C911AC77E54FDD51A941895FAB24A03A490A5F35702C8FD3928998EB62AFB619E28FD11D4445806FFA49B6D5D03A276CB121EE35D450
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._..S_..S_..S$..S]..S..S]..S0..SZ..S0..S]..S=..S\..S_..Sy..SY..S^..S...S^..SY..SQ..S...S^..SRich_..S........................PE..L....Ur@...........!.....`...P.......O.......p..../`................................................................p....... ...<....................................p...............................................p..|............................text... Z.......`.................. ..`.rdata.......p... ...p..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-840DT.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):36864
                                          Entropy (8bit):4.283195798719668
                                          Encrypted:false
                                          SSDEEP:384:HE3NQNp2u848+ZGithLXePb41DAPMBEX0/+flUJgI:HEd/QttuPb4DAkBEX/q
                                          MD5:260F7E5C55E9A98F3B03267D12D13E08
                                          SHA1:6870BDFD240B3BF957A4BF5633146940C9C3D7D4
                                          SHA-256:FDD81E80BD6170BB6487C1BEB0BF15271A2AB75D1D35A35ED6EBB34EEC107DB9
                                          SHA-512:463C334844C3D5A44FAA6C3AEDE141B5B723C1329E53F7F760BA1E1DC7D8CC33069ACBF9098B8D96570D8B7CD2411A60920CC3AA7D7F927888AA560CEEFF8869
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............u...u...u...i...u...u...u...j.u...u...u...i...u..Fs.u...V...u..~U.u..Rich.u..................PE..L.....=...........!.....@...@......@C.......P....C`.................................................................\..m....X..P....p..P............................................................................P...............................text...p7.......@.................. ..`.rdata.......P.......P..............@..@.data........`.......`..............@....rsrc...P....p.......p..............@..@.reloc..f...........................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-9FDVH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):356352
                                          Entropy (8bit):6.753439093757412
                                          Encrypted:false
                                          SSDEEP:6144:PCy9Vu5Dyryvt5b7QE3EHs5dmR27PMmLA6fD7YQ5fI94TG/jcjCQmtAsTRmxybOU:PRODyw5bH3EHs5dmI7UmLAw7YQ5fI94k
                                          MD5:5FE4925C7B5FDC2354DCF94683703231
                                          SHA1:382BBA9557DBB8F9E62CE2C9D2EF41C9E6B9E150
                                          SHA-256:4A7840B68F3715862F3B9FD000C566310E49C8BF987AED554365DB72183B59FD
                                          SHA-512:8BC16735F1216C8B678DDAE16CC229FAC794974C85EAA46E4A5CF86CEA6711B8C5532B38913E942A7DDE2535ED08A0C7663F167D780D10E367A2E0FC2CACB5A2
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E..$.$.$..8.$.$..$..;...$.$.$..8..$...$.X".$....$.`..$.Rich.$.........................PE..L.....:@...........!.....`...........0.......p....,f.................................................................... ...0........0..P....................P...!...................................................p...............................text....P.......`.................. ..`.rdata.../...p...0...p..............@..@.data...............................@....rsrc...P....0... ... ..............@..@.reloc.../...P...0...@..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-EM9KS.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):489
                                          Entropy (8bit):4.442207571053521
                                          Encrypted:false
                                          SSDEEP:12:NQYNRNCc5JFfLqOVKqOcqOZdtqOEqORxqObhqOFqqOJShqOdqqOFqOM4KqOZGrqk:mQMgJFfb4XMhyGj
                                          MD5:37A1F65A0EA2D40FA5DA4F3884BFE777
                                          SHA1:06BA220E1456F460DC18678C8D5B19A7CD5BE431
                                          SHA-256:E8B65828CC8D143B45EC79EF22120E8891F7F38A509713EEDB837D7C18862ADE
                                          SHA-512:94E1899BB1004C13F781DA71C37BEFA2A04DB41A6EB3F530C50CF19FC7BD07DF81B5C14D66B23215A138BF0EEA666A77484C93D43E8047CB97A558D6E4CEDB71
                                          Malicious:false
                                          Preview:# Video codec mappings (old,,new,)..videostream,rvg2svt,,rv8,....# Audio Codec mappings..# old-name,old-flavor,new-name,new-flavor..audiostream,atrc,0,cook,24..audiostream,atrc,1,cook,25..audiostream,atrc,2,cook,25..audiostream,atrc,3,raac,2..audiostream,atrc,4,raac,2..audiostream,atrc,5,raac,3..audiostream,atrc,6,raac,5..audiostream,atrc,7,raac,6..audiostream,atrc,8,raac,7..audiostream,atrc,9,raac,7..audiostream,atrc,10,raac,8..audiostream,atrc,11,raac,10..audiostream,atrc,12,raac,11

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-HMA93.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):53327
                                          Entropy (8bit):5.643503698094455
                                          Encrypted:false
                                          SSDEEP:768:0KmFsZXdiKwL9SQToKnrj3Zoue1IQ4wH8Sedg1fkOBnGD:FCitij/oue1Ivxdg1MknGD
                                          MD5:6726AAC87D65C7A9C290730336BB4EF3
                                          SHA1:9EC6A6CB87D237EE0AB7CA0DAB1EFA84A223FC6D
                                          SHA-256:D748BB1634D91B84B4205997F18FFD37BE3C886A773748A6DD2A89E7ADE0B158
                                          SHA-512:3488640FA6F08893FA8F4532A1A4F79135476FC9DBBF43F1FF781B92F68A2F3155A1EC4417A110BF056004B805C47BA8E665EFED69EA5F0268C23F1C52A9FCE5
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=..\..\..\..@..\.-@..\..C..\..C..\..C..\..\..\.iZ..\.....\.Q|..\.Rich.\.........PE..L....Ur@...........!.....p...P......;c............0`...........................................................................<.......................................................................................x............................text...`m.......p.................. ..`.rdata..T........ ..................@..@.data...$...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-I91SS.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):241736
                                          Entropy (8bit):6.4131477076269086
                                          Encrypted:false
                                          SSDEEP:3072:UnaY/vCCb36mulLClER/8/9dYllKFwW+De54/GsfmwhrOWQNWH4zL7:G/KCb3/uJmEq9dYllFE4/T+whrORWHsH
                                          MD5:299231BBF812B8D75DACC446CEEC2387
                                          SHA1:8CAB0FC10134A0F8DDD7EAA75AD2A06D0B247453
                                          SHA-256:E705B11F80E542A7B90E08D983C831810E36107C53F8D6987D2B2B469A22A20D
                                          SHA-512:10E298606A03B5A596B7045B54C038878A3FAB1904E3B3682A741A634C8136110F1B0B347F933B11B0CB2522762D96B5C42C8D570A4FA49C94928E793DBEB858
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X`c.............g...............s.......s.......s...............~................"..............."..O....!......Rich............................PE..L....Ur@...........!..............................$`.................................................................H......@>..d....p..........................<...0...................................................(............................text...5........................... ..`.rdata...Y.......`..................@..@.data...`....P... ...P..............@....rsrc........p.......p..............@..@.reloc...&.......0..................@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-IRUQL.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):53321
                                          Entropy (8bit):5.290946622219615
                                          Encrypted:false
                                          SSDEEP:384:aVJagqMxqaz0ZKGNluLvtvTTKA2z6EJ7buAINwT89tBNfjYQW40PKR+HT8rrbPT6:uQZNSJTb2Z6VNwTU5jlW4EKIYF3f8
                                          MD5:915BE4B4B577370E9C171F0144D02183
                                          SHA1:6514B33547D6438F0A7D04FCEDD04772073FBAEB
                                          SHA-256:0B8BCDABD778275A472FAC79D4CCED998D95D41A92707F135403140FBDAFE008
                                          SHA-512:9716606F6A72E5BE3F476E57D8217FDC534BFD92804D2CF21E9CD615C1D4BF88EF56BC9C829B531FD3227882F25DDE4C7503466469467C1FA1DF61EA01D22C4D
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..O..v...v...v.U.z.,.v...x./.v.A.|.+.v.A.r.,.v.A.}./.v.L.e.-.v...w...v...p./.v.(.}.!.v...r./.v.Rich..v.........PE..L...ZUr@...........!.....p...P......._.............`........................................................................8...<.......................................................................................|............................text...pi.......p.................. ..`.rdata..#........ ..................@..@.data...8...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-J571G.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):57443
                                          Entropy (8bit):5.33215530076098
                                          Encrypted:false
                                          SSDEEP:768:XyFWUrbYft1psEPsDA9Cgsse32SUpEJSZv:Ctrsft1pl09tV2ljZv
                                          MD5:0BAFA265AF9736A1DAC4CEA5BCB2B303
                                          SHA1:1FEE6BA625D824FEB4EDF2658EA44A9472D35896
                                          SHA-256:7266D7C340CA0B270505C9C2DC00A5508E831FDC4BBC0C0029A80713A6E1CC07
                                          SHA-512:5FAFE201C4429DDAF5DF4621B090CD440F57B870CE69ABA210EC23DBCE71A10632577A571CC4725E7B3335A3D8020897655F3A7D422921EFBD485CE027C7C3E9
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!..Ee...e...e.......d.......g.......`.......g.......d.......f...e...F.......d...c...w.......d...Riche...................PE..L....Ur@...........!.........P......{l............8`...........................................................................<.......................................................................................t............................text....w.......................... ..`.rdata..~........ ..................@..@.data...x...........................@....rsrc...............................@..@.reloc..z...........................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-JRHD4.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):65634
                                          Entropy (8bit):5.723064571271445
                                          Encrypted:false
                                          SSDEEP:768:YmBUXe/akLZ+fHk4D17cWpsUky5Ezg0EKzNZNe4PNMeyR8:Ymd/asAE4D17NpZkPFlNjhK8
                                          MD5:8DE300ACB1232AF176EC7E67DA384FBD
                                          SHA1:69236A37F4F033B96924A704F6BCE4278AEC38D2
                                          SHA-256:37FBEC440BE54651AD3E924CA5B57FCA18932458B4648BB0EA6DE2DDBD85CA45
                                          SHA-512:F4C338D7A1CA3DBB5774835E8AA4EA65F93AE15FE118FFAC61B5C5E6E7099CC11C88A647A5A182EEE4AC27DC64F034C08D66FBFAC4F2B8A9128C819E6BB93D7B
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.~.m.~.m.~.m.b.m.~.m6b.m.~.m.a.m.~.m.a.m.~.m.a.m.~.m.a.m.~.m.~.m.~.m.].m.~.mrx.m.~.m.].m.~.mJ^.m.~.mRich.~.m........................PE..L...nVr@...........!.........`....................T`................................................................p...........<....................................................................................................................text............................... ..`.rdata...,.......0..................@..@.data...............................@....rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-K67R6.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):327767
                                          Entropy (8bit):7.692893011603594
                                          Encrypted:false
                                          SSDEEP:6144:D+cIfk6us3zzi+oiTAhBiD19rzaXTRu27U6evL8wUK7k2V3aqumtvTmzITX9y6AD:D+cIfkM3niXQAPcvaXTRZboLrjn1DxE5
                                          MD5:E9C106CD21AE3F195C9D7D6B959C0051
                                          SHA1:3488905B9420204322B5551FC234B86631CF40E3
                                          SHA-256:637DE17363E08DE7046AA314102856163259E88C054872F411BB0D7B8455BFD4
                                          SHA-512:0573AFD9492130FBD8B2538EBE1DCCC9C493EA1FFD9B1BA942431434DD377BD9F697BC6D42473957D7D7E97C8285860223C31B4E5A10CD5A8E2667F60C4B5F20
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.rP..!P..!P..!+..!R..!...!Q..!?..!U..!?..!R..!2..!S..!P..!w..!V;.!W..!...!Q..!V;.!_..!.8.!Q..!RichP..!................PE..L....Ur@...........!.........P......!.............1`............................................................................<....................................................................................................................text............................... ..`.rdata..(........ ..................@..@.data...$...........................@....rsrc...............................@..@.reloc..`...........................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-KG748.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):106582
                                          Entropy (8bit):5.717207834632074
                                          Encrypted:false
                                          SSDEEP:1536:4+tp0F8OstZjpozMB1PHVsA09H7q7JxTZM7uxC3ybKBTtxLTJQCysD7vrB:WFdst1pozMvHG+r6uxRbKBZxLTX
                                          MD5:C6526E82614CF3457E5AEE07BDA860FA
                                          SHA1:3ED2CFD79D0661B5C7B31953D2C36520D46114A5
                                          SHA-256:B25B382C72B3C1BBB074A300C58C4C358C24B2F4DE23662ECB0DDC599C8B5E40
                                          SHA-512:827312E40681048AAF33796074FCD257A438B9D193A1C58B9912608B7B32B51383EC2141B76E857B94B9E03F18089B33E35BA82AA14077EA566D5912FA20BFA7
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.$.).J.).J.).J.R.F./.J.F.@.,.J.F.N.+.J...D.-.J.F.A.+.J.K.Y. .J.).K.}.J./.@.+.J...L.(.J./.A...J...N.(.J.Rich).J.........................PE..L...`Vr@...........!................_........ ....P`................................................................0@.. ...x:..d....p..........................H... !............................................... ...............................text...^........................... ..`.rdata..P!... ...0... ..............@..@.data........P... ...P..............@....rsrc........p.......p..............@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-LTFSS.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):548864
                                          Entropy (8bit):6.265313525434334
                                          Encrypted:false
                                          SSDEEP:12288:jCpPYLV5qcOJ30h+1N1DsptjAEgMWNQAJUEaGmYEiDOeaLGgprOftjutjMsFiY:jCpPYLV580hO2uEgMZKNRcGc+tjutjMU
                                          MD5:3AEDCE85B9EC52171C3E7209BB40B072
                                          SHA1:1E5E13F79894849F4560C609094C7CA32C007E99
                                          SHA-256:6F64081AAB3FBC9E3597B7AC083887954954DDE53EFF4E458152EEBF16916988
                                          SHA-512:984B26F405662B89CD3DA820502192A5D8FB9D303E6ECD1F9A6BF929C478E05B9B49FED71744877249B79CA3F72D11F64902EFF602C1A97DD04DCAF41DF5BF18
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~T8.:5V.:5V.:5V.A)Z.*5V.:5W..5V.X*E.65V.:5V.<5V..)T.v5V.<.\.<5V..3P.;5V.<.].V5V...R.;5V.Rich:5V.........................PE..L.....:@...........!............................. f................................................................P..................../...................@...9...................................................................................text............................... ..`.rdata...K.......P..................@..@.data...,...........................@....rsrc..../.......0..................@..@.reloc...F...@...P..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-N2T5G.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):53341
                                          Entropy (8bit):5.0149309510201965
                                          Encrypted:false
                                          SSDEEP:384:AHcXgww1529wBT1/+tNWqDoxd9qXvxVUv2A5TJDcrbU90PQ/M9jzHmSrbPTz5og+:4CcTp+/DooX/UeuSrb+E59jaqFiN
                                          MD5:BB6F628341E8B00837B6112DDACD7A12
                                          SHA1:0181410B78649483F6F4C46156439D589F635466
                                          SHA-256:683AEE9C684FB965EB35FAF6ECB99796E4B83191E5B047498540E8AEB9C06212
                                          SHA-512:E730EFBB31475E29B9DA99A08E9449027C05977251744F25C33230D3CACFE3AF7209FDD9C57C97D65CA0C8D4D318F84DF45534127AB8210A14FB224CEC83C4F3
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}..V...V...V...-...W.......W...9...S...9...T...4...U...V...t......W...P?..[...<..W...RichV...........PE..L....Ur@...........!.....p...P......{V.............`................................................................P.......4...<...................................p...................................................l............................text....`.......p.................. ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-NA344.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):86110
                                          Entropy (8bit):5.959546455793157
                                          Encrypted:false
                                          SSDEEP:1536:n0U/KLLKYqrTZ2g9Vlrpnu9CoU5Y386dmOhHnvzzeVe1:n0U/0LKYWr6CR5iHgOhHnrgm
                                          MD5:09DE48D387A3C0CD5B03195DE94784B9
                                          SHA1:BBFC1DE0DB0C33463345A34BE9CF8AC1EC6D81A9
                                          SHA-256:712618303BCB1932597C28C9F99AAB18E232B5F019C0748FFB697C08FEBD9307
                                          SHA-512:5B4C376238BF2711D4A9DAD127F9BBC39FCD820835E4B9AA2A8D2B9FDAEC6A0CF714C3744AFF7A311842C40DAED629869E5E65F3FA0A8462D5944DBDFBDCC5DB
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........MU...U...U.......W.......T...:...P...:...W...:...T...7...V...U...~.......T...S...G.......T...RichU...................PE..L....Ur@...........!.........P....................A`.........................P......................................P...........<....0.......................@..<....................................................................................text...@........................... ..`.rdata........... ..................@..@.data...8.... ....... ..............@....rsrc........0.......0..............@..@.reloc..f....@.......@..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-NUAU5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):53325
                                          Entropy (8bit):5.302694654024429
                                          Encrypted:false
                                          SSDEEP:384:SFhEoDhzcd3GXmlmGQZWNhmTAqSTvGcYgUm1M/ci73lLMR9U4FzeJB0PQ/xspbLE:UdeG2lmGQZWowhRxM/cCmR9taBERW9
                                          MD5:F285CDC7B5E9CFB4E5519EB02D56ECE5
                                          SHA1:2BFDC1AF79201412C08EB1DBD7B79B87CF677213
                                          SHA-256:57A790067E8C00BD58CD3EC2BB65FAD14D6A883DE417F615C48C92BAB5DB7759
                                          SHA-512:40EC86CC71C1F325E2EAEA56288256CFD9C8F9F67A0D83763053005C51993B61C7DAD772678E2778210ECD3545D0392B43AE859AE4C6CE8EE9D9628121C19419
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......852v|T\%|T\%|T\%.HP%xT\%.HR%~T\%.KV%yT\%.KX%~T\%.KW%}T\%.KO%yT\%|T]%ST\%.RZ%}T\%zwW%oT\%.tX%}T\%Rich|T\%........PE..L....Ur@...........!.....p...P.......U............7`................................................................`.......,...<...................................p...................................................p............................text....f.......p.................. ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-Q01KR.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):69718
                                          Entropy (8bit):5.854259334889487
                                          Encrypted:false
                                          SSDEEP:768:E8ovAPuQRxUc0YoPuRKky9uUlPoDGj0ZcErTZhDqP1AW6:3ovkuQcLP6C3PoDs2cI7i1AW6
                                          MD5:C828F4B1B35BD7B4E1CD57BB8C2FC129
                                          SHA1:F2973E8DFDBD0231426D8BD7815A29AF1F473758
                                          SHA-256:646EE2EABF359C198463A5078C8C0E20E59A9B1E97341CDBB08C5266878D18B7
                                          SHA-512:EE932E0AE7E8EB0A22E47D1EAA525559CF8C5445C7F918083D6217EC76D5D2EF81297750DA811F53251BBEC12450482B4E455FE046A58D65372DBD58CD515771
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.D.#.*.#.*.#.*.X.&.%.*..$. .*.L. .&.*.L...!.*.L.!.".*.A.9.$.*.#.+.e.*.%. .".*..,.".*.%.!.8.*....".*.Rich#.*.........PE..L...MVr@...........!.........P...................M`................................................................ ...........P...............................P....................................................................................text...j........................... ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-QG0HG.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):856132
                                          Entropy (8bit):6.631298398710922
                                          Encrypted:false
                                          SSDEEP:24576:wU2w3LbOqMLdrhBRDhp6dkBvQGKSctiW6vXMBeQKrI7cRfeR:Z3sLDES0gRf6
                                          MD5:35BB6BAD26A19E65FE5B81C5796F001A
                                          SHA1:5E3E06A5307391EC9B913F9525085EEAB99FCDED
                                          SHA-256:3F2453EC5785B8D19BF1BD9FDAD810F3EF1C3D22958F2E4FEA8855CE00340147
                                          SHA-512:1A056661C03177CC7387683224094E546A48CE8B408D289C1CC2CFADB2FBDEE67E0A0F59878C8307F38A42204DFE815FB74647863EC1A2CF0D159B5A7544ABD5
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v.............................D..........................m...4...........4.@..87....Rich...................PE..L...CUr@...........!.........`.....................`................................................................P..........x....@.......................P..8...p...................................................l............................text.............................. ..`.rdata..............................@..@.data....s..........................@....rsrc........@.......@..............@..@.reloc.......P.......P..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-TMM8G.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):45139
                                          Entropy (8bit):4.788372838984784
                                          Encrypted:false
                                          SSDEEP:384:oTFr8+Rbz7lJxYqmfbHWwfCjTndNlXVCr0PCzHCrbPTz5ogqcj:wh8oDl+H36TnlorECW
                                          MD5:FBFB901208E79DB5F33EB7F89F8F15D3
                                          SHA1:E671CDFEA50EE342049D74D2939F874CBA4AE2E6
                                          SHA-256:225B125DDB986E6ABB1F134E6B428B106FE16D102C65AA61BBD5FD95D67FA6A9
                                          SHA-512:99B5C0F9C464A2C464F9A5966DDB752D741D5C99F18C5122148AEF43B1D11F3AC2A1AE60A54AAD5C78320F86138C9581E22520F197741AF881F394CC4EDE76E6
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.W.VSW.VSW.VS,.ZSV.VS..XSV.VS8.\SR.VS8.RSU.VS5.EST.VSW.WSs.VS..PSV.VSQ.]SY.VS..RSV.VSRichW.VS........PE..L....Ur@...........!.....P...P.......B.......`....;`................................................................0r.......o..<....................................`...............................................`..t............................text....L.......P.................. ..`.rdata.......`... ...`..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\is-UHP7D.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):49249
                                          Entropy (8bit):5.258823116095141
                                          Encrypted:false
                                          SSDEEP:384:t0Tt0w1OmGwiYpQGviUCpa7YXF+XCPbzF/G4sTQ0PHxamprbPTz5ogjEr:t0ZlsUb7YX1B/PEHUmwr
                                          MD5:1C7985146A1ECA9FA0008C9E02790791
                                          SHA1:88E9F981CCB0778D8F7CF61B5FABEF23E3CE7C95
                                          SHA-256:5017F5D6A4902CECAA64FCF78F57A6939F6550DA3D1C0FBADE732D019DA68619
                                          SHA-512:17AF6BBA3125D6F3003EF9EACFC64B1DA86808AA975BB5CE007B01012325C175EB566A13C160F4DB42725DBE705F2E0B6959D9631764204323187F7A2CCE91F6
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=bOZ\..Z\..Z\..!@..[\...@..[\..5C.._\..5C..X\..8C..Y\..Z\..x\...Z..[\..\...U\...|..[\..RichZ\..........................PE..L....Ur@...........!.....`...P......yb.......p....9`............................................................................<...................................pp...............................................p..l............................text...._.......`.................. ..`.rdata..=....p... ...p..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\mediasink.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):53321
                                          Entropy (8bit):5.290946622219615
                                          Encrypted:false
                                          SSDEEP:384:aVJagqMxqaz0ZKGNluLvtvTTKA2z6EJ7buAINwT89tBNfjYQW40PKR+HT8rrbPT6:uQZNSJTb2Z6VNwTU5jlW4EKIYF3f8
                                          MD5:915BE4B4B577370E9C171F0144D02183
                                          SHA1:6514B33547D6438F0A7D04FCEDD04772073FBAEB
                                          SHA-256:0B8BCDABD778275A472FAC79D4CCED998D95D41A92707F135403140FBDAFE008
                                          SHA-512:9716606F6A72E5BE3F476E57D8217FDC534BFD92804D2CF21E9CD615C1D4BF88EF56BC9C829B531FD3227882F25DDE4C7503466469467C1FA1DF61EA01D22C4D
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..O..v...v...v.U.z.,.v...x./.v.A.|.+.v.A.r.,.v.A.}./.v.L.e.-.v...w...v...p./.v.(.}.!.v...r./.v.Rich..v.........PE..L...ZUr@...........!.....p...P......._.............`........................................................................8...<.......................................................................................|............................text...pi.......p.................. ..`.rdata..#........ ..................@..@.data...8...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\mpeg4audiopacketizer.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):57443
                                          Entropy (8bit):5.33215530076098
                                          Encrypted:false
                                          SSDEEP:768:XyFWUrbYft1psEPsDA9Cgsse32SUpEJSZv:Ctrsft1pl09tV2ljZv
                                          MD5:0BAFA265AF9736A1DAC4CEA5BCB2B303
                                          SHA1:1FEE6BA625D824FEB4EDF2658EA44A9472D35896
                                          SHA-256:7266D7C340CA0B270505C9C2DC00A5508E831FDC4BBC0C0029A80713A6E1CC07
                                          SHA-512:5FAFE201C4429DDAF5DF4621B090CD440F57B870CE69ABA210EC23DBCE71A10632577A571CC4725E7B3335A3D8020897655F3A7D422921EFBD485CE027C7C3E9
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!..Ee...e...e.......d.......g.......`.......g.......d.......f...e...F.......d...c...w.......d...Riche...................PE..L....Ur@...........!.........P......{l............8`...........................................................................<.......................................................................................t............................text....w.......................... ..`.rdata..~........ ..................@..@.data...x...........................@....rsrc...............................@..@.reloc..z...........................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rmme3260.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):548864
                                          Entropy (8bit):6.265313525434334
                                          Encrypted:false
                                          SSDEEP:12288:jCpPYLV5qcOJ30h+1N1DsptjAEgMWNQAJUEaGmYEiDOeaLGgprOftjutjMsFiY:jCpPYLV580hO2uEgMZKNRcGc+tjutjMU
                                          MD5:3AEDCE85B9EC52171C3E7209BB40B072
                                          SHA1:1E5E13F79894849F4560C609094C7CA32C007E99
                                          SHA-256:6F64081AAB3FBC9E3597B7AC083887954954DDE53EFF4E458152EEBF16916988
                                          SHA-512:984B26F405662B89CD3DA820502192A5D8FB9D303E6ECD1F9A6BF929C478E05B9B49FED71744877249B79CA3F72D11F64902EFF602C1A97DD04DCAF41DF5BF18
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~T8.:5V.:5V.:5V.A)Z.*5V.:5W..5V.X*E.65V.:5V.<5V..)T.v5V.<.\.<5V..3P.;5V.<.].V5V...R.;5V.Rich:5V.........................PE..L.....:@...........!............................. f................................................................P..................../...................@...9...................................................................................text............................... ..`.rdata...K.......P..................@..@.data...,...........................@....rsrc..../.......0..................@..@.reloc...F...@...P..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rmsessionformat.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):86110
                                          Entropy (8bit):5.959546455793157
                                          Encrypted:false
                                          SSDEEP:1536:n0U/KLLKYqrTZ2g9Vlrpnu9CoU5Y386dmOhHnvzzeVe1:n0U/0LKYWr6CR5iHgOhHnrgm
                                          MD5:09DE48D387A3C0CD5B03195DE94784B9
                                          SHA1:BBFC1DE0DB0C33463345A34BE9CF8AC1EC6D81A9
                                          SHA-256:712618303BCB1932597C28C9F99AAB18E232B5F019C0748FFB697C08FEBD9307
                                          SHA-512:5B4C376238BF2711D4A9DAD127F9BBC39FCD820835E4B9AA2A8D2B9FDAEC6A0CF714C3744AFF7A311842C40DAED629869E5E65F3FA0A8462D5944DBDFBDCC5DB
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........MU...U...U.......W.......T...:...P...:...W...:...T...7...V...U...~.......T...S...G.......T...RichU...................PE..L....Ur@...........!.........P....................A`.........................P......................................P...........<....0.......................@..<....................................................................................text...@........................... ..`.rdata........... ..................@..@.data...8.... ....... ..............@....rsrc........0.......0..............@..@.reloc..f....@.......@..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rmto3260.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):356352
                                          Entropy (8bit):6.753439093757412
                                          Encrypted:false
                                          SSDEEP:6144:PCy9Vu5Dyryvt5b7QE3EHs5dmR27PMmLA6fD7YQ5fI94TG/jcjCQmtAsTRmxybOU:PRODyw5bH3EHs5dmI7UmLAw7YQ5fI94k
                                          MD5:5FE4925C7B5FDC2354DCF94683703231
                                          SHA1:382BBA9557DBB8F9E62CE2C9D2EF41C9E6B9E150
                                          SHA-256:4A7840B68F3715862F3B9FD000C566310E49C8BF987AED554365DB72183B59FD
                                          SHA-512:8BC16735F1216C8B678DDAE16CC229FAC794974C85EAA46E4A5CF86CEA6711B8C5532B38913E942A7DDE2535ED08A0C7663F167D780D10E367A2E0FC2CACB5A2
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E..$.$.$..8.$.$..$..;...$.$.$..8..$...$.X".$....$.`..$.Rich.$.........................PE..L.....:@...........!.....`...........0.......p....,f.................................................................... ...0........0..P....................P...!...................................................p...............................text....P.......`.................. ..`.rdata.../...p...0...p..............@..@.data...............................@....rsrc...P....0... ... ..............@..@.reloc.../...P...0...@..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rmwriter.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):241736
                                          Entropy (8bit):6.4131477076269086
                                          Encrypted:false
                                          SSDEEP:3072:UnaY/vCCb36mulLClER/8/9dYllKFwW+De54/GsfmwhrOWQNWH4zL7:G/KCb3/uJmEq9dYllFE4/T+whrORWHsH
                                          MD5:299231BBF812B8D75DACC446CEEC2387
                                          SHA1:8CAB0FC10134A0F8DDD7EAA75AD2A06D0B247453
                                          SHA-256:E705B11F80E542A7B90E08D983C831810E36107C53F8D6987D2B2B469A22A20D
                                          SHA-512:10E298606A03B5A596B7045B54C038878A3FAB1904E3B3682A741A634C8136110F1B0B347F933B11B0CB2522762D96B5C42C8D570A4FA49C94928E793DBEB858
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X`c.............g...............s.......s.......s...............~................"..............."..O....!......Rich............................PE..L....Ur@...........!..............................$`.................................................................H......@>..d....p..........................<...0...................................................(............................text...5........................... ..`.rdata...Y.......`..................@..@.data...`....P... ...P..............@....rsrc........p.......p..............@..@.reloc...&.......0..................@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rnaudiocodec.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):69718
                                          Entropy (8bit):5.854259334889487
                                          Encrypted:false
                                          SSDEEP:768:E8ovAPuQRxUc0YoPuRKky9uUlPoDGj0ZcErTZhDqP1AW6:3ovkuQcLP6C3PoDs2cI7i1AW6
                                          MD5:C828F4B1B35BD7B4E1CD57BB8C2FC129
                                          SHA1:F2973E8DFDBD0231426D8BD7815A29AF1F473758
                                          SHA-256:646EE2EABF359C198463A5078C8C0E20E59A9B1E97341CDBB08C5266878D18B7
                                          SHA-512:EE932E0AE7E8EB0A22E47D1EAA525559CF8C5445C7F918083D6217EC76D5D2EF81297750DA811F53251BBEC12450482B4E455FE046A58D65372DBD58CD515771
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.D.#.*.#.*.#.*.X.&.%.*..$. .*.L. .&.*.L...!.*.L.!.".*.A.9.$.*.#.+.e.*.%. .".*..,.".*.%.!.8.*....".*.Rich#.*.........PE..L...MVr@...........!.........P...................M`................................................................ ...........P...............................P....................................................................................text...j........................... ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rnaudiopacketizer.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):77920
                                          Entropy (8bit):5.999563000943942
                                          Encrypted:false
                                          SSDEEP:768:NKJxNUC1pbd3UizQP1hWWe7xOGY+xVCWByl0f5+BQ8CxxP68ajEQXPPFAATB:IOOpxkizQPXy7teW4QT76njJ3FAATB
                                          MD5:21A11C56DD3AEB5F79BF15294B1289DC
                                          SHA1:2CA65B4F67AA344571B375F452C1E5C5858B046B
                                          SHA-256:A049702599E7CA08761B4BA2D8AD9F6FFF64094D340A15A45A5A9B058CFDA3D7
                                          SHA-512:46BD236BFC259E7AB9D60CAC376C7AF798465891B80DCA1B8CFAD08A00AE87DFA74C846D9778B5F5AB827D9251542DA7A9F2B6DF1DA2B2598DCC43B52390B9AB
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._..._..._...$...]......]...0...Z...0...]...0...^...=...\..._...|.....^...Y...C.....^...Rich_...........PE..L...SVr@...........!.........P....................N`.........................0......................................`...........<............................ ..........................................................t............................text...`........................... ..`.rdata........... ..................@..@.data...<...........................@....rsrc...............................@..@.reloc..n.... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\rnvideocodec.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):106582
                                          Entropy (8bit):5.717207834632074
                                          Encrypted:false
                                          SSDEEP:1536:4+tp0F8OstZjpozMB1PHVsA09H7q7JxTZM7uxC3ybKBTtxLTJQCysD7vrB:WFdst1pozMvHG+r6uxRbKBZxLTX
                                          MD5:C6526E82614CF3457E5AEE07BDA860FA
                                          SHA1:3ED2CFD79D0661B5C7B31953D2C36520D46114A5
                                          SHA-256:B25B382C72B3C1BBB074A300C58C4C358C24B2F4DE23662ECB0DDC599C8B5E40
                                          SHA-512:827312E40681048AAF33796074FCD257A438B9D193A1C58B9912608B7B32B51383EC2141B76E857B94B9E03F18089B33E35BA82AA14077EA566D5912FA20BFA7
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.$.).J.).J.).J.R.F./.J.F.@.,.J.F.N.+.J...D.-.J.F.A.+.J.K.Y. .J.).K.}.J./.@.+.J...L.(.J./.A...J...N.(.J.Rich).J.........................PE..L...`Vr@...........!................_........ ....P`................................................................0@.. ...x:..d....p..........................H... !............................................... ...............................text...^........................... ..`.rdata..P!... ...0... ..............@..@.data........P... ...P..............@....rsrc........p.......p..............@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\videocolorconverter.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):49249
                                          Entropy (8bit):5.258823116095141
                                          Encrypted:false
                                          SSDEEP:384:t0Tt0w1OmGwiYpQGviUCpa7YXF+XCPbzF/G4sTQ0PHxamprbPTz5ogjEr:t0ZlsUb7YX1B/PEHUmwr
                                          MD5:1C7985146A1ECA9FA0008C9E02790791
                                          SHA1:88E9F981CCB0778D8F7CF61B5FABEF23E3CE7C95
                                          SHA-256:5017F5D6A4902CECAA64FCF78F57A6939F6550DA3D1C0FBADE732D019DA68619
                                          SHA-512:17AF6BBA3125D6F3003EF9EACFC64B1DA86808AA975BB5CE007B01012325C175EB566A13C160F4DB42725DBE705F2E0B6959D9631764204323187F7A2CCE91F6
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=bOZ\..Z\..Z\..!@..[\...@..[\..5C.._\..5C..X\..8C..Y\..Z\..x\...Z..[\..\...U\...|..[\..RichZ\..........................PE..L....Ur@...........!.....`...P......yb.......p....9`............................................................................<...................................pp...............................................p..l............................text...._.......`.................. ..`.rdata..=....p... ...p..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\RMBin\tools\videolumaadj.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):45139
                                          Entropy (8bit):4.788372838984784
                                          Encrypted:false
                                          SSDEEP:384:oTFr8+Rbz7lJxYqmfbHWwfCjTndNlXVCr0PCzHCrbPTz5ogqcj:wh8oDl+H36TnlorECW
                                          MD5:FBFB901208E79DB5F33EB7F89F8F15D3
                                          SHA1:E671CDFEA50EE342049D74D2939F874CBA4AE2E6
                                          SHA-256:225B125DDB986E6ABB1F134E6B428B106FE16D102C65AA61BBD5FD95D67FA6A9
                                          SHA-512:99B5C0F9C464A2C464F9A5966DDB752D741D5C99F18C5122148AEF43B1D11F3AC2A1AE60A54AAD5C78320F86138C9581E22520F197741AF881F394CC4EDE76E6
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.W.VSW.VSW.VS,.ZSV.VS..XSV.VS8.\SR.VS8.RSU.VS5.EST.VSW.WSs.VS..PSV.VSQ.]SY.VS..RSV.VSRichW.VS........PE..L....Ur@...........!.....P...P.......B.......`....;`................................................................0r.......o..<....................................`...............................................`..t............................text....L.......P.................. ..`.rdata.......`... ...`..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-04MP6.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):126024
                                          Entropy (8bit):6.046434197596888
                                          Encrypted:false
                                          SSDEEP:3072:draLRznP33cy+gUWUiUt5xMGopYrn4FwpVNmOAqVd5V:YLp+BWUiUt/hpLmOAqn
                                          MD5:6692A4B2DA9738D07C31CD0DBDED8A8F
                                          SHA1:539195AC5C5E8A5EF11F28AD24A3B969F7F73CA8
                                          SHA-256:F89847E7D0839446126AA3BD95C0D6E44FC4D08CCD3DBF6F280C748D8585B471
                                          SHA-512:8F1DA3035ED981D9D6675C22CFE40B20D9D63EA2BD4A98D9029F091250267F27447031995E5297C13BFEE6AADED6731C1D0F9CD9B1E73346FF952B0F8514E520
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L...kQ..N....S..M...kQ..I......N......G...L......kQ.\...kQ.B...kQ..M...kQ..M...kQ..M...RichL...........PE..L....n@J...........!.....@...........<.......P......................................F................................z......Xo...........,..............H...........................................P]..@............P..4............................text...H7.......@.................. ..`.rdata...+...P...0...P..............@..@.data...............................@....rsrc....,.......0..................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-0BECM.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):482376
                                          Entropy (8bit):6.3612258886117425
                                          Encrypted:false
                                          SSDEEP:6144:9hVvzR9DzrFiPZxsIBnP84++ji7zwQmkBPkyE5+qpLHTBXyEnXZOAT1X8RCL1Vmm:9hVzDzrUPZxsIBP84+tVBPk9HTVhKm
                                          MD5:3D228016EDF23246E524783C69B232C1
                                          SHA1:3E09BC2DA39A28AA7946425371B20B770AB4B683
                                          SHA-256:D21D5FE03899A13805AC9A95E0428A3BBEC065F68D2E927FABBC7F3C1DB3BCC3
                                          SHA-512:C113E991A5788F0F364CC1E80B10A8F457A43C005E7B491A4A66B09132997C9057092B5C3A3AC1F06C8751EDC6D55CB8A866F5E7381215C836D9ABC2068FA4D0
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................................T.....T.......@.......................Rich...........PE..L....;.I...........!.....@..........0!.......P...............................`......................................................p...#...........P..H..........`S...............................................P..$............................text....=.......@.................. ..`.rdata..o}...P.......P..............@..@.data...............................@....rsrc....#...p...0...`..............@..@.reloc..^...........................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-0J4IG.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):105544
                                          Entropy (8bit):5.957638306046199
                                          Encrypted:false
                                          SSDEEP:1536:QgXYe1sveFIIXJ84c3EGFvIDylrCPSwlrp7m/3yUOA2hob1eaF/rnG:QgXYyC8JEvIDylrCPSwFpSdOAnh/K
                                          MD5:B12383C00B912A7814C0D972E5ED09B0
                                          SHA1:28C1ED81E4578392AC798D46A4C8B6CBD704F4AC
                                          SHA-256:A2F2C373944DFF1A1B031A91E9F91F1F9A53E19ADD755B9B42607501A483EE0C
                                          SHA-512:B7528F05A565EB55F47113B78A45C783EF469B27AC453E01ECD933F19249C89B3B747C93515B6EA10648E6125C37EF1B73CB17B6B167CB5DCF123B5B0AC7B521
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<`..x..x..x.._..z.....y.._..v.._..~......|......u..x....._..u.._..y.._..y.._..y..Richx..........................PE..L......J...........!.................................................................H..............................` ...............P...!..............H...............................................@...............D............................text...M........................... ..`.rdata...A.......P..................@..@.data...D....0.......0..............@....rsrc....!...P...0...@..............@..@.reloc........... ...p..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-0PMTL.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):662600
                                          Entropy (8bit):7.451916135453707
                                          Encrypted:false
                                          SSDEEP:12288:VLthpWr/8yvqIRXHh6iMiDavaLOHkiryCrfWhqk:zTOlqIR3uiDaDHkAruAk
                                          MD5:65AC8C02B020EAD9684898B75047DE33
                                          SHA1:A58D2E4056468BAFBE95D0F94958313BB65EEED6
                                          SHA-256:7AB14346B8BDF8F9131CCF1A73433CACEDA7F59C434EC87910D8A97E80F3B493
                                          SHA-512:E97E4A443DA820B806DAFA77C84043A480218C85925A890252B79537C1726FB16B56455F0F87B77D94A05B284D3828714A736FFE67E02A0EA2FC03A85413BA78
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.X.X...X...X.......X..gW...X..gW...X...X...X...X...X.......X.......X.......X.......X.......X..Rich.X..................PE..L...b.?J...........!.....p................................................... ......................................:.......,...........+..............H........+......................................................p............................text....j.......p.................. ..`.rdata..............................@..@.data...@f...@...`...@..............@....rsrc....+.......0..................@..@.reloc..f=.......@..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-1NFAN.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):367688
                                          Entropy (8bit):6.10338434508788
                                          Encrypted:false
                                          SSDEEP:6144:9z/2KbXH6ZiE/UPg7sA5YqW1yb+Lu7Ahho7c09L6hFFpVQgUMEzzgcTdT10z0/90:9zSMPg7vSqW1yb+Lu7Ahho7FQhFFHgz4
                                          MD5:63706D727A6B4962BCAA7E6A55D8D304
                                          SHA1:E1A61AED3D039F1EE193131B5AA988C075542901
                                          SHA-256:5890455B23B0BC321A1711E3B64BA872D400DBB171F49274C6B6DF5578D46E18
                                          SHA-512:77D1A413F11062F8E3A40EA0DF02851407B96924EC6BFC8794A9B612CBEB13B6BBED35886DBA14E72D62947CFA4BE3D07684B42A2FB9672A4A9AEBB3A58EE78E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ALt..-.Q.-.Q.-.Q".aQ.-.Q..dQ.-.Q".gQ.-.Q."EQ.-.Q."GQ.-.Q.-.Q.-.Q".tQ5-.Q".wQ.-.Q".`Q.-.Q".fQ.-.Q".bQ.-.QRich.-.Q................PE..L....*.H...........!.................................................................................................3.......'.......P..................H....p..P...p...................................@...............@............................text...h........................... ..`.rdata...C.......P..................@..@.data........@.......@..............@....rsrc........P... ...P..............@..@.reloc.......p... ...p..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-1PS44.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):134216
                                          Entropy (8bit):6.021706875272623
                                          Encrypted:false
                                          SSDEEP:3072:A7Dv3MR/7J8Ecsn9KwLovvmxZOlHn8LjRLM:HR/7J8EBEGZZOlHWLM
                                          MD5:531508445DB5B9493F1102690803BC00
                                          SHA1:C0666F32DA5CC7D4ED3C5F49FFE036E6419A75BF
                                          SHA-256:FCFD2D3169BC3A6CF10225C64B69C41AD170CA9C72E5452C58655C233F222D66
                                          SHA-512:E47726C606A0934075E2A9B7E2CE6AF0D251AC1B3FBD0B9AA2F416ADD36919AFCBDEA66D86D51D10277419CCD92F2472FCB88DB645C8815EE39F25F13BDB85B3
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.P...>...>...>.4;E...>..9@...>.4;C...>...a...>...c...>...?...>.4;P...>.4;S...>.4;D...>.4;B...>.4;F...>.Rich..>.................PE..L...d.9J...........!......................... .......................................}..............................p~.......q...........E..............H............"...............................T..@............ ...............................text............................... ..`.rdata..._... ...`... ..............@..@.data...t...........................@....rsrc....E.......P..................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-1R4DU.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):289864
                                          Entropy (8bit):6.276254515126954
                                          Encrypted:false
                                          SSDEEP:6144:LPYh8DeyY4BdCyck5L1TBS6v8TWOquNIx1TOllZ2R0nk:chpyPBdsonOtN/wL
                                          MD5:079260F3EAD6323355825264280C6C47
                                          SHA1:BB84727DF22087EE1B242726DBAC358412E25344
                                          SHA-256:02C24588B98BF57C99E7D43048612A20A49F753BA0572B2F0713CA6471E3548F
                                          SHA-512:4289A87FC361B7FCF77F7C157AEB21CA0A8DEF099CAA66C9CCA03529BD5B0154B3574B97C66EDB8F8B6E156794A48F223B581E3A14C15D07BFE0169574BD591E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................p......r......p......p.....Z.........\...Z......p......p......p......p.....Rich....................PE..L......J...........!..... ...0.......c.......0...............................`..............................................hq...........!...........`..H....0.......3...............................................0...............................text............ .................. ..`.rdata...P...0...`...0..............@..@.data...8n.......p..................@....rsrc....!.......0..................@..@.reloc...$...0...0...0..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-24RH5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):216136
                                          Entropy (8bit):6.068192152281209
                                          Encrypted:false
                                          SSDEEP:3072:AuFZqrgwxB2SixUSfxA1CjNq6yylMTAe0z2GjBLefe6KwEeXOAZO0GFlc2M15s4i:ygkB2SixUSfOcRqekGjBGXOAZO0GFC2f
                                          MD5:0A64F2C0495701AA013A2D1B155297C8
                                          SHA1:78C1A8762BE4A1D259F5F6EE1CE90B73153A8BE4
                                          SHA-256:020B8308768DAF0D493B8F310DA09974C9DFF3FB5850EA18DF7CF4C8E888B0D9
                                          SHA-512:75C8530C0DD3B47C83A1A6D991377089569FCBD7079FA0C5D184543C90CCEECC14715F8F4883FEFDBE907A99C632443770666113DFA499BDFB0DA0B6B9888A1E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................$...............p.....p.......B......................Rich...........................PE..L.....SI...........!.........@......a........................................@......{...............................0........}...........2...........@..H........'...................................=..@............................................text............................... ..`.rdata.............................@..@.data...l).......0..................@....rsrc....2.......@..................@..@.reloc...........0..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-255BA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):2882632
                                          Entropy (8bit):5.411901232857623
                                          Encrypted:false
                                          SSDEEP:49152:gUwfdH5HD57sWb7gXvY0sNbbWF7bzbosX0kocYEG6Qqo1MF:HOH59pbyvt/X0xctG2oy
                                          MD5:2A0BB9CD24A023A9A929D1475245F824
                                          SHA1:29E90EEF88F4D42DF495CCE941D6306C92281FD0
                                          SHA-256:312256FAADA0D90F9100B6C3F023854F388DE0D0EF30758D04D8B15355C1783B
                                          SHA-512:BD32AC1697DBDD980A3B5C704686C9816A8BEE424936E79B900C9AC4962F62D963ABAC4FE82895A1A32AC070629D7F4565A94C87F43DEACDC0D75C785016F7EE
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."5.fT..fT..fT..A...dT.....eT..A...jT..K...T..[..eT..fT..lT..A...hT..r..pT..[..kT..fT..T..A...XT..A...BT..A...gT..A...gT..A...gT..RichfT..........PE..L....9.J...........!.....@.........../.......P........................................,............................. ~.......o.......P,..u............+.H.....-.....0S...............................................P...............................text....9.......@.................. ..`.rdata.......P...0...P..............@..@.data...X........@..................@....rsrc....u...P,.......).............@..@.reloc.......-......@+.............@..B................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-2B38M.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):183368
                                          Entropy (8bit):6.2035545884797845
                                          Encrypted:false
                                          SSDEEP:3072:AIa9BWQVZyY1gzJ8uV8he1k6UZlnFp2HwvXZtcV++AYvfTzXbsdkOAJncpV6mNR:gBG8hx6MvzkYdkOAJnSfR
                                          MD5:256FB3795B4D98BDF4B5F986CA2ED898
                                          SHA1:4C4633C806B9250BD414643D6BAB040A360E2A42
                                          SHA-256:0D088D1BE78B46B25E560AEB01989EA9700A99457ABF7B4DF225512C60E31F9D
                                          SHA-512:0DA0EB3B4B96DCC6751C00279D4EAD9BD534DE64BE3CF74BE0280166A3728646F7012E181F9A7890972A9A01A987CA8F6A6F3A4D003A452D791AB2330D38DA7F
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._..a...a...a.......a.s.....a.......a.......a.'.>...a.'.<...a...`.U.a.......a.......a.......a.......a.Rich..a.........PE..L......J...........!...............................................................,................................;.......-.......`..."..............H...............................................@............................................text...-........................... ..`.rdata..K\.......`..................@..@.data........@... ...@..............@....rsrc...."...`...0...`..............@..@.reloc...$.......0..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-2JVER.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):134216
                                          Entropy (8bit):5.950568356619592
                                          Encrypted:false
                                          SSDEEP:3072:F5TNp3wgHLAVazoHhsTdVPOCYc0oBQNkIBYvbmOAPyPgI:FKgrYBan7IBYvbmOAPOn
                                          MD5:467AB9FCA85DF5F8C3FDCA994AA6681C
                                          SHA1:0CA6720AC77B3252AC21055B0D9704EFFE4E06BA
                                          SHA-256:B208B7ABA3B6F2563E103338A69B39B54AA3E482215F5F5A808A3196360CB5CC
                                          SHA-512:13B12A7542706F91CC8518E57E4AEB5CDD44C42885CED9513F8370839E02D736E02EE086C14CA9C958C2E37DA5487AF3849B2269EF3CD22DE952C59EB2D17702
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FJ...+.I.+.I.+.I%..I.+.I...I.+.I%..I.+.I%..I.+.I.$.I.+.I.$.I.+.I.+.I.+.I%..I.+.I%..I.+.I%..I.+.I%..I.+.IRich.+.I........................PE..L...p..I...........!..... ..........$........0...............................................................................v...........)..............H.......0...p2...............................N..@............0..4............................text............ .................. ..`.rdata...R...0...`...0..............@..@.data............ ..................@....rsrc....).......0..................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-5J4Q5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):281672
                                          Entropy (8bit):5.996089457443986
                                          Encrypted:false
                                          SSDEEP:3072:4ZBHSZwdHooHhZD8xC/zKLttY8K6QS7Q22zjR0tgoEOlUMiXhvvryRbF:eHSZCHoqhgo0tgoEOlUMMW
                                          MD5:F7A1100AA2BEE8DC57D5E65EFE37B84A
                                          SHA1:A88D15948123E4A1A2D607D6389B6BA46BC943F9
                                          SHA-256:A370D0C3F4E77C3A106B6798DACE8D1C2DE836EB5F884AE2259D7E5352FC1EBC
                                          SHA-512:A7E24F76C6AC7604C79B8E2C8A14BE86224B3AF62B0AAACA0832C7299AE93A71DDBB0D259D40CB6C34B768DED323650849BFEC35CEC433ADA35D89D0C541ED9D
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.s\&...&...&.....c.'....,p.*....,`.#....,f.".....B.'.....@.+...&........,s.*....,g.'....,a.'....,e.'...Rich&...........................PE..L.....&I...........!......... ............... ...............................@......j...............................@....................o...........@..H.......$>..`"..................................@............ ..,............................text...]........................... ..`.rdata....... ....... ..............@..@.data...|w..........................@....rsrc....o.......p..................@..@.reloc...J.......P..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-71N74.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):121928
                                          Entropy (8bit):6.03775805761711
                                          Encrypted:false
                                          SSDEEP:1536:VbvD8YUCEQfqU7INzp9S4bbleVKvP5w0peRJLOAwv4cUcftYvnM:Vbvy2fJ7INzl/leVGP5QtOA/dMtR
                                          MD5:B8287065C11E586EB4DB6D77D4BFA746
                                          SHA1:F611EDF3458BF64C3C8F122A043ABC27938B28AF
                                          SHA-256:88D4FC43BAF7CE14A58CE3E6CC8157D724DF311924BBF763AF88CDC175875465
                                          SHA-512:9DAFA30B43D4CDF34D67DD9534119EC9A30C90A811D77F6A925DBDA6DD2249A8CCB69DADD83CFE0870E5F69614ADB4BB3DC0CC610FBF8950E9B0C78DD420163F
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7q..V...V...V...d..V..r.a..V...b..V..&Y@..V..&YB..V...V..CV...r..V...q..V...e..V...c..V...g..V..Rich.V..................PE..L....&BI...........!......................... ......................................I...............................`o......@b..........................H............"...............................=..@............ ..T............................text............................... ..`.rdata...P... ...`... ..............@..@.data...t...........................@....rsrc............ ..................@..@.reloc..N........ ..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-73FKL.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):158792
                                          Entropy (8bit):6.170328143059685
                                          Encrypted:false
                                          SSDEEP:3072:Vzw0rMLkmM3R3gokG1hdNY/kurW5M9LsOAhpl8ElG:+0oLgR3tkwdYrWGxsOAhp5M
                                          MD5:8E3D1B9F613833A2E557AAEA51BF2812
                                          SHA1:804EA893FA96E6B96E1736663CC0D7CD6ECD6053
                                          SHA-256:2CFDB8CBDDAB40B8592C791986AEAF8F82AAC550151F1A2B83FCC553F901544C
                                          SHA-512:CA93F2317FAEF638CDE03C0E2E71FD3C908B814B1D1D7D79DC9A2A509EFB4D96893112A2EE9711595B7878800B8DA2F86D328FA402E91F3CEA65B2B659DED7A5
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............F..F..F.j.F..F]h.F..F.j.F..F.j.F..F...F..F...F..F..Fh..F.j.F..F.j.F..F.j.F..F.j.F..FRich..F........PE..L...Y..J...........!................Ev.......................................`......<...................................................4"...........`..H....@......................................x...@...............p............................text...={.......................... ..`.rdata..zQ.......`..................@..@.data...$........ ..................@....rsrc...4".......0..................@..@.reloc..n....@... ...@..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-7AHQK.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):5569608
                                          Entropy (8bit):7.110150372444856
                                          Encrypted:false
                                          SSDEEP:49152:kgyXpr6Mx+XIkjgZ8fRpQ2/BHgRCbbC9FLfO3XsSKiSK0B0z5t3:kggrpxiIvWpbbC9FLfO3XQ2
                                          MD5:FF539B2E97A5668F7A6BE09970A53EBF
                                          SHA1:4D8AE8398002C8DEAE5CD4D0D205060B05CE7A89
                                          SHA-256:316BF74DB9D2F330B241A41681AB1B5A671BE064C512A188F4F276029CDD3195
                                          SHA-512:30D651198541314DCC027C0DAB93E7B77C9ECA41B14484B0B768B7A4DE0A0813D7C2E89B055389922B41BC2C63BC25ACBA831913D1CB5B692C3090B83A2F0435
                                          Malicious:false
                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........TP..:...:...:..$A...:..&D...:..$W...:..$G...:...1...:.......:...:.~.:.T.Z...:.T.e...:.T.g...:...;...:..$T...:..$@...:..$F...:..$B...:.Rich..:.........................PE..L...;.#J...........!..... /...%.............0/...............................T.......U...............................0.......0.......N.(.............T.H.....N......9/..............................................0/..............................text...<./...... /................. ..`.rdata..>....0/......0/.............@..@.data.........0.......0.............@....data1..p;....N..@....N.............@....rsrc...(.....N.. ....N.............@..@.reloc..8.....N.......N.............@..B........................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-865D4.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):941128
                                          Entropy (8bit):6.381427254915849
                                          Encrypted:false
                                          SSDEEP:12288:mfM0eMzoPE9i6VK/UxjJb0B61cAzSVJPW1:mfMfMzoPE9i6VK/UlJb0B6GW1
                                          MD5:BE2AA9838DC319C6974F8F52DCAE300D
                                          SHA1:A9492DD434790424C0CF2838671CDC33D2C0736E
                                          SHA-256:2B0059E6098156CE6810802B3C9D3FD4CEE038D2A1AE5C71FD642FB535E20DC4
                                          SHA-512:0537B34D2E2C90725E0880E29AEAC7948EF6628CD4F55F92FF09757ECC2B3D78194D8C76E890EE69B5B8FCAD6BA80AE347275A54BF9E76A5ED6BE4E9CEB3D16A
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................V.....*T.....V.....V.....~......~......~...........V.....V.....V.....V.....Rich............PE..L...)7.I...........!................m!.......................................`.......................................................................P..H.......<...................................z..@...............X............................text...,........................... ..`.rdata..o .......0..................@..@.data..............................@....rsrc................p..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-9DSR5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):130120
                                          Entropy (8bit):6.078834324369387
                                          Encrypted:false
                                          SSDEEP:1536:+T7VVCGi6SmyO78e9SpKRyydffsvmDQTvEPfIHUokM1aj+sibROAe33z5SgIMlUo:+T7VVCGx2O7mQJ7D2EolJ1aqdOAC95PZ
                                          MD5:BCAB06C20D64830F11711E54AD4A1C76
                                          SHA1:93E2E65658B43C7A966F9E7FD4F941DBC76A0049
                                          SHA-256:791AADB0E62029539CC6152DE794CCDAB6F70E1576F4F06E7D697DA94E906401
                                          SHA-512:893A5DF69D4FBB24CDD96DA311AF17E78DDFF66F4FC1CE54A6847A56A9D225340E3ADB9049D06C060F083AE23B54D0827A163FF11648F45F9FBE68BC6BB9166D
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J..............)c......a......)c......)c...........................)c......)c......)c......)c......Rich............PE..L......I...........!..... ..........<........0.......................................................................x......Xm..........|"..............H............2...............................I..@............0..D............................text...-........ .................. ..`.rdata..JI...0...P...0..............@..@.data...$........ ..................@....rsrc...|".......0..................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-9FO3B.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):52296
                                          Entropy (8bit):4.709998284021842
                                          Encrypted:false
                                          SSDEEP:768:J2xSe9ZPywV2IiLSNKm4z+xL1j7nSGalZRULbi:J2xSe9ZPywV2iNppxL1HSJDRUni
                                          MD5:9C6CB2B963EACEF79C25095F32A1051D
                                          SHA1:FC697B3F2B4C313F3916A8C226798304F116E76C
                                          SHA-256:7FB49DCAFFDFC80D41E5189E6ADA1D2A43D96523719FAC05FA32C395807A77BC
                                          SHA-512:B7226E04867CED7C2C6CB8DF4B86CBFDD0E88E65BBC40EFEB497E9635346A13477EA48C1B9A205BC01689F89FEA4871DA3CE997DC7282D13E353E3A43F7B729C
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h.9J..................... ........... ........@.. ....................................@.....................................S.......p...............H........................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-A4S89.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):117832
                                          Entropy (8bit):5.961531174262682
                                          Encrypted:false
                                          SSDEEP:1536:6GJG65dti5r/ri4drO1/nVS/QVvyc2CZW7O4covj33dPgldneh8OAq37Vn/nd:6GJG6Nw/rtMfnBzLovjnClIyOAqrVnF
                                          MD5:D007C0A295E7FA9440D47034352F4BAC
                                          SHA1:DC3FCE7C9DB0A2F0FEA067F56A6AA230994CFB5E
                                          SHA-256:3142EBC888069A03CC97264F574AFC4BB894A6B36089D7E3C841B9CA5D3A8CB4
                                          SHA-512:A080D822ACAA4BEFED2DDED6F3286E4F22D380E9E82393DC8421D05DD7A837C925E8954195B499A47561FDF8CCCE74D08C11C5FD58A9B9BB457843303AA55ED3
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[.G.5.G.5.G.5.`.N.E.5...K.F.5.`.X.J.5.`.H.B.5...j.E.5...h.J.5.G.4...5.`.[.W.5.`.O.F.5.`.I.F.5.`.M.F.5.RichG.5.........................PE..L...oHoI...........!..... ...................0.......................................W...............................d.......X..........T...............H............2...............................=..@............0..L............................text............ .................. ..`.rdata...5...0...@...0..............@..@.data... ....p.......p..............@....rsrc...T........ ..................@..@.reloc..8........ ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-A902I.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):494664
                                          Entropy (8bit):6.579021947502978
                                          Encrypted:false
                                          SSDEEP:6144:VlNiAugvDt4NSb6AieN4nUrOWAzc45GsKvUfUl8atdAUeHC:VengveNSb6NeN4UrjAzc1sfUztdQC
                                          MD5:63C409CAB29B27CA82D66CA371DF53C6
                                          SHA1:33E91016739392A8993464C3F7E1A57F8E5EDB93
                                          SHA-256:382262692704DF3C58F748DFF65CCCD1529A7515C75D0A53E60ECB2303ECED1F
                                          SHA-512:7CCE5462E7B559B190BF816CFB008EFEA990AC466E8768455AFF27B91BF41AEC6DFABAF22B738C1A50A02675137CE6D3A69A7356AF34278FD3B83472D3968A8E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..sb..sb..sb...b..sb...b..sb_.,b..sb_..b..sb..rb..sb...b..sb...b..sb...b..sb...b..sbRich..sb................PE..L....%.J...........!................?...............................................q.......................................X...........t!..............H.... ...b..................................x...@...............0............................text............................... ..`.rdata..:...........................@..@.data....Z.......@..................@....rsrc...t!.......0..................@..@.reloc.."|... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-A9RV4.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):195656
                                          Entropy (8bit):6.199832033353761
                                          Encrypted:false
                                          SSDEEP:3072:RG+vRiV85bIypRbtjZfWXHK9FDjquxa57OlVb8CVP+VsTg:BvkVYjFVDjqqa7OlVMSg
                                          MD5:09CE0913BABA8373B334A0520749D2D9
                                          SHA1:DBB8CC3BA9B82DC9CE73B16A4E3A7A42E9BC974C
                                          SHA-256:E7EDFD1F5D7A3F19B41B2277483D0C25E58583197CB4AE64361D9C78D943BE2F
                                          SHA-512:01F41D74FBC439233C06E347C3C2098F82A3E4BB44A869960E9AF5525B238A21CD97EA45D852060119686535BA9A0FE15C1942A0CB536F62FA375448665F1820
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0.qt.."t.."t.."SC."v..".A."u.."SC."y.."SC."r.."..."v.."..."y.."t..".."SC."f.."SC."u.."SC."u.."SC."u.."Richt.."........................PE..L...[..I...........!.................................................................J..............................`M.......@..........x0..............H........#......................................@...............|............................text............................... ..`.rdata...n.......p..................@..@.data...h&...P...0...P..............@....rsrc...x0.......@..................@..@.reloc..f,.......0..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-AOVV2.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):629832
                                          Entropy (8bit):6.582094691748903
                                          Encrypted:false
                                          SSDEEP:12288:WVDREqVdCuir+TMIRdQ3hL9Rgt36kK1whErNQiwQ3M5bP:WVDSqVdCuir+TMIRdQ319Rgt36kK1wKu
                                          MD5:78D71CC54AE35E09633A8B013B68921D
                                          SHA1:9EB30998524ACCEB0A07788E543D5B75DBA836CD
                                          SHA-256:085B997DE5F78335B8AE137F5626F14EB361C902EA5B47A8B3B59794A8761B08
                                          SHA-512:C8463C96117CC69586EFE7B3F5CD92A353CDC97E1C47574C9D93F3CEECB6BA5820B7EDB41B216108849BD94E775B30102C1418F7E2C5B932EC23F2A8CCA9F5FE
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{k..{k..{k.....{k..{k..{k.5t4..{k.5t6..{k..{j..{k.....{k....@{k.....{k.....{k.....{k.Rich.{k.........................PE..L......J...........!.................................................................i..........................................x....`..................H........<..0...................................@............................................text............................... ..`.rodata.@+.......0.................. ..`.rdata..:...........................@..@.data....u.......0..................@....rsrc........`... ..................@..@.reloc...Q.......`...0..............@..B................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BO3QG.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):781384
                                          Entropy (8bit):6.397590514091339
                                          Encrypted:false
                                          SSDEEP:12288:dhSQHeeU/Le1pLBbZW+9W0pjBmYltysNo+lFE+buiYHFIB8P5/8Q/8Q/8Q/8ly:dhSQxQyjBmYltysNo+lFE+buiYHFIB8d
                                          MD5:473B704CC0B8AA70B35FCB0512E8C8E3
                                          SHA1:07A86DBA55D8DAC7E81D3EC19E2ADA4284FFFE97
                                          SHA-256:BECBEC1554F35140B56CA480036B231A964F18F7692C916FBDDD5388520859B1
                                          SHA-512:FA9B798478A35391563C8544C962F5645D0134CDDFD1FD88BCB2D2D5D6351039BAC72833B6B0EF465E597F1562598EBCEAB7F683FF95647F1E8865081E895523
                                          Malicious:false
                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b.M.&.#.&.#.&.#.y.(.0.#.`.....#.. X.$.#.."].'.#.. ^. .#.&.#.n.#...|.$.#...~.-.#.&."...#.. M...#.. N.2.#.. Y.'.#.. _.'.#.. [.'.#.Rich&.#.........................PE..L....X.I...........!.........P......8........................................@..........................................................................H........7..p................................................................................text....u.......................... ..`.rdata..:W.......`..................@..@.data...\........p..................@....data1...............`..............@....rsrc............ ...p..............@..@.reloc...K.......P..................@..B................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BUAL1.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):117832
                                          Entropy (8bit):6.16714303771357
                                          Encrypted:false
                                          SSDEEP:3072:fjhTr4bVEO/XAiiHpf3/ldOycPOmbf0OAdKc:1Tr3f39otf0OAdN
                                          MD5:D838C4B467E2389B714DD57DCFE538E7
                                          SHA1:DC9F32EE0BCB8C18EE34048282FBA7C3CDF0A60F
                                          SHA-256:69829604C4290112074C91B25A61DDE2D9EB82525764105E4F37532389D99499
                                          SHA-512:DEC1D6DF86C9D5422801292169F905BD0361CDD0F195372684BFF3F38074BF9A70B1E8BA8FB2F6E0078F4F947DD918CA2EDF6824BD55C6A92915DBD03109B834
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`..\..,\..,\..,{.,^..,..,]..,{.,Q..,{.,Y..,...,_..,...,Q..,\..,...,{.,O..,{.,]..,{.,]..,{.,]..,Rich\..,........................PE..L......F...........!.................................................................3..............................0;......@0..........................H...........P...............................@...@............... ............................text............................... ..`.rdata...;.......@..................@..@.data....7...@...@...@..............@....rsrc............ ..................@..@.reloc..B........ ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-BVPB6.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):765000
                                          Entropy (8bit):6.559063143907738
                                          Encrypted:false
                                          SSDEEP:12288:5ogGQ9Rgt36kKX0nHwosr+TroVTMh97DzIFIQF0y93ZKb82aU9Gd094Y/Y3:5ojQ9Rgt36kKX0nHwosr+TroVTMh97D2
                                          MD5:FD58AAF657C70683627705485D7A8236
                                          SHA1:D60C342D0E814A9FD00CD8F62B34390FF9F6394B
                                          SHA-256:A9CC8E7DFD0BF4BEE1D4C9487D9B35142801297C7065FFE70CAF13281CE3F308
                                          SHA-512:037B71C7530DF9EBA38C9F835B0CF3D148E1DE9D195BD198632C5F01CF6ADD932F2A166FE64129D80ECBAFECF5A75360FB72BA08C1B6E618F56208A01F162804
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T>y.._..._..._..O}..._..V|=.w_..7.l.._....i.._..7.j.._...PH.._...PJ.._..._..._..7.z.._..._..._..7.y.._..7.m.._..7.k.._..7.o.._..Rich._..........PE..L...v..J...........!................}................................................................................D......l9...........M..............H....`...V..p...................................................$............................text............................... ..`.rodata............................. ..`.rdata..............................@..@.data.......P.......P..............@....data1..............................@....rsrc....M.......P..................@..@.reloc...^...`...`...@..............@..B........................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-C2T8I.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):117832
                                          Entropy (8bit):5.90681620527559
                                          Encrypted:false
                                          SSDEEP:3072:aDTruzzHuFd4ObgCSkrpG8eOAsY+hgrUxDrQ:42Pq4ObpJpG8eOA5+SrUB0
                                          MD5:2C54599D9B8BA48A66E0292CDB550C9D
                                          SHA1:5F33CFA18E34FF1F21A86F41B1E57CBC0635624D
                                          SHA-256:5E4EDDBAC2C937154FCFBE3D08E2F29013FFF710013CC8FECFA5763FEF51DF25
                                          SHA-512:874DDCB0F7750F0AD2223BF36B926A4320D61F91B656B0C4D4F4202C313FE8B39A7ADADDFB6EA78469DC3D4636863E1B05233E84784357FD9B23D98E846219FE
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&..b..b..b...*..c..E(..l..E(..d..E(..f.....a.....o..b.....E(..p..E(..c..E(..c..E(..c..Richb..................PE..L...w..J...........!................z...............................................E...............................PC.......7.......p..."..............H...............................................@...............\............................text...-........................... ..`.rdata...D.......P..................@..@.data........P... ...P..............@....rsrc...."...p...0...p..............@..@.reloc..,........ ..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-C69FV.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):498760
                                          Entropy (8bit):6.275559960942112
                                          Encrypted:false
                                          SSDEEP:6144:G0BWM9IWn4f4RkjLNzIOYCr3pYjarafaBXqqMe:G0BWMqn6kjLNzIOYCrWwaSBr
                                          MD5:8E3A4B08E85DBD20B810779C2BFA6301
                                          SHA1:0322A138B773894336056956961D356E6E69E49E
                                          SHA-256:C92991E10D324FD7A030F0DEAB472079ED554EB8132AC412CE8053C1A4249B9C
                                          SHA-512:F26F698A8D3F8A67F55589109AE0B9D288643BFFF7A6637CE0644E045AA9B7AFE484B6F3DE0FFD32A4D80D604DED16D7A863BAF839BFD13C63CCF8FCB3507BD6
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9&6]XHe]XHe]XHez.5eFXHez.%e.XHe.W.eYXHe.W.ePXHe]XIe.XHez.&e1XHez.2e\XHez.4e\XHez.0e\XHeRich]XHe........................PE..L.....J...........!...............................................................m^...................................................v..............H....@..$l......................................@...............L............................text.............................. ..`.rdata..9...........................@..@.data........0...P...0..............@....rsrc....v..........................@..@.reloc......@......................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-C754D.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):334920
                                          Entropy (8bit):6.044394448627665
                                          Encrypted:false
                                          SSDEEP:6144:FwtRN4LDuhO1wGz255WSfafUDVnOAFeXlmt4XEgTrY:FwfN4nuCwGz26Sf2tlCgTrY
                                          MD5:DB09552239CF65731090511E599DF86E
                                          SHA1:93661E36B97971FD69210140F47E010F60B007DB
                                          SHA-256:EE629A43ABE3945522CDA51382122E37F9F56655C0351FBDE9088B0374952E25
                                          SHA-512:2090A03DC11AADC5F1A8FA1E4FFA9FE06FC21156931E2AA4021381D58B0AA6EEE1B8E4F7B9B6E639EF8CEA0B20C6807C3A10F5A50EBC38FA5044EE1692D3DCBE
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........RD..<...<...<..QG...<.2SB...<..QQ...<..QA...<.f.c...<.f.a...<...=.9.<..QR...<..QF...<..Q@...<..QD...<.Rich..<.........................PE..L......I...........!.....p..........&U....................................... ......................................Pv.......j..........P...............H.......lJ..................................@...@...............X............................text....b.......p.................. ..`.rdata..............................@..@.data...............................@....rsrc...P...........................@..@.reloc...Y.......`..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-D0UE0.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):121928
                                          Entropy (8bit):6.103076480048846
                                          Encrypted:false
                                          SSDEEP:3072:QGceWji8cfbsK+isycMei7QTKc4IKOAQG3v:ueWe8c4vfllKOAQGf
                                          MD5:5E80A4F53B45964120BDF0798C9E3625
                                          SHA1:FE220C7548C80D9A3134D4BA8A8F5CF5C15E42A5
                                          SHA-256:FA2251375A493D09ED124B1A3A59D8CCD42029F5C963CE61812493A614C021A5
                                          SHA-512:B38A24C5D52512AACF3CACE7174D7DA9C686FEEC72C929561A6C6C5A16D510224D735BB6689B60DE7EFAD757140F04B184D04F7BBF1C6C4B60795897B0799919
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!...r...r...r.u.r...r.w.r...r.u.r...r.u.r...rK..r...rK..r...r...r...r.u.r...r.u.r...r.u.r...r.u.r...rRich...r........................PE..L...~..J...........!................@........ .......................................Z...............................d.......X..........p!..............H............"...............................7..@............ ..L............................text............................... ..`.rdata...E... ...P... ..............@..@.data...T....p.......p..............@....rsrc...p!.......0..................@..@.reloc..`........ ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-D6VPP.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):154696
                                          Entropy (8bit):6.112716478512044
                                          Encrypted:false
                                          SSDEEP:3072:wmho4W7e1L94PVTbh821+/lofuUFOyaOlgEpe3y7a:3ZytP4lzNOlgW17a
                                          MD5:10047E126653E10FB780848901F0BB37
                                          SHA1:E69F83FCC2340BDD5BB15FE22B52BFDDDF4B5DFE
                                          SHA-256:48FC223F8F468270C9B9B33B8338B0088782EDA2C3CB61C84096E2AD90A583B3
                                          SHA-512:E8D5A46A613E1EDEE2BE8EB93A3AF139ED9247BB52D552544ABC2FE978F4FC50D17D8DD0434AD09C711DCBB57981EB3EA6F1CB35FD04B9CCDA129288258E7FAD
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\...={..={..={......={.e....={......={......={.12$..={.12&..={..=z.a={......={......={......={......={.Rich.={.........................PE..L...aZ.J...........!.................`.......................................P..............................................<........................P..H....0......`..................................@...............,............................text...,q.......................... ..`.rdata...X.......`..................@..@.data...8........ ..................@....rsrc............ ..................@..@.reloc.......0... ...0..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-DTMKQ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):322632
                                          Entropy (8bit):6.34700710615469
                                          Encrypted:false
                                          SSDEEP:6144:pyTeloOv9aYgJP42RsHpBFi8ynVSAk8oOALn70+5PgWz:pmeloOFBgJbIpfi8yVSAmgWz
                                          MD5:E8E913C5B23C79297EFD3293B2362743
                                          SHA1:7E8E9E1474F0B65D96BBE3F2358B521B25A9E417
                                          SHA-256:49177A33779219806C37014E7535B9773764E73ECADBDD7713DAAF9263BFAFE6
                                          SHA-512:CEF792C293DF50AB3557149D4DFB0BB19F55FB3D9E7B2DC362F41F9F30946E47D2BA41246EDD9903DA5FC8972DACA009A193EB357C07783492339976900A6A6D
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'..I...I...I.<Z7...I..X$...I..X4...I..X2...I..X;...I.h.....I...H...I.h.....I..X'...I..X3...I..X5...I..X1...I.Rich..I.................PE..L......J...........!.....P...................`......................................&C......................................0........P..d2..............H........>..0e..............................0...@............`...............................text...|E.......P.................. ..`.rdata..S....`.......`..............@..@.data...p-... ...0... ..............@....rsrc...d2...P...@...P..............@..@.reloc..NJ.......P..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-EEK67.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):117832
                                          Entropy (8bit):5.789381690422656
                                          Encrypted:false
                                          SSDEEP:1536:jBGBSoSH2v1bz74yyWO1q9Lv17UVSkZgWcII2ul95uYYOAvn7EJ/lSrYdg+nN:CSH25z/y9ETkZ5cIIhuYYOAvATmY2q
                                          MD5:387C5EE2AD7FC1EDCD02F52A8AB4731F
                                          SHA1:68E868426483E79641B04C08BD9B28659BD70F72
                                          SHA-256:67FDAAD382768570F655B3A6EB10D1FA501ADB77CCD849D3F42281A104151FA1
                                          SHA-512:3D47A3D4E713508AEBD1D85A1992C722D10F80BE4D54693799C7BFB9A279BA769353069A7E93B63F2D67BF99004767F5C6842BBC016FDFF07ECDCB1A1D3F372C
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............@...@...@..d>...@..f-...@..f=...@..f;...@.X.....@.X.....@...A.4.@..f....@..f:...@..f<...@..f8...@.Rich..@.........................PE..L....y.J...........!.................................................................................................B.......4.......p..."..............H...........................................p...@...............|............................text............................... ..`.rdata...B.......P..................@..@.data........P... ...P..............@....rsrc...."...p...0...p..............@..@.reloc..V........ ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-EJ2QC.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):89160
                                          Entropy (8bit):5.544035731485942
                                          Encrypted:false
                                          SSDEEP:1536:/fg6S3kwJ6UFsDWSQm4RpUjT5lUmUEemrFGcBwXOASu6A8Lrn3:n3S3kcHsiSiDUfUmMmrFt8OASuYX
                                          MD5:2503C08DB98BD03AE359AFD5FE5C5213
                                          SHA1:51ED833E6BD3F2AC3C126B84678930257C3185BC
                                          SHA-256:229E5F6F3D4A910DDCDEB4F70382DA1E7988A7D2F1C675E3348B626053023402
                                          SHA-512:73CD28CBCCB62D1B9BA0E1C0429178B697B579E65A148E269ABD18BE627BF758FF2581FFB238BD787EF7B9BFFE0B1A212241ABD7E635BDA1C9B04069DA3C36BC
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w..X...X...X......Z......Y......].......[.......S...X...'......H......V......Y......Y......Y...RichX...........PE..L......J...........!................V........................................P......b...............................`...................<$...........P..H....0..........................................@............................................text...8........................... ..`.rdata...1.......@..................@..@.data...............................@....rsrc...<$.......0..................@..@.reloc..N....0... ...0..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-ET8TH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):232520
                                          Entropy (8bit):5.223912761169328
                                          Encrypted:false
                                          SSDEEP:6144:eJ1Y6pQBA8rkU4mlAF+cLBmYYztxU23OlHoo:KpQSpGtxUL
                                          MD5:B23351F139410D7F55A253A2E9970D05
                                          SHA1:9DF6E56781B245A95C381A4FB808F0690BA96413
                                          SHA-256:E329CFBE13960962FBA7A1371284992D3ED6FE8D584BB807922BFD66FCD8E616
                                          SHA-512:83472C6759E6FA46EA7AC5B5FAC586004BCCCC6B7CC396F51D6C40BD7461747FCB564113B97653D71822E1C3B61BBDC5CCEC6629020531DA3DE6BCE7002E650D
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P...1...1...1.......1..~....1.......1..*>...1..*>...1...1..Y1.......1.......1.......1.......1.......1..Rich.1..........................PE..L...L.9J...........!............................................................................................... 5......X(....... ...;..............H....`..........................................@............................................text...-........................... ..`.rdata...e.......p..................@..@.data........@.......@..............@....rsrc....;... ...@... ..............@..@.reloc..8....`... ...`..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-F8P78.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):158792
                                          Entropy (8bit):6.104081152682231
                                          Encrypted:false
                                          SSDEEP:3072:fG+scigPcWJy7Hzzug5HIbatbZpOgnFb0TZ:Hjt2bzzQbaDpOgnFQ
                                          MD5:D513520763AC4C0EDB824FE41CEFB0E6
                                          SHA1:147F44E08C674C74241B3DF1CCD3F3B650C55E6E
                                          SHA-256:48374309DB4A8A7C35C48A6AE6AE0EC2D1B6972515D9352A926A74EB7A8747B1
                                          SHA-512:DCB4968374E89753CE3151858D31135413C76211FEACF38A4D524EFFBD70688FBB6CB8ECE301C37046CC4FC17E8CD43AF9D7C65EB618C5379AD6DE200304FD65
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.#..#..#.....#..1...#.....#.....#..e,..#..e,..#..#..>#.....#.....#.....#.....#..Rich.#..................PE..L.....(J...........!................1j.......................................p.....................................P...................|#...........`..H....@.........................................@...............H............................text...Lt.......................... ..`.rdata...^.......`..................@..@.data...t...........................@....rsrc...|#.......0..................@..@.reloc..."...@...0...0..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-FA4HT.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):629832
                                          Entropy (8bit):7.4355535066010745
                                          Encrypted:false
                                          SSDEEP:12288:8lNOGfB4SHAwVuRXHh6iMiDavaLOHkiryCrO:FYFruR3uiDaDHkArO
                                          MD5:948BE7CD2668F1207EAADFE480006827
                                          SHA1:DFDFAEEC6278E5018F5481C42A104A681B00C525
                                          SHA-256:42CA78E207B90158F0C86D7D248D838C8F0F45434EBF1875C3EF2828F85965DB
                                          SHA-512:056169D8E9891543681B8F6519A3E399F3F1CC2D857D9CC54227AFEC0B10CB5C075CE23F65BD546BFA18242CE75B3DE59048A3CF22F88F8BA6139634156FC650
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*.. n..sn..sn..s.).sl..sI+.sh..sI+.sh..s..so..s..sa..sn..s...sn..so..sI+.sv..sI+.sc..sI+.so..sI+.so..sI+.so..sRichn..s........PE..L....N;J...........!.....P...0......^>.......`......................................................................0.......(........ ...-..............H....P..H(...................................................`...............................text....@.......P.................. ..`.rdata...o...`...p...`..............@..@.data....I.......P..................@....rsrc....-... ...0... ..............@..@.reloc...1...P...@...P..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-G43RQ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):433224
                                          Entropy (8bit):6.039004575572842
                                          Encrypted:false
                                          SSDEEP:6144:YdpTIZ1jpHHcuR73SRkORzV3QZLIm3isqXcum6fDmfI0OsUOl0yWMQP8eXK:epTIFHHcuR7nOpvMyK
                                          MD5:2E56B390DFB21618188185C3AF0C48AD
                                          SHA1:7F1EE4E751D3542E4D3002E06D9E7CB554CC7834
                                          SHA-256:887616F776DC762F46B0CB8E2862714F24C23B9E6E73E48D2ACC2E56F5006A8E
                                          SHA-512:EC6294F745426655E5F1ABDBC2CDABB5393B35D1D2AFA03B4EEC7E6DFC0D99C9CBD101A7E72FFD50F1F30177F42916AAE78B6DA884004B7C462C2F29518BD6D0
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........}.}d..}d..}d.....}d.]....}d.....}d.....}d..r;..}d..}e.U}d..r9..}d.....}d.....}d.....}d.....}d.Rich.}d.........................PE..L....L.I...........!.....@...@......%%.......P......................................s9...............................z......lo..........................H.......(k...R..............................(...@............P..`............................text....<.......@.................. ..`.rdata...+...P...0...P..............@..@.data....o.......p..................@....rsrc...............................@..@.reloc..n...........................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-GBEMH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):97352
                                          Entropy (8bit):5.696298787460142
                                          Encrypted:false
                                          SSDEEP:1536:J8FLUa8TraMBdqAsTASAGk3Ndj3di18OgP0pepyJBqsyuw0bnEGn8:JiL/8TmM3q3i9djt7Ogqqs40bI
                                          MD5:4CE5F2D7DB57ED6D8E3BFB34A28CA690
                                          SHA1:A148D0CC3F6D16087E4A1A58C54A9052DCBDF666
                                          SHA-256:3591630B159611F779E392AB124161A2A2358D473C149A9612475A700CA190D9
                                          SHA-512:770C450FCFC431AEC85830111A828EDF205A0EA8F986799EA6383E4969179B53E857252C5511B4B760EBCF922973041D2557C060B3A26DE58E504350C39FAC43
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.{.+...+...+....)k.*....+h.#....+n./.....J.*.....H.&...+........+{.9....+x.$....+o.*....+i.*....+m.*...Rich+...................PE..L......H...........!................................................................#............................................... ...0...........p..H....`..H.......................................@...............l............................text...-........................... ..`.rdata..|4.......@..................@..@.data...............................@....rsrc....0... ...@..................@..@.reloc.......`... ...P..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-GOFIH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):4037704
                                          Entropy (8bit):7.1577901707076075
                                          Encrypted:false
                                          SSDEEP:24576:aKFuIZyEh2yTDLkDpCAl+wpvgbqVgLq4hAycC0N9Pg1c5ZqRE+GqktBjHAwt+FQL:aKFuIZyA2D6dVcPfgrZktBkxgLRZ
                                          MD5:CC44F3065B8A2B57674F3D6758B21B79
                                          SHA1:368DDF6225EBE8EFCABF27167CDA7709964ADA26
                                          SHA-256:3B7568A4881442826EEDF891B032180625DD6EEF8874F9E2B5410ED0D4F0766A
                                          SHA-512:01CC71DA8B57907608DB90169EFC567E55DE53BD9AE2E2C10F79A27061F3F152479D335AD0C64459BD1367A7A4CCC25C438F205F4752946404F0C697E23564D7
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w......................y.......................4......5..........Q...-.......-...........0...................................Rich....................PE..L...B+.I...........!..... ...`"..............0................................=......W>.............................p.......p........`8...............=.H.....8.l....4...............................................0..\............................text............ .................. ..`.rdata../....0.......0..............@..@.data...X........ ..................@....data1...+...08..0...08.............@....rsrc........`8.. ...`8.............@..@.reloc........8.......8.............@..B........................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-GQA9I.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):281672
                                          Entropy (8bit):6.367033456218542
                                          Encrypted:false
                                          SSDEEP:6144:aZBo7hinm8DbKOKQZTfz5/o8flEeDCvT1EtS5G1COA9TEiZ+jY:aZK7QmijKYfaeDCxEw5ZZwY
                                          MD5:02EA2CEC0AEDC330EFDC73776A91BE3A
                                          SHA1:BD8F604245B15D4928B136F5133C6D6984AE31A1
                                          SHA-256:C1403A15EDA443C9246FF793F3CBEC51E9C6816817E282EF165DACFD44DFD844
                                          SHA-512:3CFC5BFE8733D726FD85428553828A3D057AD42CE914D497EFB6812A8B5643E61B6A981944BF77F3026384E269F9D1021BA65C85E20A0437FAD8CB4B7481B6B1
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;....ft..ft..ft.X...}ft....}ft.X...qft.X...wft.zj..~ft..i+.zft..i).rft..fu..ft.X...kft.X...~ft.X...~ft.X...~ft.Rich.ft.........................PE..L......J...........!.....0...................@...............................@..............................................@............"...........@..H........!...C...............................k..@............@...............................text....-.......0.................. ..`.rdata...p...@.......@..............@..@.data...\........ ..................@....rsrc....".......0..................@..@.reloc...).......0..................@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-GU80M.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):494664
                                          Entropy (8bit):6.328330282788555
                                          Encrypted:false
                                          SSDEEP:6144:27vzZd56PQAdPpE102p9V3jPtF5CuqcbdrzJV6P5YKnlkuMpQkd9lEsV1FwXKNl1:2T1d2QKPpE10O2upuUDWsdQK
                                          MD5:F62B8808CC408490EE77EF884801BAA5
                                          SHA1:026917A248E68231845A9B7E4AA8634DF15214E6
                                          SHA-256:0250479104646280FBBE50E496CE6C522C73343856A5EDB6F5DFD857E9A5F32C
                                          SHA-512:A1FFEF46009844244F95F0D2F6371451EF51BA7978FE572AABA4666D857E348844E77D9A9EE22FFFBC9A4FA40B97A54238676F2832D3292F0331727939B37299
                                          Malicious:false
                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........O..m!.m!.m!..._.m!.L.m!.\.m!.N*.m!..N..m!.m!.m!.Z.m!.]b~.m!.]b|.m!.m ."m!.S.m!.DN=.m!.O..m!.[.m!.].m!.Y.m!.Rich.m!.................PE..L....v.J...........!.................s..............................................)]...............................................p..h...............H........h..................................................................................text............................... ..`.rdata..A........ ..................@..@.data..............................@....data1..p....`.......P..............@....rsrc...h....p.......`..............@..@.reloc..Py..........................@..B........................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-I4FTA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):212040
                                          Entropy (8bit):6.209461452864349
                                          Encrypted:false
                                          SSDEEP:6144:FI+Bq9fSGpb51oEWaSDylGmCzgOAmRHya:FIvNBxlGmEb
                                          MD5:9EB0BC173925AF6F9DC90CCAF35E5740
                                          SHA1:075CE48C59C261026EA9DB60364377A32D8EB831
                                          SHA-256:9F2223D643C2E40CB37EE1407D2B342768883C8AFFF2581C95CAA4534B347533
                                          SHA-512:C1FE11995AFE00A9C88315D4F986DDE9891B3C6F02CAC9340F1189EF8FD58D83A97CB39EC441C47B546FE18633EA13AB4C7799635C399B0F6FCC329D1038ACAB
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........06..^e..^e..^e." e..^e. #e..^e. 3e..^e.._ez.^e. %e..^ek.Le..^e. 0e..^e. $e..^e. "e..^e. &e..^eRich..^e........................PE..L...80&J...........!..... ...................0...............................0......z...................................................8"...........0..H........!...4.......................V.......................0...............................text...e........ .................. ..`.rdata..Jh...0...p...0..............@..@.data............ ..................@....tls....i...........................@....rsrc...8".......0..................@..@.reloc..\,.......0..................@..B................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-II6K5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):166984
                                          Entropy (8bit):6.312796534413094
                                          Encrypted:false
                                          SSDEEP:3072:Ka96pwWsy4KDy2L18tpdW3E5KQYDdzOAjTAL6:J6uWsy40bLmtDWdzOAj1
                                          MD5:EAD25709A4FC066DC4275FB032AD87D8
                                          SHA1:EBC3398370E04F1E579B6A1C8BCE9E98720224C7
                                          SHA-256:E1F07A4962132E0DBED7F73538C516BF6DDB3AB2FF68C259688518BD17B720AD
                                          SHA-512:4867870D4EDD909A9B40C9F0F5151F27E4A6B6435393880A5A6FE35E8109ADC35EA975A7429DE4347FEF9E0F6F9B7AE467DD75C9A7CA5ED954D342A48DEBEBB3
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!.@..@..@....@......@..BO..@..BO..@..@..(@....@....@....@....@....@....@..Rich.@..........PE..L......H...........!................y...............................................o................................................0...(..............H....`..X.......................................@...............x............................text...}........................... ..`.rdata..`a.......p..................@..@.data... ........ ..................@....rsrc....(...0...0...0..............@..@.reloc..^....`... ...`..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-JNAVU.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):187464
                                          Entropy (8bit):6.289435799803551
                                          Encrypted:false
                                          SSDEEP:3072:ZREdoi8ZsCiC0YixRok9pAfrXDkob4rzT6gcKix8j5iOAb566qi9bBhzWT:HEdoi8ZsCMR/MDko0PHixAiOAb566qGq
                                          MD5:97AFD0DBE9E603CE131058889D90F970
                                          SHA1:74EDC86E2C690E59148FFEBE7303AF40AF3DDF93
                                          SHA-256:EF2951EF046AF18B829F5404A9437D99D258B4A37FE83A1F0809A4E801FB8FB0
                                          SHA-512:952A9E250E86689DE644C850C0B108CE6A14C89DB95D1FA708D0954C743F1B329AC91CAEC6D73DDBB478993045CA3B9F55F064CE35D5FD315B108B01EEB685F8
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+...J..J..J......J.<....J......J......J.hE...J.hE...J..J..J.qi..J.Qn..J......J......J......J......J.Rich.J.................PE..L....I...........!.........0......f..............................................................................@3.......%.......`...2..............H.......H....................................................................................text............................... ..`.rdata..............................@..@.data...T....@... ...@..............@....rsrc....2...`...@...`..............@..@.reloc...#.......0..................@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-K2JTS.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):64584
                                          Entropy (8bit):5.310602189963078
                                          Encrypted:false
                                          SSDEEP:1536:JMl7msnlppTtq2RnnoWbU+WOW4XeTW7nM/nV:JMl7mWvRnnoWY+WOW4Xb7nMt
                                          MD5:AC2ECFD26E330619A1FAD88CB0FE6C06
                                          SHA1:D86C7D155BD3C6972080B5E7EBD0888ADB7CA33B
                                          SHA-256:A6CD33AFE7F50ACD6ADBBFFA7FFE4E50DC063DCBA91044DFC9B4ED069CDAD8C4
                                          SHA-512:7A584AC6868F90782D27A7689EC40F41A1C9789CB96558B1B7C459003458D7F3ED424E016EC460E8F8EA750B6C4131E247C6F7968CCED4BB4002E8667F306A7C
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........RC~..C~..C~...q..@~...q..O~..C~.. ~..d...@~.....B~..d...F~..d...O~...]..B~..d...M~..d...B~..d...B~..d...B~..RichC~..........PE..L......I...........!.........`.......u..............................................................................@..........x.......................H.......l...`...................................@...............@............................text....q.......................... ..`.rdata...".......0..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-KJE0B.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):154696
                                          Entropy (8bit):6.234960449661035
                                          Encrypted:false
                                          SSDEEP:3072:Kj7NrwpOh3PahAF6I+TakXdAAG2iv+dbjBp3FOA2BYgEWkWcD:opwpOh3PaqFmTakWjGdHX3FOAqxDe
                                          MD5:F4E2A9E180C0B742BD38C244AF581AAE
                                          SHA1:F34D107FD2FD516E2EEA4024D76AD887B096F0F0
                                          SHA-256:AEFABF78D1B9FEB4680F37A097F03EB777C60F999387F6DCB2EB3A85B50265D2
                                          SHA-512:6CD424EA995F8603AFD2D00E810BB4F8FE1D23EE9F49C1DA3BE0009C784213E9845B84D6C4E95F2D067781FFE1EFB7DB6DE11CE0A89D00E4E280AD0A4C2B83B3
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*...n...n...n...I..l....}.o...I..a...I..i.......j.......c...n..........o...I..z...I..o...I..o...I..o...Richn...........................PE..L.....I...........!.....@..........$6.......P...............................P......[n......................................H........................P..H....0.........................................@............P...............................text....:.......@.................. ..`.rdata.......P.......P..............@..@.data...T........ ..................@....rsrc............0..................@..@.reloc.......0... ...0..............@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-KND0F.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):146504
                                          Entropy (8bit):6.261060199709105
                                          Encrypted:false
                                          SSDEEP:3072:5WUl3HW6oeYlpy9DJx4Tq9ZSQPsl9x05KOAHs6fm+3Er:13W6ojZTq2hvx05KOAHsUm7
                                          MD5:3B2D96CDDD12BF7895CFDA3E564016D6
                                          SHA1:2A117D947C71628B4B2228E5BF647966C4E2AB3B
                                          SHA-256:E69CB426D0F29363FEF5909B2D31C00E9D68E57337E151C65CB64FCAD7F3DA7A
                                          SHA-512:08F789CED0470A6B7E3AC5156325531B958295292712AD37592FBF32C778C48291ADBA0DEB73B79C09E08125EA6AB1DC5DF574E2DBC51A69DBBDE3DCC807F4D9
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*...n...n...n...I..l....}.o...I..a...I..i.......j.......c...n..........o...I..z...I..o...I..o...I..o...Richn...........................PE..L.....I...........!.....0...........#.......@...............................0......#-...................................... ............/...........0..H.......<.......................................@............@...............................text...Y'.......0.................. ..`.rdata..O~...@.......@..............@..@.data............ ..................@....rsrc..../.......0..................@..@.reloc..b........ ..................@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-KNH71.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):4049992
                                          Entropy (8bit):6.472855657669626
                                          Encrypted:false
                                          SSDEEP:98304:/dLcpa1/VZscVmrw2W5vCy4q7ZMvARbKrvyp0lkm4vSdP/w1/LeP:R/VZscVmrw2W5vCy4q7ZMvGbKry9qo1k
                                          MD5:6AE5AA61B57AA709CA6EFB739E31044F
                                          SHA1:2D2E007EFDCEACC4F0B4E249D40771652D30C947
                                          SHA-256:47818D78E3E785D075E61AEBF0C008B4B1F9CC8F309D54A6ADD6F0C2B1237753
                                          SHA-512:F9016C65C6FF6C553E8B5C96B4A41BED03CF42729E1C763900DCCEA5DD6333AC664C89BF90353FD0E6BB281967F111AA073A7C6E34BF5C36E1968524F188E250
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........sh.o.;.o.;.o.;.o.;do.;..c;.o.;..`;.o.;H`B;.o.;H`@;.o.;.o.;.o.;..p;.o.;..s;.o.;..g;.o.;..a;.o.;..e;.o.;Rich.o.;........PE..L...{..J...........!......3.........J.........4...............................`.......=..............................A;......6;.x.....^...............=.H.....^.......4...............................................4..............................text...|:3......@3................. ..`.text.unX....P3......P3............. ..`.rdata..:B....4..P....4.............@..@.data...`."..P;..p...P;.............@....eh_fram......^.......;.............@..@.debug_lr.... ^.......;.............@....debug_i.....0^.. ....;.............@....debug_aU....P^.......<.............@....debug_a.....`^.......<.............@....debug_f`....p^...... <.............@....debug_lD.....^......0<.............@....debug_p......^......@<.............@....debug_r`.....^......P<.

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-KUBBJ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):453704
                                          Entropy (8bit):6.4734952167918705
                                          Encrypted:false
                                          SSDEEP:6144:8LNh9Yd4IkwEl2ClpWww3BaYH99XErOlIxZTFYYBq:SNhWfnEY/pBJOBq
                                          MD5:190C02792EC65AB89FC428B863FE7A63
                                          SHA1:D1C5FD465EA31126DCC6F78EA35E1724B6D88A2D
                                          SHA-256:72D6EE57D66A46F8F31D06C41F60CF999E15CFDD652CD8BE169CE65C3EC0F265
                                          SHA-512:84F3EDAF418CE267C9E54809A92F22D469FA4114BE4CCF196122962E4AC64F896012C27D2FA6F0E7579B033DEF17D26F946913A87CABB8942B1C26774C6D3AFE
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.yKq...q...q...V$l.s....&i.p...V$z.|...V$j.w.....H.u.....J.`...q..."...V$y.`...V$m.p...V$k.p...V$o.p...Richq...........PE..L......J...........!.....P...................`.......................................F...............................................`..x:..............H.......8A...e..............................P...@............`..8............................text....M.......P.................. ..`.rdata..\....`.......`..............@..@.data...(%...0... ...0..............@....rsrc...x:...`...@...P..............@..@.reloc...J.......P..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-L6CEK.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):166984
                                          Entropy (8bit):6.091341176673403
                                          Encrypted:false
                                          SSDEEP:3072:9VCaRE1IMtFNpOAMDt0/LHanchjZH8Ol7Pqc1a:GkEpfNINDt0pjx8Ol7Pu
                                          MD5:65B8EDC2D0718BE536EF0D1FE0BBE2C8
                                          SHA1:A8B3808316E148C546C7A036706C2B9A96556BA5
                                          SHA-256:71FEEE98BEFF9E52264DA0161B719835692EA4E9AE3E45258FAF412B731805F1
                                          SHA-512:5916730762762D5D3F0CBA1F74F47F193BC9DCF4F4A858A7BF925ACB9EED09DEA13023B454E1F2D3F4156C47C10C23F18CB8B94F1DC58D3F4E127E2305F80222
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P.M.>UM.>UM.>Uj*EUO.>U.(@UO.>Uj*SU@.>Uj*CUK.>U..aUN.>U..cUB.>UM.?U..>Uj*PUB.>Uj*DUL.>Uj*BUL.>Uj*FUL.>URichM.>U........PE..L...F .J...........!................................................................................................ ................ ..`*..............H....P...................................... ...@...............l............................text............................... ..`.rdata...[.......`..................@..@.data...8........ ..................@....rsrc...`*... ...0... ..............@..@.reloc..4%...P...0...P..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-L6RUJ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):105544
                                          Entropy (8bit):5.750165861484716
                                          Encrypted:false
                                          SSDEEP:1536:0aoSdXbBAk10HEJo5bRaX1lLfa/V/Av1ondglDMOA20WkxRZPJHarFUnD:0apBtJKZ41lL8dAv1msYOA207n5+e
                                          MD5:71FF68B63D023D42F3079EA7C6351D16
                                          SHA1:C9973A44C03740D5A2C77EC0890EF70320E5BC2C
                                          SHA-256:5618FBA3AE6CDB0481BC3C3563D51721A9F764642DD7A6581CA1A593C5D25B46
                                          SHA-512:9D2F6384EA11365F48B19407804142ACC03CA4B0C0C90EF0167EF6B316404550E1F31F05A4B94FA405900CBB6D323A92A6A8373958EA02A7DC64C982A18EE476
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3U..R;..R;..R;..@..R;.C.E..R;..V..R;..F..R;..]d..R;..]f..R;.+r?..R;..R:..R;..U..R;..A..R;..G..R;..C..R;.Rich.R;.................PE..L......H...........!................................................................kx..............................P................@...)..............H....p..8.......................................@............................................text...-........................... ..`.rdata...0.......@..................@..@.data...p....0.......0..............@....rsrc....)...@...0...@..............@..@.reloc.......p... ...p..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-LCN1U.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):707656
                                          Entropy (8bit):6.514044645849675
                                          Encrypted:false
                                          SSDEEP:12288:cKtDhbUCqEB2xa/QZWn9cmr/qN+MaNYbb:cKXbUCqL5aNYbb
                                          MD5:70495F3D11FD98A7C221A4A5D7C9DE8E
                                          SHA1:8183F6A17216EC04E7E5D1281691F89B8E25478F
                                          SHA-256:FB135A118DBC16FBFB483B9E35C450041F25538D5D622B14E01C297E9358FF95
                                          SHA-512:D516ED458BEF2F3C4DEAE292A55ED8270DAF73126C72198A0BAE9FB50212A9D1E36EAE30BE75F02BFBD30C26936343A020936F45A0B4391B8C876A0F9ECA7D06
                                          Malicious:false
                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......<...xl..xl..xl.._..zl....yl.._..ul.._..~l...c.{l..'N..{l..>O..}l..xl..jl...c.wl..xl..Zm.._...ml.._..yl.._..yl.._..yl..Richxl..........................PE..L....}.H...........!..... ..........R........0..............................................................................h...........PN..............H....`...`...4...............................................0..`............................text............ .................. ..`.rdata.......0.......0..............@..@.data....#....... ..................@....data1..............................@....rsrc...PN.......P..................@..@.reloc...h...`...p...P..............@..B................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-MTU6M.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):3091528
                                          Entropy (8bit):7.100912973456155
                                          Encrypted:false
                                          SSDEEP:49152:M36lQEAePOtmyEC9FLKJuDBJJ1rGSK+SKgTrv:9lQqC9FLIuVJJ63v
                                          MD5:6E59C9152D69C6239CDA98B047A102D3
                                          SHA1:4E06BA57F6974D8CCFC2845AEE1B2B5985BBE6FE
                                          SHA-256:575501847079DEAE9D858B3C6F4236ECC350848853B6CCC49E804E2CA327BA5E
                                          SHA-512:8E0DA377986070FF1B51B439980F4FE15CC6D10F3185529FDC0FC0E91D1349A6E943E5A4F3BB021770E86706112320D18C75A3AF150E6054BA4100229A77B353
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p..w4x`$4x`$4x`$...$6x`$...$5x`$...$8x`$...$2x`$kZk$~x`$r[J$'|`$4x`$]|`$.w?$7x`$.w=$%x`$4xa$.x`$...$'x`$...$5x`$...$5x`$...$5x`$Rich4x`$................PE..L...AN.I...........!................B........ ...............................0/......./.............................Ps.......a........-..;........... /.H.....-..=...$............................................... ..D............................text............................... ..`.rdata...T... ...`... ..............@..@.data...............................@....data1...,...`-..0...P-.............@....rsrc....;....-..@....-.............@..@.reloc...T....-..`....-.............@..B........................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-N08K0.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):179272
                                          Entropy (8bit):6.179607231382282
                                          Encrypted:false
                                          SSDEEP:3072:1m1IpKpIqwWH1vpkFbPu5mqTOlPwnpZoY:+IpEOPOm0OlPysY
                                          MD5:7392ABFBD080C88BA57D2BDF885BAEB1
                                          SHA1:4A7A66C85AAA96CE34869A936635201999B7E699
                                          SHA-256:2CF7FD34D2FFFACFD5E1FB611C6976A4B3AC7756153FB1551AB37653C56CF72F
                                          SHA-512:1FFDFFC650152E20065086AC4CA82BCCF24B13D1D7D001B0AA70B8C67FD2E34301AB2A2B4C0464F9F7ACFB5546538CC5F213BCEB0497C3BB13D82D9A4BFABF19
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%..SDtASDtASDtAt..AQDtA..ARDtAt..A^DtAt..AUDtA.K+AWDtA.K)A^DtASDuA.DtAt..A@DtAt..ARDtAt..ARDtAt..ARDtARichSDtA........................PE..L...p..I...........!................:................................................................................7.......*.......p..t...............H.......D!......................................@............................................text............................... ..`.rdata..Ah.......p..................@..@.data....#...@... ...@..............@....rsrc...t....p... ...`..............@..@.reloc...(.......0..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-NAP1A.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):56392
                                          Entropy (8bit):5.272318628723546
                                          Encrypted:false
                                          SSDEEP:768:KAb9ezKJatv7Q+ShWLdUVgpXLMn6NGoeSJ96OXJRuv81Djo1LbP:z9Pc7Qh4IgpXLyRST6Onuv81Y1nP
                                          MD5:68333F39D88F2ADA09B91A36F30C3016
                                          SHA1:E30855EE2E149A4C53660A8489F69A4D5F1BA658
                                          SHA-256:685846B921E0A5DE253DF7CB3605C06F34740E0217FD1B819B7B88B74C6628C6
                                          SHA-512:04D4E8560E743B41AA2232F7566A197ED92C76686AEAAD36D73C942E8CF58FE0F3DAD46AC7560358C32ABECC67B6D3BA89F93462C7E212E6B8501E8734447974
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... x..d..d..d.....g..C..f.....e..C..b..C..b.....i..d..:..:..e..=..m..C..g..C..e..C..e..C..e..Richd..........PE..L...e8vH...........!.....`...`...............p......................................J>.........................................x.......................H............................................................p.. ............................text....].......`.................. ..`.rdata..^....p... ...p..............@..@.data...............................@....CRT................................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-O5HLB.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):224328
                                          Entropy (8bit):6.272249986580459
                                          Encrypted:false
                                          SSDEEP:6144:MKXg54pP4SV3X21v7clj4BDQFaTBqwv2IOgKBiE:MZMn21vjTswvlE
                                          MD5:0056D495E71B6BEC4E5A4B9C1E2734FF
                                          SHA1:9C90FB6C82C225AF7996A1BD0723153F2A4E010D
                                          SHA-256:A6F8DBE393CCED84EE4F33FB804060B82B6F33327866A0355ECA601403FEE034
                                          SHA-512:08B1FF1E89914B7577F0E96B046DC13A23F250B2C2767610D86C3AE751E11D8AC6437A20DB04B19B80747E56CDEBCCF0EE210A8ECA4748DEFC22118A2EB576B5
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............|...|...|...n...|.q7....|..5....|..5....|..5....|..5....|...}._.|..5....|..5....|..5....|..5....|.Rich..|.........................PE..L...B7.J...........!.........................................................`..........................................................!...........`..H.... ...+...................................................................................text...]........................... ..`.rdata..............................@..@.data....<.......@..................@....rsrc....!.......0..................@..@.reloc...7... ...@... ..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-OPB46.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):253000
                                          Entropy (8bit):6.2157219521929274
                                          Encrypted:false
                                          SSDEEP:3072:faCQE61HhaCCNamFSdzsnLcjMt34xsedH1zKmQ2bi9IOpU6cfirHN4jOW95riMfz:PQD1HhadowLyMt34V6Pt4jOW9djHr
                                          MD5:418225F03D5CAD883CE33561E5B06E5D
                                          SHA1:8AC89225C6FD3013A9AC3C13847951E77CFC63EC
                                          SHA-256:CC64724966DB911052F9EF1F7E47BEB7ABD4FB47D7CD85A936E2A2ACE3284E10
                                          SHA-512:C6295EF3B3CA39884FBAA8FD671D59EB600B4EC7CF1372EE703706224FDA1E67A09417DA2DC990C821BD4620938C15DE0A009C4D3EDD4568384205E554FB5AB6
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+...J...J...J.....J..C....J.....J.....J...E...J...E...J...J..}J.....J.....J.....J.....J..Rich.J..................PE..L....36J...........!.........@.......c..............................................................................p................P...4..............H........(.................................P...@............................................text....v.......................... ..`.rdata..+...........................@..@.data....,... ...0... ..............@....rsrc....4...P...@...P..............@..@.reloc...1.......@..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-P04C1.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):166984
                                          Entropy (8bit):6.280330666006635
                                          Encrypted:false
                                          SSDEEP:3072:pmlPudPL10xZ0RESl4U7mIMmniVxNFJA6RLkYpu8TlyOAMruKi:kPqPa2997HNnoA6GkyOAMrLi
                                          MD5:1931207A61912C0A4B3385B505AC000C
                                          SHA1:5F5C53E1093AB4C0A56E25A9262DC58206DECA45
                                          SHA-256:F2D93145F2E1F5F31172B8BBE2C9713551E09D27B572B751870A57D9EF67B421
                                          SHA-512:5CC58FE3F1E7733FAD324707946AB85BA8381A64686DFD447DE2404D37A717877864CA0C7F96D855836AA5383691639721CBBF1DC4D991E9B19FDF37BD8E4B0B
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8 _ |A1s|A1s|A1s[.Js~A1s.Os}A1s[.\srA1s[.LszA1s.NnsxA1s.NlssA1s|A0s.A1s[._slA1s[.Ks}A1s[.Ms}A1s[.Is}A1sRich|A1s........................PE..L...S.)J...........!................X................................................X...............................)...............@..................H....`..4...................................x...@...............t............................text.............................. ..`.rdata...Y.......`..................@..@.data........0.......0..............@....rsrc........@... ...@..............@..@.reloc..P....`... ...`..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-P212G.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):392264
                                          Entropy (8bit):6.543052444054984
                                          Encrypted:false
                                          SSDEEP:6144:8YmabIyWvKRv/hIoJJJJV0asW7elSNNCcUBJzMJu5LBTB+NyjLcodNUKsM4OAAR4:8YNbITiB/qoJJJJV00zODBGcMoTUKD4
                                          MD5:BBCA1989993B2CE63867FDDE905ED870
                                          SHA1:FBD00CA96DEB7E7F2EE5B210A2CE0068AC2FFFD1
                                          SHA-256:36FA78DAEC4B89308880F8BF25E4E6168C9C06BC9BC49F28DD13A9F4CF48C669
                                          SHA-512:98D40163EFE630BE1CD868C953647B6770AADF268D376EECF96E2645F80F0091CF77ACAA29FA45A0C6DE5A8E6017AFA29DD15782295497392581BB34530395CB
                                          Malicious:false
                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......QX...9...9...9..2....9......9..2....9..2....9.......9.......9...9...9..2....9...6...9...6...9...9...9..2...49..2....9..2....9..2....9..Rich.9..................PE..L......J...........!......... ......H..............................................."=..............................PO......`?..........."..............H........(......................................................h............................text.............................. ..`.rdata..............................@..@.data...\....`... ...`..............@....rsrc....".......0..................@..@.reloc..h4.......@..................@..B........................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-POBOT.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):199752
                                          Entropy (8bit):6.259121428208719
                                          Encrypted:false
                                          SSDEEP:3072:wUswumEk7zVgJSgeEW+i9COum7iFStF1lt4vU2f8p3:o/eEW+1q7QYQvz85
                                          MD5:01FDE3A477F79E869730E37C3042532B
                                          SHA1:DDC397EADDDE00D65CD03248ECFF038163AC8E71
                                          SHA-256:436FDFA728C307E673D9173204397CF9D6A4EB94C927B3B0B844A73119825DC0
                                          SHA-512:24CE5BD30B3C5A3FFAF5AF6E455DDEE38D3DBDF1B704842521E7876934194F3C61D786B49D2F1A36FA5D74F602B5A8DE376E68B51A30275B9987196ED3F68C4B
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d...7...7...7.`.7...7.`.7.7E..7...7E..7...7...7'..7.`.7...7.`.7...7.`.7...7.`.7...7Rich...7........PE..L...S.XI...........!......................................................... .......................................g.......[..........T!..............H............................................0..@...............@............................text...A........................... ..`.rdata...g.......p..................@..@.data....@...p...0...p..............@....rsrc...T!.......0..................@..@.reloc...........0..................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-PSSIF.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):171080
                                          Entropy (8bit):6.1971195517679085
                                          Encrypted:false
                                          SSDEEP:3072:ozuzZab9Tvl1oHZON84oTSyuX2OkUPc5u/yhY/mKLs9lv5EmI3zSp4OAKFjD01:7zYb9Tvzk5KmAy4OAKA
                                          MD5:76F4703D47E149C896FF9D51670E60CB
                                          SHA1:F0574334FA2A351238437C3977FF7EA42549A73D
                                          SHA-256:EECDEE565862C831438E6AE3CC8C7CE83BDFC0E6A30D162239ACAB8071610D0A
                                          SHA-512:DCB398BDBDCF85930767F121B1C698818664DFD5C09E2D8E0160B0CB45A0B552B95AE24DE7A7AA7133978306C8D8EAFC746265AD2292C7BD834DB6C71579E50C
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O..................5.................a!.....a!....................................Rich....................PE..L....I...........!................................................................9................................&...............P..................H....p......................................@...@...............x............................text...m........................... ..`.rdata...F.......P..................@..@.data........0... ...0..............@....rsrc........P... ...P..............@..@.reloc.......p... ...p..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-Q4MGD.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):465992
                                          Entropy (8bit):6.449820094871334
                                          Encrypted:false
                                          SSDEEP:6144:GAT6TnnaxrBPbi0VrXRWOMomRemMm08doZGNyYthQVZlm/lU2jObOlxT/nBssxXV:GmVFVT0pGm08dYtYvQVLCS36Xvca
                                          MD5:7F2EA227385E13064E91526E4CC6F79D
                                          SHA1:FBD0ED707CD2A8915CF50B60B0991FF26333C0D0
                                          SHA-256:ECD18CE42A88AE669AC91B59D722C70A3D5BF3631346CCBE17E79DE6738936A0
                                          SHA-512:F3207047ABE3A7F7410095713347BC0292A007DEE1B4CC421FB01A12C332CE4CC187275767C6253D5BCEFB819FE57C6D0AB410695B0046CDFD9A33F8B9622F84
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Z.~.Z.~.Z.~..l..[.~.}n..W.~.}n..R.~.}n..^.~..!.^.~..#.I.~.Z...T.~.}n..C.~.}n..[.~.}n..[.~.}n..[.~.RichZ.~.................PE..L.....5J...........!..... ...................0............................... ......o................................3..................."..............H.......hU..06...............................{..@............0..(............................text...,........ .................. ..`.rdata.......0.......0..............@..@.data....5...@...0...@..............@....rsrc....".......0...p..............@..@.reloc...g.......p..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-QGLJL.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):146504
                                          Entropy (8bit):5.919250141608352
                                          Encrypted:false
                                          SSDEEP:3072:O2FTXgbD8ix0RNYsSULkiHUwSHggB0bN9H/naOgV+g9T9Ia:5NXg0m0RN+UD4ggB05VnaOgVAa
                                          MD5:8ABA5CD4A856D40F198458B5DF46098C
                                          SHA1:78EE13811A0433E162A3B2F1211537B36ECAFDFF
                                          SHA-256:8AD88BD82DE0CDF003C95B0DD04C5839603C198161E80562460898ABF7A84312
                                          SHA-512:7EE0D091218F8886C008A9314B1760CD86CE23AD410135DE5C44C5C7AD50EBB7EC8CC67AC5201607CF22128824D97330578F851EFDFFF06A4CFA827F2CC6CC2E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T}....w...w...w.7.....w.......w.7.....w...(...w.......w...*...w...v...w.7.....w.7.....w.7.....w.7.....w.7.....w.Rich..w.........................PE..L......I...........!.....p...........e.......................................@......g;..............................P...................p#...........0..H.... ......................................p...@............................................text....b.......p.................. ..`.rdata...A.......P..................@..@.data...............................@....rsrc...p#.......0..................@..@.reloc....... ... ..................@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-QJ9CT.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):150600
                                          Entropy (8bit):6.227312732629775
                                          Encrypted:false
                                          SSDEEP:3072:YHVeDEVhCmzvaIcx7ZOUbN+w7Olwp0ggOMk+:KeDEbf7azIs+w7Olwp0Pk+
                                          MD5:78EB1E3BB574545ED50BDC14973203CD
                                          SHA1:1F9437B6936464388DAA85C692AE3D186F335DAC
                                          SHA-256:1956825C5CEE486429DC238DACE30568123DA96885396BDA3DA26AB449E3C8F1
                                          SHA-512:BD370CBDD588375B484CB951654AD4F575EA6FF11BC0BF0E9CC6170F085AA208A54BDDAE3039522961DBEAC18622FCD2EBCB902D9978414137E712B472311110
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................#......!.....#.....#.....I........B...I.....#.....#.....#.....#.....Rich............PE..L.....KG...........!.................t.......................................@......'\..............................`....................+...........@..H.... ..D.......................................@............................................text...\{.......................... ..`.rdata...E.......P..................@..@.data...d...........................@....rsrc....+.......0..................@..@.reloc..n.... ... ... ..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-QSDE9.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):527432
                                          Entropy (8bit):6.393879254568806
                                          Encrypted:false
                                          SSDEEP:6144:BBwpnFULRFBjgXOrAvZSvKTzBgXOrAvZSvKTz9ghCnNrk04IwOAWsmDDQ:ApnKBESKiSK6hQNDQ
                                          MD5:6061FFCEDDEFD236EE295B8741361DAA
                                          SHA1:98225CC6BA664C020AEB186004C82055509B0467
                                          SHA-256:69EC91C72E11CAE8B2015D9E34D349A879CEF043A2F0CB637FD55ECCB1F85E18
                                          SHA-512:ED074DD6A03E1A28BDF4ED08FE3B8B1048FD2D3B2AB48F2AB44A395C05B3BDB33DAF028E9FD23DAF23846D9AD5AB524ADC6B3CBB52811CA24C272C9E41005238
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{...................................................................9.......8..................................Rich............................PE..L...H..H...........!.........`.......................................................h......................................@........P...\..............H........9......................................................<............................text............................... ..`.rdata...I.......P..................@..@.data...@G.......P..................@....data1.......@.......@..............@....rsrc....\...P...`...P..............@..@.reloc...A.......P..................@..B........................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-R11BQ.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):113736
                                          Entropy (8bit):5.9191260507701315
                                          Encrypted:false
                                          SSDEEP:1536:mzsuP3k0395g191mBe4H81TKKPg0Oq61BwvXRIhClOVOA+PiqolSRQuQ87ny:mzs8zI1k38AKPg0OiFQOADJ4lQ8+
                                          MD5:3D4EDE15BBA5C3220F5F5A1EC9B70668
                                          SHA1:A8B46738BAA587EBBF57FED171EEB678073969DF
                                          SHA-256:D0ED6FF0EE0373C1EF8C0982DFDC387718E67D1FC985C2CC7E2777F6096B4411
                                          SHA-512:2C1BC456713E5DCD3E9EDF8E279CFD64A6803BD08CA1ED72E65F5E5D4BD57EAA64F5D58A3E88AFA7655EBCF3CA28C7F45B9C35189A5491AC85DD36FB400EA649
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L............/.........../...../........................./...../...../...../.....Rich...................PE..L.../..I...........!................................................................p...............................PC......(7.......p...!..............H...............................................@...............T............................text...]........................... ..`.rdata...D.......P..................@..@.data........P.......P..............@....rsrc....!...p...0...`..............@..@.reloc..4........ ..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-RDO2T.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):396360
                                          Entropy (8bit):6.499366809217953
                                          Encrypted:false
                                          SSDEEP:6144:Kt5zj5nZd1h2BlLvBYVwlw9i4b9LiSQnapOffZVsjCrlow:y5zpHv2BRxfnaYffvrlow
                                          MD5:0A89778E6F28B7B511C6BC762FE01B3C
                                          SHA1:EEE402B3D507626F3094A997D63C49AA69BE63DB
                                          SHA-256:721CBF2F5644ECBE7956A9B82431DF71DADA3751989525462A1A715B672918E9
                                          SHA-512:2EA64476AFB4F03497FA959516528B22AC496CC4D4CBE25A6C43697FFC58459C7109763ACBB1694F84FB66BE610C2DC15AF5BF46FEBC9EF23E4C2AC8EACFD5B1
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I..j(.j(.j(...k(.M.|(.M..(.M.h(..'..i(..'..g(.j(..(.M. (.M.k(.M.k(.M.k(.Richj(.........................PE..L...}./J...........!.........p......;Y....................................... ....... ...............................E......h9..........................H.......L9.................................0...@...............|............................text...`t.......................... ..`.rdata..a...........................@..@.data...`V...P...@...P..............@....rsrc............ ..................@..@.reloc...N.......P..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-RU961.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):535624
                                          Entropy (8bit):6.830773144149034
                                          Encrypted:false
                                          SSDEEP:12288:uk3iDkakBVCw/cdChAJQrQtaAVZDf79OyN2p2lz:ukwkNVV/cdCPrINfh7N2p2x
                                          MD5:CD15B7EC1280F41D5A4134E58DE80A49
                                          SHA1:6C9AFA35464607A8F27794F4B55357E3B1FAF7B7
                                          SHA-256:3C14CC0317D757107D084A23B5A11B96ECEC867FFE9FCAA045D2DB0CB756787F
                                          SHA-512:440F170FE46D3FBEE0536CBADA17ABE34E24422090EF9380774C2ACCA3F024FDBB67F7D3DA52D1BE1E80A74704F039B8040099AF4F57D710ED947B80EB8B7A8C
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........YQe..Qe..Qe..v...Se.....Ze..v...Xe...j..Re...j..^e..Qe...e..v...pe..v...ne..v...Pe..v...Pe..v...Pe..RichQe..................PE..L...ao.I...........!.........0......R........................................P.....................................0....................!........... ..H.......T/..P...............................@...@............... ............................text...}........................... ..`.rdata...-.......0..................@..@.data...l.... ....... ..............@....rsrc....!.......0..................@..@.reloc...6.......@..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-S087P.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):396360
                                          Entropy (8bit):6.394605775877511
                                          Encrypted:false
                                          SSDEEP:6144:XjxW6gxZVJAu5RR5Cr1bpsdoSGMWibwZOlNG+XIYbiC:zk6CR5uVs9GZibgMHbiC
                                          MD5:7996B091C22205888CB8A96619A83DDC
                                          SHA1:1D1DD341E1DCC129E27B0A6614EA651E4F98AC3D
                                          SHA-256:1519F60117756E8930748BAAEE3BDBC3383438F76BA627D774B9A21E94930992
                                          SHA-512:3B0B379BBDFDB6C54880DD9042902FA9748553EB7C29C7580E0C33D8FEE30AE0CCDF0BBA19DCDCE12B23FF9844ACFE539923A71E8E4C7A540688A9A9A1129B4E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*.".n.L.n.L.n.L.Ig7.l.L..e2.o.L.Ig!.c.L.Ig1.h.L.....j.L.....a.L.n.M..L.Ig".~.L.Ig6.o.L.Ig0.o.L.Ig4.o.L.Richn.L.........PE..L...d.:J...........!................................................................0.......................................l........p...7..............H....... H..@..................................@............................................text............................... ..`.rdata........... ..................@..@.data...HC... ...@... ..............@....rsrc....7...p...@...`..............@..@.reloc..vT.......`..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-S0TK2.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):142408
                                          Entropy (8bit):6.009851515916863
                                          Encrypted:false
                                          SSDEEP:1536:6HVLUt5DdeR8cCG+xNJxK+UsNpUNHbjqtw/fzupZ/lF9SgxH7cwMk9EhXpOAi7fy:6HVotqkzJTPky+zupbF9qRpOAirz2
                                          MD5:3D0FFDC025FFE8BF21CBC7650999D62A
                                          SHA1:F2AD5E56A62C4A33E113DFCCDA4983E24DBA7D7C
                                          SHA-256:9EF94218BBEFDE4B7877290AEAE330AB00A4C23C634695082D6E698878F265C3
                                          SHA-512:B54544EFC235B89A73249EC38B76CBD5EC1BBED67085F1E755F49E4E51EB819B49763C6AA3E851E45D029BFD583957BC4A37851AAC5EBC74885E34825CD884E2
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........c...c...c......c..r....c......c......c..&l...c..&l...c..&l...c...c...c......c......c......c......c..Rich.c..........................PE..L.... .I...........!.....P...........D.......`............................... .........................................................t............ ..H............c...............................r..@............`...............................text....E.......P.................. ..`.rdata..LP...`...`...`..............@..@.data............ ..................@....rsrc...t........ ..................@..@.reloc..L........ ..................@..B........................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-S28OD.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):371784
                                          Entropy (8bit):6.21143291043149
                                          Encrypted:false
                                          SSDEEP:6144:1s4BDFA12aZ3tk8wBYZwh8fFvy0k5hOAh+ggXiM5Pc:Kk/aNtkZmwh8tcZ
                                          MD5:46EBB6FD77F6EE8CA2B7C46C054713A7
                                          SHA1:C78459E2B702A4A8F0C09FDA66D238462D3B14FA
                                          SHA-256:AE8C0358F992C68341EA40C3D061CD58E491ECD12E53F3C693045DF695792A41
                                          SHA-512:9AAAB532AC7B9B1F6ACE658CAED5F084A253F9A255C88D2381CDCF1E8C80B44706B20EDFA01CDE92E8DE2908BD0D5DF68D427B7F706EDDB95187B8E1C8B90F73
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........z...z...z..w....z......z......z......z...z...z......z......z......z......z..Rich.z..........PE..L......I...........!.....`...0.......M.......p.......................................4.............................. Z.......G..........xp..............H....@...I...s..................................@............p...............................text...._.......`.................. ..`.rdata.......p.......p..............@..@.data....W...`...`...`..............@....rsrc...xp..........................@..@.reloc...V...@...`...@..............@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-SFCF3.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):285768
                                          Entropy (8bit):6.103596703374899
                                          Encrypted:false
                                          SSDEEP:3072:5J0MbIBOxp+nohHuA48xIAhYsQ0rSAFTEjFiAkPOlGAeS4tQ:wMAAthOA48oCrX4iJPOlGbm
                                          MD5:BAFE6D98F50AA6DC069D0C56CC8E0DED
                                          SHA1:C72B9C58CC80386772069A3061501643D284DC1C
                                          SHA-256:D3F1A46AAC18BF1805AC9FF998CEF2E6A0322E128D730A95529527E5944756AB
                                          SHA-512:D6888F9F0D453F0AD6457C6EACD4EA482C62456DDC54683FDB333737D8B5E35995DD3DF9FCDE573A9E72E16A53A0AD370651BC91FA271CC4BAEE68917D9F7A11
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\......D...D...D?x.D...D.z.D...D?x.D...D?x.D...D..D...D..D...D...D...D?x.D...D?x.D...D?x.D...D?x.D...DRich...D........................PE..L.....9I...........!.................m.......................................P.......4...............................:......./..........lt...........P..H....... /..p...............................@...@...............D............................text....u.......................... ..`.rdata..z...........................@..@.data....G...@...P...@..............@....rsrc...lt..........................@..@.reloc...7.......@..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-SHKDG.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):175176
                                          Entropy (8bit):6.001854321388378
                                          Encrypted:false
                                          SSDEEP:3072:j4EC8V1w9KYh6LzQuOmAkWvZ1ctR6JzDWwZWNOWgg//y:HPaK06QB5BBZWNOWggXy
                                          MD5:143E04735F435B7D8160D5229E8F9C5A
                                          SHA1:5C6088831D7ED5E1F57BCC22253B038CF8A89CCB
                                          SHA-256:3C081E39BE1F59EB8E17D40B3E743862E2DD506AA3C19A0C54091ABF976BEBC7
                                          SHA-512:0D8D20912D8EC4B3E0761696C789926BD393FB90AA2F904E5B54A7C58D6193550F402CCF58815E952D811CBE8289993BEA0BD16EBC3C947AF1235B3F58E9F726
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d.P..MP..MP..MwLqMT..M.NtMR..MwLgM]..MwLwMV..M..UMT..M..WM]..MP..M..MwLdMK..MwLpMQ..MwLvMQ..MwLrMQ..MRichP..M........................PE..L....4.J...........!................................................................................................................@...!..............H....p..L..................................x...@............................................text...M........................... ..`.rdata..j`.......p..................@..@.data...P.... ... ... ..............@....rsrc....!...@...0...@..............@..@.reloc..:$...p...0...p..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-SME7N.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):474184
                                          Entropy (8bit):6.299420404033466
                                          Encrypted:false
                                          SSDEEP:6144:ANrGMKgonJ4TOKrH02WHd1Jwm9ArxNyX0OfwTywcqYDa:kZKbJkOd2a5D0O3Da
                                          MD5:BAA0CC8CB921FA5B40FEC8DF6609AABF
                                          SHA1:3465801EBFC46077DE4629D55D3104C5D2A6EDCD
                                          SHA-256:3C75613B3E46ACBBE3FC5D0727B7A17E242AEC6989361B69B10F2E8232BBB1C0
                                          SHA-512:AC0F041DF7724887E046F875B67E6FB0BCE441F6E219E3898D99592041AE42C11D06D896C91806770724426EF99E86810C3A9F57542F002042953BD4A9F09F83
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X......\...\...\;P.\...\;P.\e..\..\...\..\...\...\...\;P.\t..\;P.\...\;P.\...\;P.\...\Rich...\................PE..L...3..J...........!.........P...............................................P.......................................................`..<p...........0..H.......pK...................................W..@...............D............................text...q........................... ..`.rdata..............................@..@.data............p..................@....rsrc...<p...`.......@..............@..@.reloc...c.......p..................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-SN4VG.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):80968
                                          Entropy (8bit):5.805056547315456
                                          Encrypted:false
                                          SSDEEP:1536:SSU/SHVVVA8XEig+e8yN/8yclbmOlb0zlVn3:SSIMdAEjyN/PA6Olb0z
                                          MD5:7E85DDC4628A1024FD895D0AD1BA0B05
                                          SHA1:FFF4CCD0B376F7C8E2AD010A88D6507F432CA06E
                                          SHA-256:F88F78897DD1F04DFD074387675B007D21BDF28E76FB0AEFD4645140F506681F
                                          SHA-512:8A7D31299A9D02BE736203B25BD790AE6316E30F1CB10C74CAA531A2D748939291B9933F22A4E6B8760A9F87ED56E57E6EB2E2222D6D5BEA9ABA777F617421AC
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1...1...1....2..3...0..0....2..=....2..5.......3.......<...1.........0....2..?....2..0....2..0....2..0...Rich1...........PE..L......I...........!................{........................................0..............................................X........................0..H...........@...................................@............................................text............................... ..`.rdata...........0..................@..@.data...<...........................@....rsrc............ ..................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-TFOMD.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):89160
                                          Entropy (8bit):5.8731158387881
                                          Encrypted:false
                                          SSDEEP:1536:lcSlol2ypXVtKSuDBJAwWZKBUtmhyZnIQ4uvi7SftOlFkye7nn:lcSlol2ypFthuT9ynIQ4uaWFOlFkDb
                                          MD5:CF86F72F8171214DBACAE12E557AF8D5
                                          SHA1:83DFC457ABDDE2D56C543A517A5715AF7A4C792C
                                          SHA-256:EC34C173B235FAB71EBDC96C33E70641CC072D943D967C39743FD252F45C5170
                                          SHA-512:48D7155519374D6EC9BA57521F86B21B804482D990FB79B7A62DDB0C3832472F3111D5D4003BE34711B607945A058AA88955FE810F2BF379F991B637F0CE10FD
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M................................................................................Rich...................PE..L..."..E...........!.........................................................`.......+............................................... ..L............P..H....@..P...0...................................@............................................text.............................. ..`.rdata...........0..................@..@.data...D...........................@....rsrc...L.... ... ..................@..@.reloc.......@... ...0..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-TVTI6.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):220232
                                          Entropy (8bit):6.233005829179236
                                          Encrypted:false
                                          SSDEEP:3072:KZNigTHjzfynjRQy0erNJaZReTXb9sGi+X4Pj+kRTkDRbiUOALZRNGNt:GigjfKJUeTXCGi+X4P3cbiUOALZzw
                                          MD5:347A700910EAAD8300401B642245E8A9
                                          SHA1:5C6CD7DEE658BD2FD8620D03A0B1B5DAF52250E1
                                          SHA-256:F74B965E1D80638EB7FC15DC61AB37941CEB32A19BD1DE8B0966489022A46EFD
                                          SHA-512:4389FD87AE2C87932D9173A2E16D10788E650DF21F6A45795B5C47FFF6430A399160C38370A2BFE0755E1E3E187FA9C286E0A321A5970050E5A766A02921D8BD
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5..;q.`hq.`hq.`hVp.hs.`h.r.hp.`hVp.h..`hVp.hy.`h..?hw.`h..=h|.`hq.ah.`hVp.hb.`hVp.hp.`hVp.hp.`hVp.hp.`hRichq.`h........................PE..L..../.J...........!.....P...........=.......`...............................P......lX.................................................."...........P..H.... .......c..................................@............`...............................text...|L.......P.................. ..`.rdata..:k...`...p...`..............@..@.data............ ..................@....rsrc....".......0..................@..@.reloc..&'... ...0... ..............@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-U4579.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):117832
                                          Entropy (8bit):6.024104061860402
                                          Encrypted:false
                                          SSDEEP:1536:2W2JmU8L4INRB3sVBqh+sjHGWOyUEUFn2ezHp5ONzWe7Ksd8zwMl0y8kOlDkP6KU:2WcmU64OUwwymJyUg6e7KsdWG/kOlQPU
                                          MD5:4EAA081041F838FACDFDCEB831507F71
                                          SHA1:68319DBD06E9F804C10D9A4A5883F25608C6677F
                                          SHA-256:F903D0F6D045BC9F705D91DC1CF9AC3439B9E9DDFD2AB1B4D5DE6A39276AC956
                                          SHA-512:D3A97C8DF9C2C0001EC5283A17A86FA5B4F98C2C42A38522E94523B6796046C50E1BF569AB647E892B8FB8EEF8F9CBAAFEDDCB51438E1A69CCCEC272F3E4A0C0
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=.^.S.^.S.^.S.y%(.\.S..'-._.S.y%>.S.S.y%..X.S.....].S.....Q.S.^.R...S.y%=.N.S.y%)._.S.y%/._.S.y%+._.S.Rich^.S.................PE..L.....6J...........!..... ...................0......................................................................@p......0b..........X...............H............2..............................p?..@............0...............................text............ .................. ..`.rdata...@...0...P...0..............@..@.data...X...........................@....rsrc...X...........................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-U6U8R.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):343112
                                          Entropy (8bit):6.115645733588845
                                          Encrypted:false
                                          SSDEEP:6144:vqrBdNpruDJbTxebsIWqg6rtMuEoDH+ueQgiOW7Z8rZ5:vYpruebaqg6r9EoDH+ueQl8rZ5
                                          MD5:DB042E82F623FCBB2B649C1E663B68FD
                                          SHA1:341F1CCA98DE3A10DF8567C4A4658E8D3568880C
                                          SHA-256:DDBDC395516A95BAB43DEA36B13EB36395CDA4FD63A024AE1C6AEFCAAA904CDE
                                          SHA-512:D609B355AD8E85F3CD7C6423F48545943199B2033822988CBFBD8E6470444BAE21D2FEFFDEE37066F11739E097EE4602CD6B144D6A4FF3F5B7AB7C9FECF3271A
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.5...[P..[P..[P)G P..[P.E%P..[P)G&P..[P..P..[P..P..[P..ZP..[P)G5P..[P)G6P..[P)G!P..[P)G'P..[P)G#P..[PRich..[P........PE..L....0J...........!.....P..........R0.......`...............................0.......T......................................0............3...........0..H........ ..@c..............................xy..@............`...............................text....C.......P.................. ..`.rdata..hI...`...P...`..............@..@.data...P...........................@....rsrc....3.......@..................@..@.reloc..~&.......0..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-U8FUA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):183368
                                          Entropy (8bit):6.073192965724942
                                          Encrypted:false
                                          SSDEEP:3072:tPvhNKVkh+XV1KyddRwATAhurlMJ8c6mfLl1eU0wM1U7Ill0sLM/8nwMOAsiqfHY:dzKVBRn8IfD8MOAjqhC
                                          MD5:3C6EC649825A52B7955A2F1C5F41C957
                                          SHA1:90EF1D8AEE8F5EB5D3E383DD95889A89581FF8A2
                                          SHA-256:787FAB7E014E8446C55AC32C2A08FEFC66FAD7EEF2C80C75885B9A0CCA142035
                                          SHA-512:C61D467D2FB676E0FFC73E2F1564BDF9546935784F7A0B43D1B3A461DC28EBB04B051EB1E7FEF0E7239C0B4E7B32523CFF2DFCB9D73BD2FAF8D3D954B230A341
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Yf......d.......d......d......................U....d......d......d......d.....Rich...........PE..L...R..J...........!...............................................................................................0.......%.......`..L"..............H...........p...................................@...............8............................text............................... ..`.rdata..9Q.......`..................@..@.data........@... ...@..............@....rsrc...L"...`...0...`..............@..@.reloc..N#.......0..................@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-UJ6GA.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):552008
                                          Entropy (8bit):6.576107872040982
                                          Encrypted:false
                                          SSDEEP:6144:Wj3ais5y9xgVB4RcUsY4s0gftThxlZDIQFAgzyWTaQSieVlr1O+19+OAytYlQ:Wj3h983s0g10bgzyW8ieVlr1O2r
                                          MD5:D94DAE9F0A5C715D58803556EE883B94
                                          SHA1:216BCD4ECADA50A1D690DB94A7AA32726F8D0625
                                          SHA-256:F316966989ED06BC4EFF9E31DD5068446EE20E4050FD5C02059A24EF7A8D472D
                                          SHA-512:34BD3917196783F54942ED64B86B21333270B9A86F1AD73459CA66716519FBF4A91030C6BCDADCED11504A3A2EE30FE873678441A25AE6ECA55413DF60B88A07
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................b.......`......b..............F.......F..........."...b....b....b......b......b......Rich....................PE..L...;..I...........!................W.......................................................................................X........0...............`..H....P...0...................................................................................text...x........................... ..`.rdata..)........ ..................@..@.data...\=..........................@....rodata. .... ......................@..@.rsrc........0... ..................@..@.reloc..N7...P...@... ..............@..B........................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-V9E4R.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):175176
                                          Entropy (8bit):5.992681980642242
                                          Encrypted:false
                                          SSDEEP:3072:CI3herM4vbGnublLufiGWjzF0dTeBbHNfPIOvajIaDFIOWkJBz1PCT:CHM4vbX6gjzFIeBqOvajBIOWkBw
                                          MD5:FC14DF13FF2760B169B9B66D3587A7E8
                                          SHA1:BAA604F21B04B1BB890220BE0578DA4515B645B6
                                          SHA-256:8B65BA418EAB3704FA4DFBE3F958DAEC428A48C6C936017A171A83F6B85BC042
                                          SHA-512:34F50E38736C2A3F28337BB552420A1642674E1A63FD10C9633A2C88160E66E10849B08542976E4E466D2CE1CD09E13B22E6DFD3C285B18F6135F56B1D9843BE
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.D............Z..............7.............c.......c...........f......................................Rich....................PE..L.....DG...........!................................................................E................................4.......&.......P..l,..............H...............................................@............................................text...<........................... ..`.rdata..U5.......@..................@..@.data...<....@.......@..............@....rsrc...l,...P...0...P..............@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\is-VD5B6.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):212040
                                          Entropy (8bit):6.20926282499684
                                          Encrypted:false
                                          SSDEEP:3072:AeJH2+Zn9HjQgJBsiOjTXnhHXCdghICwtboDsOg84qBwgJu:AY2+bDQgJbSTXnh8/ZasOg84DZ
                                          MD5:F8DE593AF77BE4BC43E5722DBF976F16
                                          SHA1:0584F20B69FCBC2CD4E81B476F2C7063C7568DA2
                                          SHA-256:05EC84921DBFE9B13382D92B70141EE668D0742276DA75DB7A729C4DA21BBF56
                                          SHA-512:07DCD78B9462047D57916BBABEC0828E2917F425BDFED6D1111C38D26045D8A325A91BF60F83E7E78840AB4368B8E4A6B2AFDDAF67F601A10E919F3C8C6E86C5
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R..$...w...w...w1M.w...w.O.w...w1M.w...w1M.w...w..w...w..w...w...w...w1M.w...w1M.w...w1M.w...w1M.w...wRich...w........................PE..L......I...........!.....0...................@...............................0.......[.............................. ....................&...........0..H........!.. C...............................f..@............@...............................text....%.......0.................. ..`.rdata...j...@...p...@..............@..@.data...4........ ..................@....rsrc....&.......0..................@..@.reloc...).......0..................@..B................................................................................................................................................................................................................................................................................................

                                          C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):625152
                                          Entropy (8bit):6.572070144111249
                                          Encrypted:false
                                          SSDEEP:12288:QscuWja/7ff/RwkK04Vve+u5spKZQdyxMfgj:/Oja/7ff/RVKReO
                                          MD5:E4BA094FFBCA3F398C5DDC931E9AD620
                                          SHA1:C9B6BA6E0B5EC8A4245A753BD666F5F106CC3F9E
                                          SHA-256:643D29919F996EBC74850135A3937583908D49D8AC202BC5267A9C0F9CDF0FEE
                                          SHA-512:3AB4DBA2A9569C79EE032496582CA3D251F83D997704F339D86258440D6F77ED5E63B035AB5A16101E47526456A54B6CA1FDF3366F21852AC214D29657C770BD
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z...z...z....N.~....L.y...z......]Kl.b....Io.{...]Kk.{...]K|....]K......]Km.{...]Ki.{...Richz...................PE..L....PqE...........!................jA....... ....7.................................................................0...........(....p......................0...e..P...................................@............................................text............................... ..`.data....J... ...&..................@....rsrc.......p.......8..............@..@.reloc......0......................@..B........................................................................................................................................................................................................................................................................................................................................................

                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU\Video\AVS Video Editor 4.lnk

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri May 24 14:40:00 2024, mtime=Fri May 24 14:40:00 2024, atime=Fri Jun 26 20:55:18 2009, length=16406088, window=hide
                                          Category:dropped
                                          Size (bytes):1302
                                          Entropy (8bit):4.59903469936953
                                          Encrypted:false
                                          SSDEEP:24:8mib/CEqdOE4FGNXnHlnbyA3J7dczzpdcxUUK/qygm:8mU1qdOfK1V35dKdFmyg
                                          MD5:171EB1200C6510A77908743B411F6B99
                                          SHA1:56654A6B0E16F15B3DCAA76FF7B10EA219C8289B
                                          SHA-256:8747933F28E30AC5DAC65EB4285FF4C58C22368A32A8E2068A823CBFB72DD553
                                          SHA-512:A6CB3A95B7E1F1D26701F923DBA25B773A78E879FFEBBFCB34F69EF29D82BD1A67B5671C77C34B246E75FBBEA79FA2C7F47F007DD5AFA017619072226CB41D53
                                          Malicious:false
                                          Preview:L..................F.... ...zC......@V.....g&....HV...........................P.O. .:i.....+00.../C:\.....................1......X.|..PROGRA~2.........O.I.X.|....................V.....IP..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.|..AVS4YOU.@......X.|.X.|..........................IP..A.V.S.4.Y.O.U.....f.1......X.}..AVSVID~1..N......X.|.X.}...........................e..A.V.S.V.i.d.e.o.E.d.i.t.o.r.....r.2.HV...:. .AVSVID~1.EXE..V......X.}.X.}.....C........................A.V.S.V.i.d.e.o.E.d.i.t.o.r...e.x.e.......o...............-.......n...........DR.......C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoEditor.exe..R.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.V.i.d.e.o.E.d.i.t.o.r.\.A.V.S.V.i.d.e.o.E.d.i.t.o.r...e.x.e.-.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.V.i.d.e.o.E.d.i.t.o.r.........*................@Z|...K.J.........`.......

                                          C:\Users\user\AppData\Local\Temp\MSI82c70.LOG

                                          Download File
                                          Process:C:\Windows\SysWOW64\msiexec.exe
                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (369), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):838
                                          Entropy (8bit):3.719441462562201
                                          Encrypted:false
                                          SSDEEP:12:Qw5Hk3zfU1XQ9ouLGUnFYelmSTMlWlKUnDurH/Qdc1Ll2lLrG5Tvvg8gN65KHg:QkHk3YKouLG8FjmYkWQUEHg0RKOdnT5
                                          MD5:D7D581931606DB8AD3FEBBB7DE665C66
                                          SHA1:3B4A8CED48C897A7B2A03B25C1987963CFD23B9B
                                          SHA-256:FC27AC1FE55F3F96B3C6E0F44BED19DCCABFAA0A3FC9E77369D833539357F2C3
                                          SHA-512:F413132C015DF460C25A91A9A2D12C73E8B979A350E6EBE0007DC869B95F94629C7C1232D02C0E53BFDE69A8AEB5DC99C2EA0F578D0E9E790A9CFCE5FEEE569A
                                          Malicious:false
                                          Preview:..E.r.r.o.r. .1.9.3.5...A.n. .e.r.r.o.r. .o.c.c.u.r.r.e.d. .d.u.r.i.n.g. .t.h.e. .i.n.s.t.a.l.l.a.t.i.o.n. .o.f. .a.s.s.e.m.b.l.y. .'.M.i.c.r.o.s.o.f.t...V.C.8.0...A.T.L.,.t.y.p.e.=.".w.i.n.3.2.".,.v.e.r.s.i.o.n.=.".8...0...5.0.7.2.7...7.6.2.".,.p.u.b.l.i.c.K.e.y.T.o.k.e.n.=.".1.f.c.8.b.3.b.9.a.1.e.1.8.e.3.b.".,.p.r.o.c.e.s.s.o.r.A.r.c.h.i.t.e.c.t.u.r.e.=.".x.8.6.".'... .P.l.e.a.s.e. .r.e.f.e.r. .t.o. .H.e.l.p. .a.n.d. .S.u.p.p.o.r.t. .f.o.r. .m.o.r.e. .i.n.f.o.r.m.a.t.i.o.n... .H.R.E.S.U.L.T.:. .0.x.8.0.0.7.0.4.2.2... .a.s.s.e.m.b.l.y. .i.n.t.e.r.f.a.c.e.:. .I.A.s.s.e.m.b.l.y.C.a.c.h.e.I.t.e.m.,. .f.u.n.c.t.i.o.n.:. .C.o.m.m.i.t.,. .c.o.m.p.o.n.e.n.t.:. .{.9.7.F.8.1.A.F.1.-.0.E.4.7.-.D.C.9.9.-.A.0.1.F.-.C.8.B.3.B.9.A.1.E.1.8.E.}.....=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.5./.2.0.2.4. . .1.1.:.3.9.:.4.7. .=.=.=.....

                                          C:\Users\user\AppData\Local\Temp\is-72V45.tmp\_isetup\_RegDLL.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):3584
                                          Entropy (8bit):4.012434743866195
                                          Encrypted:false
                                          SSDEEP:48:iAnz1hEU3FR/pmqBl8/QMCBaquEMx5BCwSS4k+bkguj0K:pz1eEFNcqBC/Qrex5MSKD
                                          MD5:C594B792B9C556EA62A30DE541D2FB03
                                          SHA1:69E0207515E913243B94C2D3A116D232FF79AF5F
                                          SHA-256:5DCC1E0A197922907BCA2C4369F778BD07EE4B1BBBDF633E987A028A314D548E
                                          SHA-512:387BD07857B0DE67C04E0ABF89B754691683F30515726045FF382DA9B6B7F36570E38FAE9ECA5C4F0110CE9BB421D8045A5EC273C4C47B5831948564763ED144
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................|.......|.......|......Rich............PE..L.....%E..................................... ....@..........................@..............................................l ..P....0..8............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...8....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\is-72V45.tmp\_isetup\_setup64.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):5632
                                          Entropy (8bit):4.203889009972449
                                          Encrypted:false
                                          SSDEEP:48:SvTmfWvPcXegCWUo1vlZwrAxoONfHFZONfH3d1xCWMBgW2p3SS4k+bkg6j0K:nfkcXegjJ/ZgYNzcld1xamW2pCSKv
                                          MD5:B4604F8CD050D7933012AE4AA98E1796
                                          SHA1:36B7D966C7F87860CD6C46096B397AA23933DF8E
                                          SHA-256:B50B7AC03EC6DA865BF4504C7AC1E52D9F5B67C7BCB3EC0DB59FAB24F1B471C5
                                          SHA-512:3057AA4810245DA0B340E1C70201E5CE528CFDC5A164915E7B11855E3A5B9BA0ED77FBC542F5E4EB296EA65AF88F263647B577151068636BA188D8C4FD44E431
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d......E..........#............................@.............................`..............................................................<!.......P..8....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...8....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\is-72V45.tmp\_isetup\_shfoldr.dll

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                          Category:dropped
                                          Size (bytes):23312
                                          Entropy (8bit):4.596242908851566
                                          Encrypted:false
                                          SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                          MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                          SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                          SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                          SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp

                                          Download File
                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):685056
                                          Entropy (8bit):6.469782512324722
                                          Encrypted:false
                                          SSDEEP:12288:L/vksLWtSNrPi37NzHDA6Y1gbl5d7Ifoz4mrNNpRpzqjxy:jvksLWtkrPi37NzHDA6Yg5dsfoTzsxy
                                          MD5:52950AC9E2B481453082F096120E355A
                                          SHA1:159C09DB1ABCEE9114B4F792FFBA255C78A6E6C3
                                          SHA-256:25FBC88C7C967266F041AE4D47C2EAE0B96086F9E440CCA10729103AEE7EF6CD
                                          SHA-512:5B61C28BBCAEDADB3B6CD3BB8A392D18016C354C4C16E01395930666ADDC95994333DFC45BEA1A1844F6F1585E79C729136D3714AC118B5848BECDE0BDB182BA
                                          Malicious:false
                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................`...................@...........................@...%... ...:..........................................................................................................CODE....4........................... ..`DATA....p...........................@...BSS.......... ...........................idata...%...@...&..................@....tls.........p.......8...................rdata...............8..............@..P.reloc...............:..............@..P.rsrc....:... ...:...:..............@..P.............`......................@..P........................................................................................................................................

                                          C:\Users\user\Desktop\AVS Video Editor 4.lnk

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri May 24 14:40:00 2024, mtime=Fri May 24 14:40:06 2024, atime=Fri Jun 26 20:55:18 2009, length=16406088, window=hide
                                          Category:dropped
                                          Size (bytes):1278
                                          Entropy (8bit):4.625966909036508
                                          Encrypted:false
                                          SSDEEP:24:8mLb/CEqdOE4FGNXnHlnbyA3JPdczzpdcxUUK/qygm:8mX1qdOfK1V3tdKdFmyg
                                          MD5:16E80869D2FDBFDEAB89A77B25254F50
                                          SHA1:64055A42A74ADCA8E345F3591A33C986106223A1
                                          SHA-256:1D90127A4438772E3756C87B729558F81ACEAFF7009BAB52786AD64F10D3E66D
                                          SHA-512:61567AECD183D2FFA5F9F0711DAAF5082A7DC2AB5FFE74CEE97F1D91426464193DA94D607DEB506885CCAF0F3F567A06DE84EDFF295D2E7BAF1F51494E10646A
                                          Malicious:false
                                          Preview:L..................F.... ...zC.............g&....HV...........................P.O. .:i.....+00.../C:\.....................1......X.|..PROGRA~2.........O.I.X.|....................V.....IP..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.|..AVS4YOU.@......X.|.X.|..........................IP..A.V.S.4.Y.O.U.....f.1......X.}..AVSVID~1..N......X.|.X.}...........................e..A.V.S.V.i.d.e.o.E.d.i.t.o.r.....r.2.HV...:. .AVSVID~1.EXE..V......X.}.X.}.....C........................A.V.S.V.i.d.e.o.E.d.i.t.o.r...e.x.e.......o...............-.......n...........DR.......C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\AVSVideoEditor.exe..F.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.V.i.d.e.o.E.d.i.t.o.r.\.A.V.S.V.i.d.e.o.E.d.i.t.o.r...e.x.e.-.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.V.S.4.Y.O.U.\.A.V.S.V.i.d.e.o.E.d.i.t.o.r.........*................@Z|...K.J.........`.......X.......035347..........

                                          C:\Windows\Fonts\FlemishScriptBT.ttf (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:TrueType Font data, 14 tables, 1st "OS/2", 14 names, Macintosh
                                          Category:dropped
                                          Size (bytes):68720
                                          Entropy (8bit):6.966847433326463
                                          Encrypted:false
                                          SSDEEP:1536:K5oMNWwtODsuyqTIxqahsjrEZqGt2Ol28UD:KqMNWwtisuyMIQahaGt2rD
                                          MD5:7CDEEF0E807AE34DF9027C5C7391ABE8
                                          SHA1:4BDE1EAC2221DBF75C6567AB3F344C65BD7E8CA7
                                          SHA-256:57F42FC3237084F572CB3F8AC4EADDDED4BE86899B1EFC986AD76094A56F425C
                                          SHA-512:2DF7BF7488EA2BC5C42D4EF10F553D5B569289BC743A4953D24834E58CA15314E0EC1E1D9BB72ED260CE3EE8F82EB4F490199D9A9698E89D70D5AD5E537B21FD
                                          Malicious:false
                                          Preview:...........`OS/2..\P.......NPCLT..i...8...6cmapYa7C.......2cvt {..T.......zfpgm.p..........glyf.L^....8...head...A.......6hhea.6.M.......$hmtx(DYx........loca.......`....maxp.......l... nameI..........post...........JprepA?.........................8.............V.......................f.............................................p........... .............:.........6.H.........".~.........0..............RegularFlemishScriptBT-RegularCopyright 1990-1998 Bitstream Inc. All rights reserved.FlemishScript BTFlemish Script, English 175Flemish Script BTmfgpctt-v4.4 Dec 22 1998.C.o.p.y.r.i.g.h.t. .1.9.9.0.-.1.9.9.8. .B.i.t.s.t.r.e.a.m. .I.n.c... . .A.l.l. .r.i.g.h.t.s. .r.e.s.e.r.v.e.d...F.l.e.m.i.s.h.S.c.r.i.p.t. .B.T.R.e.g.u.l.a.r.F.l.e.m.i.s.h. .S.c.r.i.p.t.,. .E.n.g.l.i.s.h. .1.7.5.F.l.e.m.i.s.h. .S.c.r.i.p.t. .B.T.m.f.g.p.c.t.t.-.v.4...4. .D.e.c. .2.2. .1.9.9.8.F.l.e.m.i.s.h.S.c.r.i.p.t.B.T.-.R.e.g.u.l.a.r...D.f...1.P.3.N.).`...9.....!.......!.#.-.1.H./.R.............J.........#...{..

                                          C:\Windows\Fonts\is-3BRGH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:TrueType Font data, 14 tables, 1st "OS/2", 14 names, Macintosh
                                          Category:dropped
                                          Size (bytes):68720
                                          Entropy (8bit):6.966847433326463
                                          Encrypted:false
                                          SSDEEP:1536:K5oMNWwtODsuyqTIxqahsjrEZqGt2Ol28UD:KqMNWwtisuyMIQahaGt2rD
                                          MD5:7CDEEF0E807AE34DF9027C5C7391ABE8
                                          SHA1:4BDE1EAC2221DBF75C6567AB3F344C65BD7E8CA7
                                          SHA-256:57F42FC3237084F572CB3F8AC4EADDDED4BE86899B1EFC986AD76094A56F425C
                                          SHA-512:2DF7BF7488EA2BC5C42D4EF10F553D5B569289BC743A4953D24834E58CA15314E0EC1E1D9BB72ED260CE3EE8F82EB4F490199D9A9698E89D70D5AD5E537B21FD
                                          Malicious:false
                                          Preview:...........`OS/2..\P.......NPCLT..i...8...6cmapYa7C.......2cvt {..T.......zfpgm.p..........glyf.L^....8...head...A.......6hhea.6.M.......$hmtx(DYx........loca.......`....maxp.......l... nameI..........post...........JprepA?.........................8.............V.......................f.............................................p........... .............:.........6.H.........".~.........0..............RegularFlemishScriptBT-RegularCopyright 1990-1998 Bitstream Inc. All rights reserved.FlemishScript BTFlemish Script, English 175Flemish Script BTmfgpctt-v4.4 Dec 22 1998.C.o.p.y.r.i.g.h.t. .1.9.9.0.-.1.9.9.8. .B.i.t.s.t.r.e.a.m. .I.n.c... . .A.l.l. .r.i.g.h.t.s. .r.e.s.e.r.v.e.d...F.l.e.m.i.s.h.S.c.r.i.p.t. .B.T.R.e.g.u.l.a.r.F.l.e.m.i.s.h. .S.c.r.i.p.t.,. .E.n.g.l.i.s.h. .1.7.5.F.l.e.m.i.s.h. .S.c.r.i.p.t. .B.T.m.f.g.p.c.t.t.-.v.4...4. .D.e.c. .2.2. .1.9.9.8.F.l.e.m.i.s.h.S.c.r.i.p.t.B.T.-.R.e.g.u.l.a.r...D.f...1.P.3.N.).`...9.....!.......!.#.-.1.H./.R.............J.........#...{..

                                          C:\Windows\Installer\48157d.msi

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Create Time/Date: Mon Jun 21 09:00:00 1999, Number of Pages: 200, Code page: 1252, Title: Installation Database, Subject: Microsoft Visual C++ 2005 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Visual C++ 2005 Redistributable RTL x86 enu; Copyright (C) Microsoft Corporation, All rights reserved., Template: Intel;0, Revision Number: {675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}, Name of Creating Application: Visual Studio Setup Build user (BuildMod.DLL), Security: 2, Last Saved Time/Date: Fri Dec 1 22:24:46 2006, Number of Words: 2
                                          Category:dropped
                                          Size (bytes):2818048
                                          Entropy (8bit):7.6656649403020625
                                          Encrypted:false
                                          SSDEEP:49152:88iG59xjcLHWNTpMYeJscoTpqlLrditJ35bForUCfSwcJoJB/I4GzJCKG:N9tSA8418LZ6hyf8qz/IjJO
                                          MD5:DC1AB7CE3B89FC7CAC369D8B246CDAFE
                                          SHA1:C9A2D5A312F770189C4B65CB500905E4773C14AD
                                          SHA-256:DDE77DD3473D3D07C459F17CD267F96F19264F976F2FCC85B4BBBECF26487560
                                          SHA-512:E554B8B36A7A853D4E6EFB4E6FAF2D784F41E8D26EDAFBB1689A944BF0A7A4B58258D820A3FADA1496B8C8D295D8771FC713B29127D54A3FBC317659B7565CBE
                                          Malicious:false
                                          Preview:......................>...................)...............8...................y...z...........J.......q...r...s...t...u...v...w...x...y...z...{...|...}...~...........................................F...G...H...I...J...K...L...M...u...............................................................................................................................................................................................................................................................................................R................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......6...0...1...2...3...4...5...X...7...?...e...:...;...<...=...>.../...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...S...`...T...U...V...W...Y...]...Z...[...\...^..._...a...f...i...b...c...d...g...&...h...j...l...n...k...m...o...p...r...q...t...s...u.......v.......w...x...........

                                          C:\Windows\Installer\481580.msi

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Create Time/Date: Mon Jun 21 09:00:00 1999, Number of Pages: 200, Code page: 1252, Title: Installation Database, Subject: Microsoft Visual C++ 2005 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Visual C++ 2005 Redistributable RTL x86 enu; Copyright (C) Microsoft Corporation, All rights reserved., Template: Intel;0, Revision Number: {675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}, Name of Creating Application: Visual Studio Setup Build user (BuildMod.DLL), Security: 2, Last Saved Time/Date: Fri Dec 1 22:24:46 2006, Number of Words: 2
                                          Category:dropped
                                          Size (bytes):2818048
                                          Entropy (8bit):7.6656649403020625
                                          Encrypted:false
                                          SSDEEP:49152:88iG59xjcLHWNTpMYeJscoTpqlLrditJ35bForUCfSwcJoJB/I4GzJCKG:N9tSA8418LZ6hyf8qz/IjJO
                                          MD5:DC1AB7CE3B89FC7CAC369D8B246CDAFE
                                          SHA1:C9A2D5A312F770189C4B65CB500905E4773C14AD
                                          SHA-256:DDE77DD3473D3D07C459F17CD267F96F19264F976F2FCC85B4BBBECF26487560
                                          SHA-512:E554B8B36A7A853D4E6EFB4E6FAF2D784F41E8D26EDAFBB1689A944BF0A7A4B58258D820A3FADA1496B8C8D295D8771FC713B29127D54A3FBC317659B7565CBE
                                          Malicious:false
                                          Preview:......................>...................)...............8...................y...z...........J.......q...r...s...t...u...v...w...x...y...z...{...|...}...~...........................................F...G...H...I...J...K...L...M...u...............................................................................................................................................................................................................................................................................................R................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......6...0...1...2...3...4...5...X...7...?...e...:...;...<...=...>.../...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...S...`...T...U...V...W...Y...]...Z...[...\...^..._...a...f...i...b...c...d...g...&...h...j...l...n...k...m...o...p...r...q...t...s...u.......v.......w...x...........

                                          C:\Windows\Installer\481581.msi

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Create Time/Date: Mon Jun 21 09:00:00 1999, Number of Pages: 200, Code page: 1252, Title: Installation Database, Subject: Microsoft Visual C++ 2005 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Visual C++ 2005 Redistributable RTL x86 enu; Copyright (C) Microsoft Corporation, All rights reserved., Template: Intel;0, Revision Number: {675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}, Name of Creating Application: Visual Studio Setup Build user (BuildMod.DLL), Security: 2, Last Saved Time/Date: Fri Dec 1 22:24:46 2006, Number of Words: 2
                                          Category:dropped
                                          Size (bytes):2818048
                                          Entropy (8bit):7.6656649403020625
                                          Encrypted:false
                                          SSDEEP:49152:88iG59xjcLHWNTpMYeJscoTpqlLrditJ35bForUCfSwcJoJB/I4GzJCKG:N9tSA8418LZ6hyf8qz/IjJO
                                          MD5:DC1AB7CE3B89FC7CAC369D8B246CDAFE
                                          SHA1:C9A2D5A312F770189C4B65CB500905E4773C14AD
                                          SHA-256:DDE77DD3473D3D07C459F17CD267F96F19264F976F2FCC85B4BBBECF26487560
                                          SHA-512:E554B8B36A7A853D4E6EFB4E6FAF2D784F41E8D26EDAFBB1689A944BF0A7A4B58258D820A3FADA1496B8C8D295D8771FC713B29127D54A3FBC317659B7565CBE
                                          Malicious:false
                                          Preview:......................>...................)...............8...................y...z...........J.......q...r...s...t...u...v...w...x...y...z...{...|...}...~...........................................F...G...H...I...J...K...L...M...u...............................................................................................................................................................................................................................................................................................R................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......6...0...1...2...3...4...5...X...7...?...e...:...;...<...=...>.../...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...S...`...T...U...V...W...Y...]...Z...[...\...^..._...a...f...i...b...c...d...g...&...h...j...l...n...k...m...o...p...r...q...t...s...u.......v.......w...x...........

                                          C:\Windows\Installer\481584.msi

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Create Time/Date: Mon Jun 21 09:00:00 1999, Number of Pages: 200, Code page: 1252, Title: Installation Database, Subject: Microsoft Visual C++ 2005 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: Microsoft Visual C++ 2005 Redistributable RTL x86 enu; Copyright (C) Microsoft Corporation, All rights reserved., Template: Intel;0, Revision Number: {675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}, Name of Creating Application: Visual Studio Setup Build user (BuildMod.DLL), Security: 2, Last Saved Time/Date: Fri Dec 1 22:24:46 2006, Number of Words: 2
                                          Category:dropped
                                          Size (bytes):2818048
                                          Entropy (8bit):7.6656649403020625
                                          Encrypted:false
                                          SSDEEP:49152:88iG59xjcLHWNTpMYeJscoTpqlLrditJ35bForUCfSwcJoJB/I4GzJCKG:N9tSA8418LZ6hyf8qz/IjJO
                                          MD5:DC1AB7CE3B89FC7CAC369D8B246CDAFE
                                          SHA1:C9A2D5A312F770189C4B65CB500905E4773C14AD
                                          SHA-256:DDE77DD3473D3D07C459F17CD267F96F19264F976F2FCC85B4BBBECF26487560
                                          SHA-512:E554B8B36A7A853D4E6EFB4E6FAF2D784F41E8D26EDAFBB1689A944BF0A7A4B58258D820A3FADA1496B8C8D295D8771FC713B29127D54A3FBC317659B7565CBE
                                          Malicious:false
                                          Preview:......................>...................)...............8...................y...z...........J.......q...r...s...t...u...v...w...x...y...z...{...|...}...~...........................................F...G...H...I...J...K...L...M...u...............................................................................................................................................................................................................................................................................................R................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.......6...0...1...2...3...4...5...X...7...?...e...:...;...<...=...>.../...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...S...`...T...U...V...W...Y...]...Z...[...\...^..._...a...f...i...b...c...d...g...&...h...j...l...n...k...m...o...p...r...q...t...s...u.......v.......w...x...........

                                          C:\Windows\Installer\MSI1752.tmp

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):3.741623752383387
                                          Encrypted:false
                                          SSDEEP:192:XOdG/6G4nnykxsdYZ+mrv2ySzLUHypLGgjuXFw5acHKBNtHjhuHWrkA9uBP1WWzT:P6GuZBrvkzAHyxxHKBdaA2dWWzm0ZH
                                          MD5:85221B3BCBA8DBE4B4A46581AA49F760
                                          SHA1:746645C92594BFC739F77812D67CFD85F4B92474
                                          SHA-256:F6E34A4550E499346F5AB1D245508F16BF765FF24C4988984B89E049CA55737F
                                          SHA-512:060E35C4DE14A03A2CDA313F968E372291866CC4ACD59977D7A48AC3745494ABC54DF83FFF63CF30BE4E10FF69A3B3C8B6C38F43EBD2A8D23D6C86FBEE7BA87D
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........CnuS".&S".&S".&t.}&P".&S".&.".&t.{&X".&t.m&^".&t.z&R".&t.n&R".&t.x&R".&RichS".&........................PE..L...\..C...........!.....@... .......6.......P....@..........................p......I................................B.......=..x............................`......0...............................x...@............................................text....2.......@.................. ..`.data...h....P.......P..............@....reloc..<....`.......`..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Installer\MSI1D2F.tmp

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):48339
                                          Entropy (8bit):5.667255459904106
                                          Encrypted:false
                                          SSDEEP:768:aRjRp+0WmhTbPe/j+kTlqARou2xUqpINF09wRXa92B+20EuHa:Yt7Wm1bPe/j+kT8Ay7xdqNF09wRCo
                                          MD5:9A0016452993BDDAB31E548C34290752
                                          SHA1:1C33395CD717D2A9C7C980E796940D816915D3C9
                                          SHA-256:9B702A180884E96C3707C7680AB432638A61E1FFA4B10FB260361B31ABC43636
                                          SHA-512:A6EC47BA586BB125CF444124A8FC832276B01443D6D0F6287213E718740B9FFABE4F93CCDC7E6B45B35EC077A29204A4055913A5D029BB03F4ECD3FD12589A5E
                                          Malicious:false
                                          Preview:...@IXOS.@.....@.\.X.@.....@.....@.....@.....@.....@......&.{7299052b-02a4-4627-81f2-1818da5d550d}).Microsoft Visual C++ 2005 Redistributable..vcredist.msi.@.....@.....@.....@........&.{675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}.....@.....@.....@.....@.......@.....@.....@.......@....).Microsoft Visual C++ 2005 Redistributable......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{A49F249F-0C91-497F-86DF-B2585E8E76B7}?.02:\SOFTWARE\Microsoft\DevDiv\VC\Servicing\8.0\RED\1033\Install.@.......@.....@.....@......&.{EC50BE77-3064-11D5-A54A-0090278A1BB8}1.02:\SOFTWARE\Microsoft\DevDiv\VC\Servicing\8.0\SP.@.......@.....@.....@......&.{946F6004-4E08-BCAB-E01F-C8B3B9A1E18E}...@.......@.....@.....@......&.{97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}..>ATL80.dll\Microsoft.VC80.ATL,type="win32",version="8.0.50727.762",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"

                                          C:\Windows\Installer\MSI9EA5.tmp

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):3.741623752383387
                                          Encrypted:false
                                          SSDEEP:192:XOdG/6G4nnykxsdYZ+mrv2ySzLUHypLGgjuXFw5acHKBNtHjhuHWrkA9uBP1WWzT:P6GuZBrvkzAHyxxHKBdaA2dWWzm0ZH
                                          MD5:85221B3BCBA8DBE4B4A46581AA49F760
                                          SHA1:746645C92594BFC739F77812D67CFD85F4B92474
                                          SHA-256:F6E34A4550E499346F5AB1D245508F16BF765FF24C4988984B89E049CA55737F
                                          SHA-512:060E35C4DE14A03A2CDA313F968E372291866CC4ACD59977D7A48AC3745494ABC54DF83FFF63CF30BE4E10FF69A3B3C8B6C38F43EBD2A8D23D6C86FBEE7BA87D
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........CnuS".&S".&S".&t.}&P".&S".&.".&t.{&X".&t.m&^".&t.z&R".&t.n&R".&t.x&R".&RichS".&........................PE..L...\..C...........!.....@... .......6.......P....@..........................p......I................................B.......=..x............................`......0...............................x...@............................................text....2.......@.................. ..`.data...h....P.......P..............@....reloc..<....`.......`..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Installer\MSIA2AD.tmp

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):48351
                                          Entropy (8bit):5.6672289406238
                                          Encrypted:false
                                          SSDEEP:768:iRjRp+0WmhLXPe/j+s/lOMZouS1USpINF09wRXa92B+2/EuHK:gt7WmJXPe/j+s/UMqj1FqNF09wRVw
                                          MD5:5C72F72090EDBB0FE93F67D4F4474991
                                          SHA1:23DEEE70A2C11B4C655E35AB82F48032584D37EC
                                          SHA-256:C5355F6F75A07F982F29F15CCCBB3D002E147BDDDE1B5F9694E175385BF10A66
                                          SHA-512:F482AB85D8012D2D6A8FC20D18789B95C43BABE71ADBB2081C3A3039AF6BA42DEA15973A31BF8C8787A2CB8871138E4D2035526AAAE436ABD0BBD3444CDB1C66
                                          Malicious:false
                                          Preview:...@IXOS.@.....@.].X.@.....@.....@.....@.....@.....@......&.{7299052b-02a4-4627-81f2-1818da5d550d}).Microsoft Visual C++ 2005 Redistributable..vcredist.msi.@.....@.....@.....@........&.{675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}.....@.....@.....@.....@.......@.....@.....@.......@....).Microsoft Visual C++ 2005 Redistributable......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{A49F249F-0C91-497F-86DF-B2585E8E76B7}?.02:\SOFTWARE\Microsoft\DevDiv\VC\Servicing\8.0\RED\1033\Install.@.......@.....@.....@......&.{EC50BE77-3064-11D5-A54A-0090278A1BB8}1.02:\SOFTWARE\Microsoft\DevDiv\VC\Servicing\8.0\SP.@.......@.....@.....@......&.{946F6004-4E08-BCAB-E01F-C8B3B9A1E18E}...@.......@.....@.....@......&.{97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}..>ATL80.dll\Microsoft.VC80.ATL,type="win32",version="8.0.50727.762",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"

                                          C:\Windows\Installer\SourceHash{7299052b-02a4-4627-81f2-1818da5d550d}

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Composite Document File V2 Document, Cannot read section info
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):1.201573483454585
                                          Encrypted:false
                                          SSDEEP:12:JSbX72FjcMsXAlfLIlHuRpqBhG7777777777777777777777777ZDHFyxMnK5Eln:JKUIwZNdF
                                          MD5:099EF5EAD1D3A537360E0A749806EA91
                                          SHA1:66A11DBB27FCC7C05F4D47C2FD56886634167873
                                          SHA-256:DC1ABA044259D25A3E37AF00258D948551AE138586E146B114EF608155E6BCB7
                                          SHA-512:D300F19754FA0514D0CA918F01C99A057D071B70EFBD0A952816B3CDC7F65F16DE994770E2660E59E525FFAC0BDC48D61CE95A53F7402E7B6E3E0AD8CEA8901D
                                          Malicious:false
                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Installer\inprogressinstallinfo.ipi

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Composite Document File V2 Document, Cannot read section info
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):1.6068761967487744
                                          Encrypted:false
                                          SSDEEP:48:X8PhduRc06WXJGjT5e/d9HVkXeSM97idReSBgdjfdcgZ1N:Whd1djTIV6evgeqgZ
                                          MD5:CE744118224E687CD7625329A8D512A3
                                          SHA1:9DFF361207BC8FA28D9E41679641D2061E3441CE
                                          SHA-256:347B939297B3A1720CD2A0F3D46F6B30676144BB06C9A7B89AD0ACFFC4983AAB
                                          SHA-512:97C02AD60DE404C9779030059D51C44BF37BC6489926F667B176838F7300966E9A9ED7EB744847390F0C036C7FFF4458D2A096EB42918305B71D73180321E6CF
                                          Malicious:false
                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):360001
                                          Entropy (8bit):5.362992687097145
                                          Encrypted:false
                                          SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaum:zTtbmkExhMJCIpEn
                                          MD5:3AA63E27E3916DA053DC8FA36AF74F9D
                                          SHA1:CEE9F17695A9D1DFC17AB3E49F055A759D7CF21A
                                          SHA-256:0814BBE2A0BC032725F9A0114A51E2287CD2944756D728C3F3B3D9C12FCB831B
                                          SHA-512:79CC6B8EDA364111C1883D05D6702D55D6BDE57D62070ACFD4031D1F26DBB0728F7C321919F07EF4C338875F1EB870A4A74C31D7DF5197C84E1CB7C48794CBF7
                                          Malicious:false
                                          Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                          C:\Windows\SysWOW64\is-40G3H.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):344064
                                          Entropy (8bit):6.52555608733947
                                          Encrypted:false
                                          SSDEEP:6144:SJXaB17daPjFKMrwgWs0uh+PGdmkV2EfFMQiFbNrboYgxg0bCAO5Z09:yXaXJaPJKMrwgT0u0PGdmkV8O7rCLZy
                                          MD5:9972A6ED4F2388DBFA8E0A96F6F3FDF1
                                          SHA1:61B8F573DB448AE6351AE3475C2E7C482D81533C
                                          SHA-256:F68E4CDBC879423EA47D763A6768567F5F8063924F13A74239750C13FA8D168A
                                          SHA-512:D1B7513AE1176C9A933BADDCD1BF93FA089ECA605C8ABCFD628D3BEF2F194347CD96BB39D849EBC6D8DA350B292116CB2EFB8A001ACDB1B1CDE4EBDAD33FA33E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>x..z...z...z....:..y...z........=..o....=..7....=..v....=..{....=..{....=..{...Richz...................PE..L...t.6<...........!................$..............|.........................@......0...................................0D..d...(...............................x*......8...............................................h............................text....{.......................... ..`.rdata..............................@..@.data....f.......p..................@....rsrc...............................@..@.reloc..x*.......0..................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\SysWOW64\is-6LKRT.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):974848
                                          Entropy (8bit):6.519142858203354
                                          Encrypted:false
                                          SSDEEP:12288:74Rw9zxgV8JNytFbltVZohqaxCrV7OLDlZOznVd5jHyObfZsKO4tLi1mZ7YSch7b:J99QFpbZohqaxoOVEzLbtLi1Qch/
                                          MD5:09AEF167EB1531E965053D0DCF6CC573
                                          SHA1:FBFEDFC12E260AC10FF19374F4BE265FA139539E
                                          SHA-256:A133F981269D550812AC443F8171013767EDF75FD5E8F45F28E10D87132DF5C7
                                          SHA-512:8FDC96179B8303C06D3AEC8F9F474D14B4504DEF5625230F1ED5A04120F358BC7C25877813CA4FC3E36624BF04CDBB26F42E2EBDF1FDD954AAC99DD9093F1FA7
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o......................:-......9-.......-...............*.......*.......*......*.......*.......*......*......Rich............................PE..L.....6<...........!.........P......y........p.....|.........................................................................Z.......0..X...........................p...8...............................................h...xF.......................text....u.......................... ..`.data..............................@....rsrc...X....0.......0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\SysWOW64\is-LIQG5.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):24576
                                          Entropy (8bit):4.77119967188416
                                          Encrypted:false
                                          SSDEEP:384:7WpIWqSLH27qkIefKE33N4XBnK1QLt7Sq3RspdtierQ7+9xvbUxerpvovZmkun5V:6cSLHSxLyEtCYc3Rspdtz++992edoZH4
                                          MD5:5FEFD614BBD3FFA3712B172F70B1FDE2
                                          SHA1:0AAAC51DD0FEE84E4DCE999CDDFB61D8E5CC977D
                                          SHA-256:CE2F3131DDFA9B0DFCDDD2A4268E818A2631137FAADEEFA1CFADB5AFC7FEC381
                                          SHA-512:8CED9B86B6A90206433FE521AE92CED231699C9AED66356EF63EF52CAD8A4D149AAC23CF30521CF50CB5E64D800C7FFBF655E07FE6E82AF2E2BA2EC76A3917F1
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..9...9...9......9......9.Rich..9.........................PE..L...k.e;...........!.........\.....................x................................Y...................................................HY...................p.......................................................................................rsrc...HY.......Z..................@..@.reloc.......p.......^..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\SysWOW64\is-NP6NH.tmp

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):487424
                                          Entropy (8bit):6.408566375114996
                                          Encrypted:false
                                          SSDEEP:12288:9O8OfiHNj7YwhUgiW6QR7t543Ooc8PHkC2ez6nua:9EfiH+3Ooc8PHkC2ez6nL
                                          MD5:D04F7AACA2319A3BCDB2C5D5DD6F6026
                                          SHA1:2F0C431BE7DA7F359BB75B9BA319D6F3DEA08919
                                          SHA-256:9255C60B194CF849F3DB54587627E1B8FCE10C88875748642B58EE8E27E22536
                                          SHA-512:876E9BACFF0B37EDAD56D419B1EDCCFEC9B49A71156B9F035611C9D56A13A9AABD03C5620450F18355CAAA006AD491859C726862BCFB44B6CA59FEB32C63E711
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F...'s..'s..'s./.j..'s..'r..'s./.j..'s./.3..'s./.n..'s./.o..'s./.L..'s./.6..'s./.N..'s.Rich.'s.........................PE..L...!.6<...........!................)%.............|.........................p.......|.............................. ...'...d...<.... .......................0...0..H...8............................................................................text............................... ..`.rdata..............................@..@.data....!.......0..................@....rsrc........ ....... ..............@..@.reloc...0...0...@...0..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\SysWOW64\mfc70.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):974848
                                          Entropy (8bit):6.519142858203354
                                          Encrypted:false
                                          SSDEEP:12288:74Rw9zxgV8JNytFbltVZohqaxCrV7OLDlZOznVd5jHyObfZsKO4tLi1mZ7YSch7b:J99QFpbZohqaxoOVEzLbtLi1Qch/
                                          MD5:09AEF167EB1531E965053D0DCF6CC573
                                          SHA1:FBFEDFC12E260AC10FF19374F4BE265FA139539E
                                          SHA-256:A133F981269D550812AC443F8171013767EDF75FD5E8F45F28E10D87132DF5C7
                                          SHA-512:8FDC96179B8303C06D3AEC8F9F474D14B4504DEF5625230F1ED5A04120F358BC7C25877813CA4FC3E36624BF04CDBB26F42E2EBDF1FDD954AAC99DD9093F1FA7
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o......................:-......9-.......-...............*.......*.......*......*.......*.......*......*......Rich............................PE..L.....6<...........!.........P......y........p.....|.........................................................................Z.......0..X...........................p...8...............................................h...xF.......................text....u.......................... ..`.data..............................@....rsrc...X....0.......0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\SysWOW64\msvcp70.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):487424
                                          Entropy (8bit):6.408566375114996
                                          Encrypted:false
                                          SSDEEP:12288:9O8OfiHNj7YwhUgiW6QR7t543Ooc8PHkC2ez6nua:9EfiH+3Ooc8PHkC2ez6nL
                                          MD5:D04F7AACA2319A3BCDB2C5D5DD6F6026
                                          SHA1:2F0C431BE7DA7F359BB75B9BA319D6F3DEA08919
                                          SHA-256:9255C60B194CF849F3DB54587627E1B8FCE10C88875748642B58EE8E27E22536
                                          SHA-512:876E9BACFF0B37EDAD56D419B1EDCCFEC9B49A71156B9F035611C9D56A13A9AABD03C5620450F18355CAAA006AD491859C726862BCFB44B6CA59FEB32C63E711
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F...'s..'s..'s./.j..'s..'r..'s./.j..'s./.3..'s./.n..'s./.o..'s./.L..'s./.6..'s./.N..'s.Rich.'s.........................PE..L...!.6<...........!................)%.............|.........................p.......|.............................. ...'...d...<.... .......................0...0..H...8............................................................................text............................... ..`.rdata..............................@..@.data....!.......0..................@....rsrc........ ....... ..............@..@.reloc...0...0...@...0..............@..B................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\SysWOW64\msvcr70.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):344064
                                          Entropy (8bit):6.52555608733947
                                          Encrypted:false
                                          SSDEEP:6144:SJXaB17daPjFKMrwgWs0uh+PGdmkV2EfFMQiFbNrboYgxg0bCAO5Z09:yXaXJaPJKMrwgT0u0PGdmkV8O7rCLZy
                                          MD5:9972A6ED4F2388DBFA8E0A96F6F3FDF1
                                          SHA1:61B8F573DB448AE6351AE3475C2E7C482D81533C
                                          SHA-256:F68E4CDBC879423EA47D763A6768567F5F8063924F13A74239750C13FA8D168A
                                          SHA-512:D1B7513AE1176C9A933BADDCD1BF93FA089ECA605C8ABCFD628D3BEF2F194347CD96BB39D849EBC6D8DA350B292116CB2EFB8A001ACDB1B1CDE4EBDAD33FA33E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>x..z...z...z....:..y...z........=..o....=..7....=..v....=..{....=..{....=..{...Richz...................PE..L...t.6<...........!................$..............|.........................@......0...................................0D..d...(...............................x*......8...............................................h............................text....{.......................... ..`.rdata..............................@..@.data....f.......p..................@....rsrc...............................@..@.reloc..x*.......0..................@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\SysWOW64\msxml3a.dll (copy)

                                          Download File
                                          Process:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):24576
                                          Entropy (8bit):4.77119967188416
                                          Encrypted:false
                                          SSDEEP:384:7WpIWqSLH27qkIefKE33N4XBnK1QLt7Sq3RspdtierQ7+9xvbUxerpvovZmkun5V:6cSLHSxLyEtCYc3Rspdtz++992edoZH4
                                          MD5:5FEFD614BBD3FFA3712B172F70B1FDE2
                                          SHA1:0AAAC51DD0FEE84E4DCE999CDDFB61D8E5CC977D
                                          SHA-256:CE2F3131DDFA9B0DFCDDD2A4268E818A2631137FAADEEFA1CFADB5AFC7FEC381
                                          SHA-512:8CED9B86B6A90206433FE521AE92CED231699C9AED66356EF63EF52CAD8A4D149AAC23CF30521CF50CB5E64D800C7FFBF655E07FE6E82AF2E2BA2EC76A3917F1
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..9...9...9......9......9.Rich..9.........................PE..L...k.e;...........!.........\.....................x................................Y...................................................HY...................p.......................................................................................rsrc...HY.......Z..................@..@.reloc.......p.......^..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DF08C0150473A0F7E8.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):512
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                          Malicious:false
                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DF17782AE60CF57204.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):512
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                          Malicious:false
                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DF26B0120A5FCF5314.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Composite Document File V2 Document, Cannot read section info
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):1.6005512658091008
                                          Encrypted:false
                                          SSDEEP:48:L8PhduRc06WXJOjT5eFdinsOeSM9IdmeSBgdifdcgZ1N:yhd1ljTbjevVeqBZ
                                          MD5:E507058CBD23D360D25B751E03B9C261
                                          SHA1:9FF4A54A2930E0B1AA4651502ADECD5C42B3591B
                                          SHA-256:CF7FEED42012550E5EA179C6B67A1B7556F2DF3D3A56ACF3B3252CAC42DDC61E
                                          SHA-512:D228CAD937CE69E29E8C56A9A97F372FD03CBE028D0BF95C85E26D18A0C7CCC8318C3EA9E15D6DF9567DA69F93CF067AB912A3FC80600DC092DB6D56314934C2
                                          Malicious:false
                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DF344E013E8FB99412.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):73728
                                          Entropy (8bit):0.15112021287094374
                                          Encrypted:false
                                          SSDEEP:24:k331YdOZ11eZFbcipV7gdjZxd1ZFbcipVRYV3+bpGnY3S+dV1Y+QxdP1/1:i5Z11UeSBgdjfdLeSM97idfYVxd9N
                                          MD5:7AA4CF1269F3600DDE11E836B1E0B1FC
                                          SHA1:0767C1337A1ECAE1632D6D94F633D2466F2C754F
                                          SHA-256:9B80FEE4D774130BEF11EB85A74EEFFC2B709A67C57CDF10E44E4429A8199C75
                                          SHA-512:ACDBF8BA6B801063FA2D7AD623B37C625F2632B5D795DFFFF43DC7FF4AC8085ED43C97CB45B204AED6F362D493C9A41896E746C46B86F951E0956392DD7E5A44
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DF4E9AC6ED2DCC0954.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.09807082645799595
                                          Encrypted:false
                                          SSDEEP:6:xPLG7iVCnLG7iVrKOzPLHKORIxMnKlYVky6lElw:50i8n0itFzDHFyxMnK5Elw
                                          MD5:CDB2778B94C379A1BF0A6B81443547B3
                                          SHA1:3AD3ED06A99C16A6FCA72BBC119DCC124B46601D
                                          SHA-256:57267134770BB01140BC7871BA2B74C98AFD4471E9A94AA4EED9933B48CBD4FC
                                          SHA-512:D50E4D64A0BF7BA03966EEB65B6160DB874BC40C312943DB66DB4AB5302FD15CF5FAE97F4FFE24BB59C6A32E5E611184A0E5D0A702B9698C482891E9045BC8C5
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DF5F0A1AFCA176C319.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Composite Document File V2 Document, Cannot read section info
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):1.2829755165991372
                                          Encrypted:false
                                          SSDEEP:48:RIolueI+CFXJhT5R/d9HVkXeSM97idReSBgdjfdcgZ1N:3l2JTfV6evgeqgZ
                                          MD5:5984FCC56CA26A233E5618E8E84B2998
                                          SHA1:2AA9167B31E858D82D41F4779D41826C19306F30
                                          SHA-256:B1643A3705738C258BB729E79BED73875176135A6FBFC50823E1EDB6205CEB11
                                          SHA-512:618CA5E3CA5A3EFDBC7952361DF46DB87B03AF1AF831BF5B6DB0AF2B5438745C73CB44A2C29128D21612C2B162E7628D090D152E49658E525D0C9AA941BFF2FB
                                          Malicious:false
                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DF7FC71C00031AF6F8.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):512
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                          Malicious:false
                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DF9C9C0703B72903C8.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):512
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                          Malicious:false
                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DFA469CA08961A0FF9.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Composite Document File V2 Document, Cannot read section info
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):1.6068761967487744
                                          Encrypted:false
                                          SSDEEP:48:X8PhduRc06WXJGjT5e/d9HVkXeSM97idReSBgdjfdcgZ1N:Whd1djTIV6evgeqgZ
                                          MD5:CE744118224E687CD7625329A8D512A3
                                          SHA1:9DFF361207BC8FA28D9E41679641D2061E3441CE
                                          SHA-256:347B939297B3A1720CD2A0F3D46F6B30676144BB06C9A7B89AD0ACFFC4983AAB
                                          SHA-512:97C02AD60DE404C9779030059D51C44BF37BC6489926F667B176838F7300966E9A9ED7EB744847390F0C036C7FFF4458D2A096EB42918305B71D73180321E6CF
                                          Malicious:false
                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DFABDF15E62FCC87E2.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.09807082645799595
                                          Encrypted:false
                                          SSDEEP:6:xPLG7iVCnLG7iVrKOzPLHKORIxMnKlYVky6lElw:50i8n0itFzDHFyxMnK5Elw
                                          MD5:CDB2778B94C379A1BF0A6B81443547B3
                                          SHA1:3AD3ED06A99C16A6FCA72BBC119DCC124B46601D
                                          SHA-256:57267134770BB01140BC7871BA2B74C98AFD4471E9A94AA4EED9933B48CBD4FC
                                          SHA-512:D50E4D64A0BF7BA03966EEB65B6160DB874BC40C312943DB66DB4AB5302FD15CF5FAE97F4FFE24BB59C6A32E5E611184A0E5D0A702B9698C482891E9045BC8C5
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DFB30F68B3D6A6B40E.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Composite Document File V2 Document, Cannot read section info
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):1.2785254038539322
                                          Encrypted:false
                                          SSDEEP:48:LoluuI+CFXJpT5RFdinsOeSM9IdmeSBgdifdcgZ1N:sl2BTMjevVeqBZ
                                          MD5:B4F5718A04CE6561FC4861D8988B61F7
                                          SHA1:095D1D91C1147E4C4494679A8A382C4DBA892C8E
                                          SHA-256:C8A9098578646E4A9342EC9F88A1650AB14C39EB624DC7ECEE624A2FD735838A
                                          SHA-512:CC3AA6EECF2470ACA943A3E935120BCF53CE86A1A066235521CC097C319E515D687B2080FFF07988B4E2CD2733CCA7C3D5530E984ED22CCFF8D728501EF96561
                                          Malicious:false
                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DFBD59B45214D6580C.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):73728
                                          Entropy (8bit):0.1488394059252759
                                          Encrypted:false
                                          SSDEEP:24:k331YdOZ11eZFbcipV7gdcRZxd1ZFbcipVRYV3+bpGG3S+dcW1Y+fedcF1d1:i5Z11UeSBgdifdLeSM9Id5YZdin
                                          MD5:47664D2E4EAC92D98A059D7C82638C2A
                                          SHA1:B416A3721E80569B0743D0464BAFD71CE7CE3E49
                                          SHA-256:61B822CF59D635B5ADE6AAB8AE35555F9E1BCE0B2F53C61D6B3516F09E28189B
                                          SHA-512:C731CF4DFDA6531D05132A95C689E408760C9C98E454425D592BBB9140F0A8F372B7EED3C646D7BD606F7610097D90B6F4DD98C1454AF1BCA695034914B52F2D
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DFC16F9C9F2D2E821A.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):512
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                          Malicious:false
                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DFC70888B7D4E9EDE3.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):512
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                          Malicious:false
                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DFCACF9247A835DF92.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Composite Document File V2 Document, Cannot read section info
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):1.2785254038539322
                                          Encrypted:false
                                          SSDEEP:48:LoluuI+CFXJpT5RFdinsOeSM9IdmeSBgdifdcgZ1N:sl2BTMjevVeqBZ
                                          MD5:B4F5718A04CE6561FC4861D8988B61F7
                                          SHA1:095D1D91C1147E4C4494679A8A382C4DBA892C8E
                                          SHA-256:C8A9098578646E4A9342EC9F88A1650AB14C39EB624DC7ECEE624A2FD735838A
                                          SHA-512:CC3AA6EECF2470ACA943A3E935120BCF53CE86A1A066235521CC097C319E515D687B2080FFF07988B4E2CD2733CCA7C3D5530E984ED22CCFF8D728501EF96561
                                          Malicious:false
                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\Temp\~DFD8B3EA9733154381.TMP

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:Composite Document File V2 Document, Cannot read section info
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):1.2829755165991372
                                          Encrypted:false
                                          SSDEEP:48:RIolueI+CFXJhT5R/d9HVkXeSM97idReSBgdjfdcgZ1N:3l2JTfV6evgeqgZ
                                          MD5:5984FCC56CA26A233E5618E8E84B2998
                                          SHA1:2AA9167B31E858D82D41F4779D41826C19306F30
                                          SHA-256:B1643A3705738C258BB729E79BED73875176135A6FBFC50823E1EDB6205CEB11
                                          SHA-512:618CA5E3CA5A3EFDBC7952361DF46DB87B03AF1AF831BF5B6DB0AF2B5438745C73CB44A2C29128D21612C2B162E7628D090D152E49658E525D0C9AA941BFF2FB
                                          Malicious:false
                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113943717.0\ATL80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):96256
                                          Entropy (8bit):6.55872219718069
                                          Encrypted:false
                                          SSDEEP:1536:RCYlLTNQQ/Nucs4hRKF+HnLoRsV1TlWh8XhylIjwaCi6imXmwxCU4tkm:R7LTNzNup4hAQHnLP+VXmwxCtk
                                          MD5:3C7DEF3CBBCA6284867AA4621D5D8A54
                                          SHA1:4BD9852F1F063B9FD1E1829B756D381E14609FA7
                                          SHA-256:DB18738202DCDA842DCE505ECD0B858D7B4C55886CAC29827305F0DC3839143A
                                          SHA-512:1F9E89114A579BBB0C175D5FB587D58A923A0F556361B2F6C5AE3FFEB139539733E46EDB3DF1627FA630D5BC80CDF5FF311CA75754CA306345569CD48F51F2C4
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..xft.+ft.+ft.+.{.+dt.+A..+mt.+.{.+et.+ft.+.t.+A..+}t.+A..+mt.+A..+gt.+A..+gt.+A..+gt.+Richft.+................PE..L...V#qE...........!..............................c|................................Xe....@..........................G......<A..(....`..H#..........................`...............................84..@...............(....5.......................text............................... ..`.rdata...N.......P..................@..@.data........P.......:..............@....rsrc...H#...`...$...>..............@..@.reloc...............b..............@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113943717.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8335
                                          Entropy (8bit):7.405163302183138
                                          Encrypted:false
                                          SSDEEP:192:920vxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTb29H8U:nJLCcUJvMYb6uT+qugeajCG1
                                          MD5:D81E69280E14E0A97644AE0044DB662E
                                          SHA1:C97DBE8DEB8E1762313C3E6613A6640F070DF4B1
                                          SHA-256:A951D53950C367ACC37622F0DD619A954DF5DE2C4EC40296E6636605AA33714A
                                          SHA-512:DCD8229EFD496735AAB49F6595AD545F082B0364E984346F76A6503425C84E82AF2D30684DFD302EF0C70FB65BC6B8E3731953728CF38637F7FE76580B82D490
                                          Malicious:false
                                          Preview:0. ...*.H........ |0. x...1.0...+......0..u..+.....7.....f0..b0...+.....7.....8..z*.\A..;.w.]..061202065600Z0...+.....7.....0...0....R0.5.2.F.1.8.9.7.A.2.9.9.F.B.3.C.3.3.C.F.A.8.E.B.3.E.3.7.C.8.D.5.6.5.4.F.3.1.7.9...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........./.....<3..>7..eO1y0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....M.i.c.r.o.s.o.f.t...V.C.8.0...A.T.L...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........./.....<3..>7..eO1y0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H........

                                          C:\Windows\WinSxS\InstallTemp\20240524113943717.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifest

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):465
                                          Entropy (8bit):5.355751983126569
                                          Encrypted:false
                                          SSDEEP:12:TMHdt7IBeBFJ3/3XO53SNK+yGuR/6gVuNnyEGBJfPeG:2dtMEDJ/eiNK+yr56g4NnYBJl
                                          MD5:42D8BBE898B35473852D83F53EF6759D
                                          SHA1:052F1897A299FB3C33CFA8EB3E37C8D5654F3179
                                          SHA-256:5908E59BF26941730A1F3AB117A7D699984D39CD690FCA74DBE20030745E8ACB
                                          SHA-512:3D871592D0FF3368306DF9372CB46754A818C5B0B3C1493AA9189030245CC44F4CE7F55C626C8B00704C1908FF84AE3EA82FA63B8EBEAEDAC1FAB6D758ED68B4
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable/>.. <assemblyIdentity type="win32" name="Microsoft.VC80.ATL" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <file name="ATL80.dll" hash="6a91b897f1be0d40f032a8773630c4627cd18bf7" hashalg="SHA1"/>..</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcm80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):479232
                                          Entropy (8bit):6.031745108754355
                                          Encrypted:false
                                          SSDEEP:6144:9Rj8Tfo4zrcq2FXOth6wsjb2fPzatjLhQeRW86ODl1KWOjPQeH:9So4zATQsjyWRhQ+W83D/6QO
                                          MD5:CAE6861B19A2A7E5D42FEFC4DFDF5CCF
                                          SHA1:609B81FBD3ACDA8C56E2663EDA80BFAFC9480991
                                          SHA-256:C4C8C2D251B90D77D1AC75CBD39C3F0B18FC170D5A95D1C13A0266F7260B479D
                                          SHA-512:C01D27F5A295B684C44105FCB62FB5F540A69D70A653AC9D14F2E5EF01295EF1DF136AE936273101739EB32EFF35185098A15F11D6C3293BBDCD9FCB98CB00A9
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-./.ihA.ihA.ihA..g..mhA.ih@..hA.N.:.lhA...?.hhA.N.<.hhA.N.,.fhA.N./..hA.N.;.hhA.N.=.hhA.N.9.hhA.RichihA.........................PE..L...."qE...........!.........@.......T............L|................................2.....@.............................c ..D...d.....................................................................@..............................H............text....x.......................... ..`.rdata..S[.......`..................@..@.data............ ..................@....rsrc...............................@..@.reloc..P$.......0... ..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcp80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):548864
                                          Entropy (8bit):6.402420828464982
                                          Encrypted:false
                                          SSDEEP:12288:Q1HyurvZ0JPjuTtSu86th1n/hUgiW6QR7t5j3Ooc8NHkC2eo:Q1HyurvZ0liTwuhtjnj3Ooc8NHkC2eo
                                          MD5:4C8A880EABC0B4D462CC4B2472116EA1
                                          SHA1:D0A27F553C0FE0E507C7DF079485B601D5B592E6
                                          SHA-256:2026F3C4F830DFF6883B88E2647272A52A132F25EB42C0D423E36B3F65A94D08
                                          SHA-512:6A6CCE8C232F46DAB9B02D29BE5E0675CC1E968E9C2D64D0ABC008D20C0A7BAEB103A5B1D9B348FA1C4B3AF9797DBCB6E168B14B545FB15C2CCD926C3098C31C
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y..fv..y..y..#y.....y..2...y.....y.....y......y.....y.....y.....y..Rich.y..........PE..L...."qE...........!.....@... ...............P....B|.........................p......u.....@.............................L...T...<............................ ..L2...S..............................Pe..@............P.. ............................text....;.......@.................. ..`.rdata......P.......P..............@..@.data...l&....... ..................@....rsrc...............................@..@.reloc..NA... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113943764.0\msvcr80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):626688
                                          Entropy (8bit):6.8397070634061174
                                          Encrypted:false
                                          SSDEEP:12288:6Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeC:6Ui2C1JdoiEdmGyYu
                                          MD5:E4FECE18310E23B1D8FEE993E35E7A6F
                                          SHA1:9FD3A7F0522D36C2BF0E64FC510C6EEA3603B564
                                          SHA-256:02BDDE38E4C6BD795A092D496B8D6060CDBE71E22EF4D7A204E3050C1BE44FA9
                                          SHA-512:2FB5F8D63A39BA5E93505DF3A643D14E286FE34B11984CBED4B88E8A07517C03EFB3A7BF9D61CF1EC73B0A20D83F9E6068E61950A61D649B8D36082BB034DDFC
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L...8"qE...........!.....0...p......+#.......@.....x......................................@..........................q...~..Pc..<....`.......................p..H3...B...............................F..@............@...............................text...*'.......0.................. ..`.rdata......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113943764.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8335
                                          Entropy (8bit):7.405582810794059
                                          Encrypted:false
                                          SSDEEP:192:80XxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTb2LQ82:PBLCcUJvMYb6uT+qugeajCQ2
                                          MD5:790ADAF5E825415E35AD65990E071AE0
                                          SHA1:E23D182AB1EDFEF5FD3793313D90935FC034ABC8
                                          SHA-256:88B03FE13D2710AD787D5D96CD0E5CBEDA3A61C2A0A2BDC0C0984A48365242E2
                                          SHA-512:050BBAD3122CD0627ECACAF3FB24EBF1E1845F209C33ED6607B282D9DCD4F5D99E345DF3A99E4344AF2ABA6E7923C8483E8D5A8D709BF97F3CB37926D975FDAD
                                          Malicious:false
                                          Preview:0. ...*.H........ |0. x...1.0...+......0..u..+.....7.....f0..b0...+.....7..........MfN....O.....061202142259Z0...+.....7.....0...0....R2.E.1.2.C.6.D.F.7.3.5.2.C.3.E.D.3.C.6.1.A.4.5.B.A.F.6.8.E.A.C.E.1.C.C.9.5.4.6.E...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............sR..<a.[.h....Tn0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....M.i.c.r.o.s.o.f.t...V.C.8.0...C.R.T...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............sR..<a.[.h....Tn0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H........

                                          C:\Windows\WinSxS\InstallTemp\20240524113943764.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1869
                                          Entropy (8bit):5.395078491534145
                                          Encrypted:false
                                          SSDEEP:48:3SlK+hk6g4u09kkK23zWO09kkKFzv09kkKldSzY:Clth9uXkd3COXkgTXkX8
                                          MD5:541423A06EFDCD4E4554C719061F82CF
                                          SHA1:2E12C6DF7352C3ED3C61A45BAF68EACE1CC9546E
                                          SHA-256:17AD1A64BA1C382ABF89341B40950F9B31F95015C6B0D3E25925BFEBC1B53EB5
                                          SHA-512:11CF735DCDDBA72BABB9DE8F59E0C180A9FEC8268CBFCA09D17D8535F1B92C17BF32ACDA86499E420CBE7763A96D6067FEB67FA1ED745067AB326FD5B84188C6
                                          Malicious:false
                                          Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable></noInheritable>.. <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>.. <file name="msvcr80.dll" hash="10f4cb2831f1e9288a73387a8734a8b604e5beaa" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>n9On8FItNsK/DmT8UQxu6jYDtWQ=</dsig:DigestValue></asmv2:hash></file>.. <file name="msvcp80.dll" hash="b2082dfd3009365c5b287448dcb3b4e2158a6d26" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xml

                                          C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfc80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):1101824
                                          Entropy (8bit):6.52190273109876
                                          Encrypted:false
                                          SSDEEP:24576:Tp2G61fY62if0Vra3QSNhJK6hIAloY3XjrN/:TcGifY6tOaASNhJK6hPaG/R
                                          MD5:1B7524806D0270B81360C63A2FA047CB
                                          SHA1:D688D77F0CAA897E6EC2ED2C789E77B48304701F
                                          SHA-256:CEEF5AA7F9E6504BCE15B72B29DBEE6430370BAA6A52F82CF4F2857568D11709
                                          SHA-512:B34539FBDA2A2162EFA2F6BB5A513D1BB002073FA63B3FF85AA3ADE84A6B275E396893DF5AB3A0A215CADE1F068E2A0A1BBD8895595E31D5A0708B65ACEC8C73
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'3..'..'n..'..'3..'..'3..'...'..'...'.r.'..'gp.'..'.r.'...'.r.'..'.r.'...'.r.'/..'.r.'..'.r.'..'.r.'..'Rich..'................PE..L....3qE...........!.....p...p......yT.............x................................P@....@..............................e......x...................................0...................................@...............@............................text....o.......p.................. ..`.data...xi.......P..................@....rsrc...............................@..@.reloc..f8.......@..................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfc80u.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):1093120
                                          Entropy (8bit):6.517624141841358
                                          Encrypted:false
                                          SSDEEP:12288:o5lk6KUYmYRP6vAt9+J51r64f22JhPeEiz8F+p/xoOTa+S9XqNNw2ohW3:UyUaP64t9+JfrRJiz8F+p/N2/cmW
                                          MD5:CCC2E312486AE6B80970211DA472268B
                                          SHA1:025B52FF11627760F7006510E9A521B554230FEE
                                          SHA-256:18BE5D3C656236B7E3CD6D619D62496FE3E7F66BF2859E460F8AC3D1A6BDAA9A
                                          SHA-512:D6892ABB1A85B9CF0FC6ABE1C3ACA6C46FC47541DFFC2B75F311E8D2C9C1D367F265599456BD77BE0E2B6D20C6C22FF5F0C46E7D9BA22C847AD1CBEDC8CA3EFF
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................R..............R.......R...............l......n......l......l......l......l.L....l......l......l.....Rich............PE..L...84qE...........!.....p...\.......U.............x......................................@.........................@....e..4...x.......................................................................@...............4...<........................text...'n.......p.................. ..`.data....k.......J...t..............@....rsrc...............................@..@.reloc..R7.......8...v..............@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfcm80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):69632
                                          Entropy (8bit):5.417242053474202
                                          Encrypted:false
                                          SSDEEP:768:j8a7gcNrNDnQrZ6dOyOi9aBlrkY+qkJlyQA10y0ECL8IRO03VmOAPqixji4GY:j8CbQraAk3qkSqhRrODOACixji4T
                                          MD5:C84E4ECE0D210489738B2F0ADB2723E8
                                          SHA1:63C1FA652F7F5BD1FCCBE3618163B119A79A391C
                                          SHA-256:ED1DCDD98DAC80716B2246D7760F0608C59E566424AC1A562090A3342C22B0A7
                                          SHA-512:3EE1DA854E7D615FA4072140E823A3451DF5D8BEBF8064CC9A399DEC1FB35588F2A17C0620389441CA9EDD1944C9649002FE4E897C743FE8069B79A5AA079FE2
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z#Z..M...M...M.......M.......M...L.v.M...6...M.O.3...M... ...M...0...M...#...M...7...M...1...M...5...M.Rich..M.................PE..L....4qE...........!.........@....................U|......................... ............@.............................................................................................................@...............<...............H............text............................... ..`.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944171.0\mfcm80u.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):57856
                                          Entropy (8bit):6.049264994442299
                                          Encrypted:false
                                          SSDEEP:768:nxSa8B2TJIS8uM07yOi9aBlv0J4Wrk7lyQQz4tzIdcRVS0aWNclFnzmOA7q3PWM:ga88R8n40eWrkMst0qS2KlFaOAm3PW
                                          MD5:DDAD68E160C58D22B49FF039BB9B6751
                                          SHA1:C6C3B3AF37F202025EE3B9CC477611C6C5FB47C2
                                          SHA-256:F3A65BFC7FCE2D93FDF57CF88F083F690BC84B9A7706699D4098D18F79F87AAA
                                          SHA-512:47665672627E34AD9EA3FD21814697D083EEEAFC873407E07B9697C8AB3C18743D9FCB76E0A08A57652EA5FB4396D891E82C7FDE2146FC8B636D202E68843CF4
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_...>._.>._.>._.1._.>._.1._.>._.>._A>._..._.>._E.._.>._..._.>._..._.>._..._.>._..._.>._..._.>._..._.>._Rich.>._........................PE..L....4qE...........!.........,....................e|......................... ......~.....@.........................`...................................................................................@...............,...............H............text...!........................... ..`.data...h...........................@....rsrc...............................@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944171.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8335
                                          Entropy (8bit):7.40317276365929
                                          Encrypted:false
                                          SSDEEP:192:O09xL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTb28uOJjC:VPLCcUJvMYb6uT+qugeajCdbJjC
                                          MD5:7E5E3FE0342A776B1974BA1158B8E458
                                          SHA1:7E2E14E2A0658441828DE084116AFDEC5CC63697
                                          SHA-256:2D3CB7907B1336EA5889A2B731D5E97AD40903A4EFD2287C1C117BC30F208F46
                                          SHA-512:9F0F1F1E6439F101B04888BE54A3711C8439D569B0DC962F29AC26C3637FE9A882C9B0D52D50E83B7562A302673F2D22428A56E6AAF60AD30FC873FFA256EFD2
                                          Malicious:false
                                          Preview:0. ...*.H........ |0. x...1.0...+......0..u..+.....7.....f0..b0...+.....7........>.B4M.EA..r....061202142259Z0...+.....7.....0...0....R2.5.9.3.A.D.7.2.1.D.7.B.E.3.8.2.1.F.D.0.B.4.0.6.1.1.A.4.6.7.D.B.9.7.B.E.8.5.4.7...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........%..r.{......g...G0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....M.i.c.r.o.s.o.f.t...V.C.8.0...M.F.C...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........%..r.{......g...G0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H........

                                          C:\Windows\WinSxS\InstallTemp\20240524113944171.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.manifest

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2371
                                          Entropy (8bit):5.376374702643811
                                          Encrypted:false
                                          SSDEEP:48:3SlK+x6g4m09kkKZzY09kkKSzdz09kkKWz+09kkK5e/zY:CltImXkEMXkvdXkHCXk648
                                          MD5:97B859F11538BBE20F17DFB9C0979A1C
                                          SHA1:2593AD721D7BE3821FD0B40611A467DB97BE8547
                                          SHA-256:4ED3BA814DE7FD08B4E4C6143D144E603536C343602E1071803B86E58391BE36
                                          SHA-512:905C7879DF47559AD271DC052EF8AE38555EAC49E8AC516BC011624BF9A622EB10EE5C6A06FBD3E5C0FA956A0D38F03F6808C1C58EE57813818FE8B8319A3541
                                          Malicious:false
                                          Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable></noInheritable>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>.. <file name="mfc80.dll" hash="8f53f3ce664dfb39cadf8ecb34dd49cbd8348227" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>1ojXfwyqiX5uwu0seJ53tIMEcB8=</dsig:DigestValue></asmv2:hash></file>.. <file name="mfc80u.dll" hash="db3a3bfed210d41af3579d948cace75cb74eee0a" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:

                                          C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80CHS.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):3.7202246676917885
                                          Encrypted:false
                                          SSDEEP:384:PODNemsol/tAGqyVUIrvxW24WRqJwxV0fwItnFiHyt6S26r81Jd5AJd:POZXsKAGDTrvfTx4wItnFfL26r81nE
                                          MD5:AFA7E91C8C9566E03FB1620F95230B93
                                          SHA1:75057A0E936032EC9CBC77559241720F58BFAB84
                                          SHA-256:4EAF1750A573BAB5C853E7714EFCC84FF2FCF992AD935FD01AF9E2A5BD01A93A
                                          SHA-512:B9C34166555F42D4A4E754131FD2868B4FC2965AC8519A6EEED8A32F6C67E1E6E5B4DAA93175967F5F687D8333CA53C4D183A2177191A81BC01E89B7CBDC9BB3
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6].................................@....@..............................................~...........................................................................................................rsrc....~..........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80CHT.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):45056
                                          Entropy (8bit):3.527823884757394
                                          Encrypted:false
                                          SSDEEP:384:PvDNumStwO/tAGqyVB+dvEQW23WRcMUn5xm9za2JokMw6TERPB1ECA:PvZHSGMAGDadv6On5x4pqwPPB1EC
                                          MD5:2DCA32742F80BB37E159B651F8EEF44B
                                          SHA1:DCD0265FBE8EFD63C235ED4611AECC4B935C057C
                                          SHA-256:A7EAF2B5DF991654500FFED95D3950A46DD0FE05CDDCCCD77490F125E22B80D6
                                          SHA-512:40E1533F6989955F537D556AB28FF0BE44658309EEF5D40093BF3FCEC39AD85EA14BB2B880FF5C067CCFC257A35361C25AAC087E0463BAFE39FB265B8A0825EE
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6]................................Mp....@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80DEU.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):65536
                                          Entropy (8bit):3.09089382778059
                                          Encrypted:false
                                          SSDEEP:1536:v1AGDh+vfxzesi870vYtNerHI4Lhp0vcsjsr:v1AGDhuxzesi870hLhp0vcsjsr
                                          MD5:1E6719EBEB1D368E09899A9D0DDFAD70
                                          SHA1:FC510A6DBE0D9180F203AF651E186979B628675F
                                          SHA-256:734EB909C54A0A1C53AA5177727660B1C64F3D261B222FEAEC76FC5853300661
                                          SHA-512:C5753B79D97204C130A2C0A46D7717E74C140D207A446918DF113A6C460F538AFE0A48AF52360D8A501104283311667CE8DD23B4D3E65B7EE99939A791C25AD6
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...^4qE...........!..............................6]................................?.....@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ENU.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):57344
                                          Entropy (8bit):3.050363341730474
                                          Encrypted:false
                                          SSDEEP:384:PODNXnSkNsq/tAGqyV5KOvxW2+WR1BrxiFc+hV9RLNq/HRK/+nnWT59Dl:POZX3s4AGDCOvJ1B4V9RLNqfRKGnWHB
                                          MD5:9090454E6772F7CFBCE240BF4DC5F7E8
                                          SHA1:3AFD27AF1FBB5D2EFDE463869A1E6465AFFBCDD8
                                          SHA-256:A532044DFD1FA6463516125EA74C250762DE4DACBE613F8AD2FF72D50C0B9585
                                          SHA-512:4691138B2E32447A6300A17967C1221153B5B514EE0EDCD25A135DCE2A6EEFEA9CC7F3FC516A9B3482FEB62DC190A7F4192BCF15D9793832F828078557E24CDF
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6].................................g....@.............................................(............................................................................................................rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ESP.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):61440
                                          Entropy (8bit):3.0964773972990574
                                          Encrypted:false
                                          SSDEEP:768:PsZTQAGDf3vr0or0GBFCDCLhedUPYVbS/:AQAGDPvr0or0GBFMkhedUkS
                                          MD5:D47599748B3ECF645C47CAA0BC24A7CD
                                          SHA1:2F47846B9308FE4B444363F0863F394A1B13C938
                                          SHA-256:10FD5EEBE39ACD996309DA073B247B365CBC0F48F43DA3062463EA9F712319CA
                                          SHA-512:30B0F056123657EACA8F97138E1CA5C2981575420938EE7ED645E4D62F2A159C011EFF08C2EE20AC68504BD59D890DBC030718A9BA185871B07DEE9851CF2608
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6]......................................@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80FRA.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):61440
                                          Entropy (8bit):3.1658595093754625
                                          Encrypted:false
                                          SSDEEP:768:xZweyAGDSRvjZrkh2A6NTi7e3RAaTaPCeyGdZmBSg3T1SyyyyyyyyyyyyyyyafyL:7yAGD+vjZbA2SCeB0Ug4
                                          MD5:EEC2F9E4D790BCCDBC542715AB613579
                                          SHA1:8993E9F0CC4657E40866EFBA0CAB7E077060CEA8
                                          SHA-256:E283B055A0B9F522FF415B78F100542255AA07CB17C1EEB3885E75326D9DBC66
                                          SHA-512:89C083C820798872F3FEECFFCCC1A5CCEF9A367C8AF2170EC06B04A64A234DD03CDFE250B31B5969F87CAA8E7EA8393FBCBBCBF16D83C35105814501B6BE08E8
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...^4qE...........!..............................6].................................E....@.............................................(............................................................................................................rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80ITA.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):61440
                                          Entropy (8bit):3.1028777863172503
                                          Encrypted:false
                                          SSDEEP:768:OZ0odoAGDI6vuoG57PxtINJ8Il8QcPOCeFO/:5o+AGDHvuoc7PxtINJ8gIPp
                                          MD5:CB23B162AC655F24C6711A5F5DF348C6
                                          SHA1:E4E0E803B9297B0937824C53F227598998229463
                                          SHA-256:6498EE1449B61B40E2DAB46F0B3DFA15F17590D7AA87919580748EC9D4BC2C55
                                          SHA-512:460D235818CD83D9020A13F47B24AADC777E4BDC81A6387D8BB59DAF37EAF930C70ACE5E238FE2FA34491A03B3972F11A4BDB8D30FF98801ACFF82630B6D24A2
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...^4qE...........!..............................6].....................................@.............................................(............................................................................................................rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80JPN.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):3.7900346517730297
                                          Encrypted:false
                                          SSDEEP:384:VDNCysmq/tAGqyVVp7vhedW20WR2JkQbXDr10Jh8I2Bb4:VZXsPAGDN7vQv2Jkkr10IIc4
                                          MD5:012031B19F0A9F6431997C79E1893822
                                          SHA1:2265C92B3ED9EC169E2C362E448B0E3F449528A3
                                          SHA-256:ED296B3DD004C8845A7015A3A5EF3A92331E30535204A02995323681CBD342AB
                                          SHA-512:B4CCA371481B349546AD09C40461258A99E5AD6CF7B66FE040A37F90071C420CC41E74F495141A490B4848B66DA876AD8B91AC7C14A328CF5C4CCAADFD3E226E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...^4qE...........!..............................6]......................................@.............................................8............................................................................................................rsrc...8...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944405.0\mfc80KOR.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):3.724944556618916
                                          Encrypted:false
                                          SSDEEP:384:PUDNSnxGr/tAGqyV0/NvbW2OWRFKu/KV0YfmtT2XYm66tHggFK417RTNbU/Ltl3h:PUZSE5AGD0NvrDriHqN
                                          MD5:FEC4610F1174136B1D3DB2AE37924CE8
                                          SHA1:BA94E77BB29B9B74EA8E2A8FD005DC3083166F3C
                                          SHA-256:A6D0B3D20E67C26F7C247F2EEB8DBA723B396B118A1B9EAA4568C474826EA740
                                          SHA-512:9144A0243E41EC17628A740913A745261346EFA2DFF3F61D48CCF186F30A1527F6A4F5CB3F7F7727D7BFD4103E9FC90CAE1E0CEFBC1D8D042218D9D2EA869A36
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6]................................b.....@.........................................................................................................................................................rsrc..............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113944405.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8348
                                          Entropy (8bit):7.393940545952515
                                          Encrypted:false
                                          SSDEEP:192:BBGwxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbmI0TYk:KcLCcUJvMYb6uT+qugeajCfEYk
                                          MD5:DFE03B4FF0EF67F7A08A7D88B3E4BDE3
                                          SHA1:BF907A1B27DB3BF3C10DA685D9CB4CBFF9155E6B
                                          SHA-256:26340819D2EF86080D9001C6F2737D70FD6602DDF4B86B6C26B326EF81CC3342
                                          SHA-512:3D1F6773A476B2F84F53A288F1A1EF0FC44A58F8A9C25F9773871CB4F4F9CB81CBE6C242665D1CBA8BA327C441FC5B13F254E1657258A841102CC571185D70BD
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..|..+.....7.....m0..i0...+.....7......7qN.NqJ...E..8..061202082602Z0...+.....7.....0..&0....R8.3.0.D.6.4.5.9.3.5.0.D.D.1.A.B.3.B.1.F.0.7.0.1.3.5.4.2.5.A.9.3.3.9.5.7.8.2.B.1...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........dY5..;...5BZ.9W..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....4M.i.c.r.o.s.o.f.t...V.C.8.0...M.F.C.L.O.C...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........dY5..;...5BZ.9W..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H.

                                          C:\Windows\WinSxS\InstallTemp\20240524113944405.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.manifest

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1239
                                          Entropy (8bit):5.33259165949927
                                          Encrypted:false
                                          SSDEEP:24:2dtMEDJ/eiNK+EI56g4NnZCO/3QQvhONoajUCvBTmAmWG1YoSoFJF:ciEDJdK+v6g4H3strJnmW27
                                          MD5:56613508687D065362302FF388CD5E82
                                          SHA1:830D6459350DD1AB3B1F070135425A93395782B1
                                          SHA-256:2F79707C5EA8937E8887B642CFA4CE682C52816C20207C1588FD5A1E39E88C1C
                                          SHA-512:66C650CDCF5D15D313B7B0F3AFDAB717F075BC0AC560B75CF2EA5375C62EFEBE01A890204A3E74835B65B60113120815C7DD564F78564029D1F5170D63990814
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable/>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFCLOC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <file name="mfc80CHS.dll" hash="0ed99f840cfe11946fd5aa2002eff17451d441eb" hashalg="SHA1"/>.. <file name="mfc80CHT.dll" hash="3eb85cc7e931f885f2b91aa285432b740edaa6b1" hashalg="SHA1"/>.. <file name="mfc80DEU.dll" hash="5489f4037e83e03786e4c7842cc7599beafac96e" hashalg="SHA1"/>.. <file name="mfc80ENU.dll" hash="ed96ef26e683b48b4f04eefc75d873f863c993cf" hashalg="SHA1"/>.. <file name="mfc80ESP.dll" hash="b3d647f39f26b07f6014b40a9f511cfd4614bdf8" hashalg="SHA1"/>.. <file name="mfc80FRA.dll" hash="89d11dd75a1a74547cf94e0b66d742eb7fe909b2" hashalg="SHA1"/>.. <file name="mfc80ITA.dll" hash="e07b9360a90e74e4ab1bf4f3f9

                                          C:\Windows\WinSxS\InstallTemp\20240524113946952.0\vcomp.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):65536
                                          Entropy (8bit):5.513945595457493
                                          Encrypted:false
                                          SSDEEP:768:G1bALwFH76GlCWWwkNTjHnHJOR+SVk/6SHL2jmPGh0y/aR:lLUHzlCzwudORjirHLSnZ/aR
                                          MD5:72F11C118E514544F1D2981C7396E4F7
                                          SHA1:3AE68E8D5038620D5A04F5893C8C9FF8EDD2CF42
                                          SHA-256:2EA4098722586932ACF9B180374B019ED6D6469825392373E45B3DB459B5EAEF
                                          SHA-512:91CB2EA7DB5958141D4C47F4DDB66D24383FFE6B74A12DE753CA93764AF6C1C41D6A9572777818D6F3CE226AA06E0F168CD28551006B59A89FE1235ABD31F8CD
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........=...n...n...n.W.n...n.W.n.n6..n.n...n...n.W.n...n.W.n...n.W.n...n.W.n...nRich...n........................PE..L...p=qE...........!.........P.......g.............r......................................@.........................@..........<...................................0..................................@............................................text............................... ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524113946952.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8348
                                          Entropy (8bit):7.40019876068938
                                          Encrypted:false
                                          SSDEEP:192:BF4GKxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbm0SbeA:njOLCcUJvMYb6uT+qugeajCptA
                                          MD5:259F7EAC836FC1FE0871C47276F4D779
                                          SHA1:42B1E4138EDCFC60622167EE60A1AF5CA00A813A
                                          SHA-256:A2492FA83366394B7C17FA6C9650CE5688B887D0AD0AD79743A3422DEBF4D997
                                          SHA-512:053892D867C3BC4C10E34811DA34337055035F599C09566DBF678DFAD97F4FAC7B8459FDB603C4A69E5848A455F319C3A6212E016638F493EFE1DDC3EBF02E1F
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..|..+.....7.....m0..i0...+.....7.....VV...A.G........061202084644Z0...+.....7.....0..&0....R5.9.6.0.1.8.9.8.2.7.6.F.F.7.6.B.4.0.C.9.7.D.4.9.3.D.4.B.9.C.A.2.D.E.6.F.C.C.A.C...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........Y`..'o.k@.}I=K...o.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....4M.i.c.r.o.s.o.f.t...V.C.8.0...O.p.e.n.M.P...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........Y`..'o.k@.}I=K...o.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H.

                                          C:\Windows\WinSxS\InstallTemp\20240524113946952.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.manifest

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):468
                                          Entropy (8bit):5.332272981711254
                                          Encrypted:false
                                          SSDEEP:12:TMHdt7IBeBFJ3/3XO53SNK+tKR/6gVuNnyEbYjoWuFEG:2dtMEDJ/eiNK+856g4NnhYjZu3
                                          MD5:D1240D97B0E1F80D82AD12782DFE8EBE
                                          SHA1:59601898276FF76B40C97D493D4B9CA2DE6FCCAC
                                          SHA-256:BE8327C8D71B61893D455130C2B5A8635E451A7D95BBFAF29432B3844A7AC109
                                          SHA-512:6C64A46715949C36E26045FCF12DC468C6D39782EB0165F966D251DFFF40AF2B065283B8F9391DDDC66C98A5C3DB7B92844E784355D73E1ADBAD1F37ABF384DE
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable/>.. <assemblyIdentity type="win32" name="Microsoft.VC80.OpenMP" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <file name="vcomp.dll" hash="641af563f63d31fb5c9828e2316effa02bbaafac" hashalg="SHA1"/>..</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524113946983.0\8.0.50727.762.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8355
                                          Entropy (8bit):7.401719031801445
                                          Encrypted:false
                                          SSDEEP:192:/NNxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbWyVAz:xLCcUJvMYb6uT+qugeajCRVI
                                          MD5:57FD064E95D299507600F6D80AA6B578
                                          SHA1:9947DD086424ADB4D62FEB33FB9EBB52FA11C281
                                          SHA-256:F7BF65CA621D8AD32EAD1500A08827BE239D0F49D83DC20DABF57D2EB17ADBD7
                                          SHA-512:FD9E17009E0E88B725FC6AA014A95E9516543F54CADBB6A71C1C1F39F4DEF4AD0DF2D8F55720E8B1A54EB2EBCE6C42C8C899E33E490DD304EB014CCAB6DB9C44
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7.....MrG.u..A......j..061202065600Z0...+.....7.....0...0...*8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............N....f.V....vf.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RE.4.8.A.1.E.B.7.8.4.4.E.C.8.1.D.C.C.0.A.6.6.9.0.5.6.1.9.A.F.E.E.E.6.7.6.6.6.A.5...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............N....f.V....vf.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H............

                                          C:\Windows\WinSxS\InstallTemp\20240524113946983.0\8.0.50727.762.policy

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):800
                                          Entropy (8bit):5.197462113683958
                                          Encrypted:false
                                          SSDEEP:24:2dtMEDJ5iN+nyr56g4NnjiNK+2g4NnM23+LJ23sZQR:ciEDJw0yl6g4EK+2g46HQR
                                          MD5:856BBF8E45A26C912BD447EC12DC17DB
                                          SHA1:E48A1EB7844EC81DCC0A66905619AFEEE67666A5
                                          SHA-256:863E67B018E99E1685F03D4FED538F8269332570887FC17534DD3637B7AA6A41
                                          SHA-512:BB79BD9A3A06FB6CFD3312EDB766B8EF5C03AA250CCFA17ADD8799EEC06CCE88BE9369DB452D20B09519A910878E1840513404B5DF59289DD84BEDD01771AD01
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.ATL" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.ATL" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524113946999.0\8.0.50727.762.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8355
                                          Entropy (8bit):7.399558553058028
                                          Encrypted:false
                                          SSDEEP:192:MjDVxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbW/J/:83LCcUJvMYb6uT+qugeajCo
                                          MD5:29C0897D5D709A2394960B26999126D0
                                          SHA1:56501EDA82ECF05C4A90B035BE62B422A24C71C3
                                          SHA-256:DD72F7AB2DEF5F75F58D01B24643B308750C38685DAAED50BCDDF61C18460DEE
                                          SHA-512:75FB603D58105F0A2AACADE320E2EAB212DD6B3D6FCBDAB09CA137D123CC1DECB88C848B81E017BBDDD41D9591900FF723AED90FB0D6166E8C62E3C14D39166E
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7......uU....L..F&.K....061202065436Z0...+.....7.....0...0...*8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........@...@......_...."0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.1.0.4.4.0.9.3.0.C.C.9.9.4.4.0.9.E.9.2.0.D.9.4.C.7.C.4.5.F.0.4.0.5.D.6.0.4.2.2...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........@...@......_...."0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H............

                                          C:\Windows\WinSxS\InstallTemp\20240524113946999.0\8.0.50727.762.policy

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):800
                                          Entropy (8bit):5.192462113683958
                                          Encrypted:false
                                          SSDEEP:24:2dtMEDJ5iN+nhQ56g4NnjiNK+hcg4NnM23+LJ23sZQR:ciEDJw0hk6g4EK+hcg46HQR
                                          MD5:A785CE93C7468DBCDFA7BC379F8FFDDC
                                          SHA1:D10440930CC994409E920D94C7C45F0405D60422
                                          SHA-256:3A131923C7403C1EEF33B59FDCA57D8272549B7912D2B522FC8A4C840CBCA735
                                          SHA-512:8E514E11887F6A198756F4A4B1A584E0A337ABEF90F1A9330436E21E75CD5FFFE7E90A80424018C03EA55AE43758FCFA16F5A7C266D5476CE8F985F76CE5CADA
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524113946999.1\8.0.50727.762.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8355
                                          Entropy (8bit):7.401727457066723
                                          Encrypted:false
                                          SSDEEP:192:T9RpxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbWTI:TnLCcUJvMYb6uT+qugeajC2I
                                          MD5:98DC3A0DE986C24562CA071211F7DFBE
                                          SHA1:1B016B20820EEF49E7BAECB93D19E0A0177110E8
                                          SHA-256:91CA50CEC42075FFF02B366323BF3B45D2053B24544BD12B622B65621BD0EDD5
                                          SHA-512:F76B8972E2175FD84A56B3139C31A87FBFAFD69E131DA46A96225BA9CCE9A4A726FB007B31DE08406C9B3F51D8FD0FD32827A485C668D9C92B54F24F1384BC53
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7.........#.D.(...d.R..061202082602Z0...+.....7.....0...0....R0.9.1.0.5.C.8.8.6.A.8.3.6.7.7.E.4.9.C.E.6.E.F.4.7.F.8.C.F.1.A.0.4.7.2.1.4.A.E.D...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........\.j.g~I.n....G!J.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0...*8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........\.j.g~I.n....G!J.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H............

                                          C:\Windows\WinSxS\InstallTemp\20240524113946999.1\8.0.50727.762.policy

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):800
                                          Entropy (8bit):5.1940185043062534
                                          Encrypted:false
                                          SSDEEP:24:2dtMEDJ5iN+nf56g4NnjiNK+Rg4NnM23+LJ23sZQR:ciEDJw0x6g4EK+Rg46HQR
                                          MD5:E7BF4CF966C7C8D01315DCB7AC64F31D
                                          SHA1:09105C886A83677E49CE6EF47F8CF1A047214AED
                                          SHA-256:8064287E17720B822F845352FE724595FDAFAF9DD2DBF21493327D8C50719A9E
                                          SHA-512:6F6D05EBED3541BE650F0744F8978B88BB7699C60406AEEEBD9D0B3D28D4DC587633AD3A270964E05D96AFCD5EF47C333E7563EF79E44BB72B4670F5ACF84FBB
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.MFC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFC" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524113947014.0\8.0.50727.762.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8361
                                          Entropy (8bit):7.402377797496622
                                          Encrypted:false
                                          SSDEEP:192:F9JFQmFxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbm1:FnGmHLCcUJvMYb6uT+qugeajCA
                                          MD5:93615FE0E4458E717BBA670C9B162E84
                                          SHA1:CE99F878D2528EFC821D05462313C8EF99BE8C2F
                                          SHA-256:D14225A52543AA5A9605B00DD7574812BF89C605EBC73A9730E1E386BFC965F8
                                          SHA-512:F87BA88B0B2BF186872BDF226EA137463A773B710CD4505E50FD22E7E3E629BEAB26AF32313FE09BB4D1A0C621D95DF3E1D0A957D6D5A43868A1C4953CA3343F
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7........1..lI.N.i..-...061202082602Z0...+.....7.....0...0...*8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........V.XpV...L0.W1$....0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.0.8.1.5.6.1.6.5.8.7.0.5.6.1.0.A.D.A.D.4.C.3.0.E.7.5.7.3.1.2.4.9.1.E.D.F.9.E.0...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........V.XpV...L0.W1$....0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H............

                                          C:\Windows\WinSxS\InstallTemp\20240524113947014.0\8.0.50727.762.policy

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):806
                                          Entropy (8bit):5.222427128564631
                                          Encrypted:false
                                          SSDEEP:24:2dtMEDJ5iN+nEI56g4NnjiNK+3g4NnM23+LJ23sZQR:ciEDJw0v6g4EK+3g46HQR
                                          MD5:53094430F66951325C1B88A4F0CA374D
                                          SHA1:F081561658705610ADAD4C30E757312491EDF9E0
                                          SHA-256:4594558E51587C0EDF1F3F95A0D4B8749B3EA3B6C8B76B31B13F1CA1D3E2F4AF
                                          SHA-512:75EAD79C7392DE2BE0964D0399DA4B6B883BFC1E53CB099EC6BF2E4DA594B24B52E1C08AB6BA5B0B18DF7E64DAC0979C2A57E0B20EE6FDD5D54340FFF8F6D462
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.MFCLOC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFCLOC" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524113947014.1\8.0.50727.762.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8361
                                          Entropy (8bit):7.40471492725501
                                          Encrypted:false
                                          SSDEEP:192:DCRxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbmWDy:sLCcUJvMYb6uT+qugeajCQ
                                          MD5:C664656654DAB45BEB0D352077A884FB
                                          SHA1:5BDB2EE6D91EE321FEF177E534C324DF96BAEF9D
                                          SHA-256:B3BEB16C28DB357E654A6B132F59CD48CB95CEE949D7B97587F8F02F233F3CE1
                                          SHA-512:F9CE3655342A07A29B5338AB5B78BA0B6CBC94EEB1D0538967DD2C23CBBDA6797326763E16F609C179B43E67503A87F76D8C306F0AB449F1601F13D7F7173A15
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7......Y.s.oON.h..(H^G..061202084644Z0...+.....7.....0...0...*8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+...........\.-..9.l..Pu..r..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R9.D.8.2.F.A.5.C.E.1.2.D.D.F.E.6.3.9.A.F.6.C.8.9.C.7.5.0.7.5.8.D.8.E.7.2.A.2.0.A...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+...........\.-..9.l..Pu..r..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H............

                                          C:\Windows\WinSxS\InstallTemp\20240524113947014.1\8.0.50727.762.policy

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):806
                                          Entropy (8bit):5.200250853529196
                                          Encrypted:false
                                          SSDEEP:24:2dtMEDJ5iN+n856g4NnjiNK+wg4NnM23+LJ23sZQR:ciEDJw0I6g4EK+wg46HQR
                                          MD5:11D6A2E757DA71254BFC61D26F06884D
                                          SHA1:9D82FA5CE12DDFE639AF6C89C750758D8E72A20A
                                          SHA-256:58AE1580121AFE06CE2B858B96B6AB893A8D105B17FE54D85711A969C3303DC4
                                          SHA-512:0074430D25861B7B18CFA2C3E5BF728B51B676C5A30799986305BE94C40EE1DCA8E3C00A6279C801771F44D4ED551F73A0DC5C5792715C1C10361712D9EF8B29
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.OpenMP" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.OpenMP" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524114017764.0\ATL80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):96256
                                          Entropy (8bit):6.55872219718069
                                          Encrypted:false
                                          SSDEEP:1536:RCYlLTNQQ/Nucs4hRKF+HnLoRsV1TlWh8XhylIjwaCi6imXmwxCU4tkm:R7LTNzNup4hAQHnLP+VXmwxCtk
                                          MD5:3C7DEF3CBBCA6284867AA4621D5D8A54
                                          SHA1:4BD9852F1F063B9FD1E1829B756D381E14609FA7
                                          SHA-256:DB18738202DCDA842DCE505ECD0B858D7B4C55886CAC29827305F0DC3839143A
                                          SHA-512:1F9E89114A579BBB0C175D5FB587D58A923A0F556361B2F6C5AE3FFEB139539733E46EDB3DF1627FA630D5BC80CDF5FF311CA75754CA306345569CD48F51F2C4
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..xft.+ft.+ft.+.{.+dt.+A..+mt.+.{.+et.+ft.+.t.+A..+}t.+A..+mt.+A..+gt.+A..+gt.+A..+gt.+Richft.+................PE..L...V#qE...........!..............................c|................................Xe....@..........................G......<A..(....`..H#..........................`...............................84..@...............(....5.......................text............................... ..`.rdata...N.......P..................@..@.data........P.......:..............@....rsrc...H#...`...$...>..............@..@.reloc...............b..............@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017764.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8335
                                          Entropy (8bit):7.405163302183138
                                          Encrypted:false
                                          SSDEEP:192:920vxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTb29H8U:nJLCcUJvMYb6uT+qugeajCG1
                                          MD5:D81E69280E14E0A97644AE0044DB662E
                                          SHA1:C97DBE8DEB8E1762313C3E6613A6640F070DF4B1
                                          SHA-256:A951D53950C367ACC37622F0DD619A954DF5DE2C4EC40296E6636605AA33714A
                                          SHA-512:DCD8229EFD496735AAB49F6595AD545F082B0364E984346F76A6503425C84E82AF2D30684DFD302EF0C70FB65BC6B8E3731953728CF38637F7FE76580B82D490
                                          Malicious:false
                                          Preview:0. ...*.H........ |0. x...1.0...+......0..u..+.....7.....f0..b0...+.....7.....8..z*.\A..;.w.]..061202065600Z0...+.....7.....0...0....R0.5.2.F.1.8.9.7.A.2.9.9.F.B.3.C.3.3.C.F.A.8.E.B.3.E.3.7.C.8.D.5.6.5.4.F.3.1.7.9...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........./.....<3..>7..eO1y0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....M.i.c.r.o.s.o.f.t...V.C.8.0...A.T.L...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........./.....<3..>7..eO1y0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H........

                                          C:\Windows\WinSxS\InstallTemp\20240524114017764.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifest

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):465
                                          Entropy (8bit):5.355751983126569
                                          Encrypted:false
                                          SSDEEP:12:TMHdt7IBeBFJ3/3XO53SNK+yGuR/6gVuNnyEGBJfPeG:2dtMEDJ/eiNK+yr56g4NnYBJl
                                          MD5:42D8BBE898B35473852D83F53EF6759D
                                          SHA1:052F1897A299FB3C33CFA8EB3E37C8D5654F3179
                                          SHA-256:5908E59BF26941730A1F3AB117A7D699984D39CD690FCA74DBE20030745E8ACB
                                          SHA-512:3D871592D0FF3368306DF9372CB46754A818C5B0B3C1493AA9189030245CC44F4CE7F55C626C8B00704C1908FF84AE3EA82FA63B8EBEAEDAC1FAB6D758ED68B4
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable/>.. <assemblyIdentity type="win32" name="Microsoft.VC80.ATL" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <file name="ATL80.dll" hash="6a91b897f1be0d40f032a8773630c4627cd18bf7" hashalg="SHA1"/>..</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcm80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):479232
                                          Entropy (8bit):6.031745108754355
                                          Encrypted:false
                                          SSDEEP:6144:9Rj8Tfo4zrcq2FXOth6wsjb2fPzatjLhQeRW86ODl1KWOjPQeH:9So4zATQsjyWRhQ+W83D/6QO
                                          MD5:CAE6861B19A2A7E5D42FEFC4DFDF5CCF
                                          SHA1:609B81FBD3ACDA8C56E2663EDA80BFAFC9480991
                                          SHA-256:C4C8C2D251B90D77D1AC75CBD39C3F0B18FC170D5A95D1C13A0266F7260B479D
                                          SHA-512:C01D27F5A295B684C44105FCB62FB5F540A69D70A653AC9D14F2E5EF01295EF1DF136AE936273101739EB32EFF35185098A15F11D6C3293BBDCD9FCB98CB00A9
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-./.ihA.ihA.ihA..g..mhA.ih@..hA.N.:.lhA...?.hhA.N.<.hhA.N.,.fhA.N./..hA.N.;.hhA.N.=.hhA.N.9.hhA.RichihA.........................PE..L...."qE...........!.........@.......T............L|................................2.....@.............................c ..D...d.....................................................................@..............................H............text....x.......................... ..`.rdata..S[.......`..................@..@.data............ ..................@....rsrc...............................@..@.reloc..P$.......0... ..............@..B........................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcp80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):548864
                                          Entropy (8bit):6.402420828464982
                                          Encrypted:false
                                          SSDEEP:12288:Q1HyurvZ0JPjuTtSu86th1n/hUgiW6QR7t5j3Ooc8NHkC2eo:Q1HyurvZ0liTwuhtjnj3Ooc8NHkC2eo
                                          MD5:4C8A880EABC0B4D462CC4B2472116EA1
                                          SHA1:D0A27F553C0FE0E507C7DF079485B601D5B592E6
                                          SHA-256:2026F3C4F830DFF6883B88E2647272A52A132F25EB42C0D423E36B3F65A94D08
                                          SHA-512:6A6CCE8C232F46DAB9B02D29BE5E0675CC1E968E9C2D64D0ABC008D20C0A7BAEB103A5B1D9B348FA1C4B3AF9797DBCB6E168B14B545FB15C2CCD926C3098C31C
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y..fv..y..y..#y.....y..2...y.....y.....y......y.....y.....y.....y..Rich.y..........PE..L...."qE...........!.....@... ...............P....B|.........................p......u.....@.............................L...T...<............................ ..L2...S..............................Pe..@............P.. ............................text....;.......@.................. ..`.rdata......P.......P..............@..@.data...l&....... ..................@....rsrc...............................@..@.reloc..NA... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017796.0\msvcr80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):626688
                                          Entropy (8bit):6.8397070634061174
                                          Encrypted:false
                                          SSDEEP:12288:6Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeC:6Ui2C1JdoiEdmGyYu
                                          MD5:E4FECE18310E23B1D8FEE993E35E7A6F
                                          SHA1:9FD3A7F0522D36C2BF0E64FC510C6EEA3603B564
                                          SHA-256:02BDDE38E4C6BD795A092D496B8D6060CDBE71E22EF4D7A204E3050C1BE44FA9
                                          SHA-512:2FB5F8D63A39BA5E93505DF3A643D14E286FE34B11984CBED4B88E8A07517C03EFB3A7BF9D61CF1EC73B0A20D83F9E6068E61950A61D649B8D36082BB034DDFC
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L...8"qE...........!.....0...p......+#.......@.....x......................................@..........................q...~..Pc..<....`.......................p..H3...B...............................F..@............@...............................text...*'.......0.................. ..`.rdata......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017796.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8335
                                          Entropy (8bit):7.405582810794059
                                          Encrypted:false
                                          SSDEEP:192:80XxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTb2LQ82:PBLCcUJvMYb6uT+qugeajCQ2
                                          MD5:790ADAF5E825415E35AD65990E071AE0
                                          SHA1:E23D182AB1EDFEF5FD3793313D90935FC034ABC8
                                          SHA-256:88B03FE13D2710AD787D5D96CD0E5CBEDA3A61C2A0A2BDC0C0984A48365242E2
                                          SHA-512:050BBAD3122CD0627ECACAF3FB24EBF1E1845F209C33ED6607B282D9DCD4F5D99E345DF3A99E4344AF2ABA6E7923C8483E8D5A8D709BF97F3CB37926D975FDAD
                                          Malicious:false
                                          Preview:0. ...*.H........ |0. x...1.0...+......0..u..+.....7.....f0..b0...+.....7..........MfN....O.....061202142259Z0...+.....7.....0...0....R2.E.1.2.C.6.D.F.7.3.5.2.C.3.E.D.3.C.6.1.A.4.5.B.A.F.6.8.E.A.C.E.1.C.C.9.5.4.6.E...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............sR..<a.[.h....Tn0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....M.i.c.r.o.s.o.f.t...V.C.8.0...C.R.T...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............sR..<a.[.h....Tn0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H........

                                          C:\Windows\WinSxS\InstallTemp\20240524114017796.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1869
                                          Entropy (8bit):5.395078491534145
                                          Encrypted:false
                                          SSDEEP:48:3SlK+hk6g4u09kkK23zWO09kkKFzv09kkKldSzY:Clth9uXkd3COXkgTXkX8
                                          MD5:541423A06EFDCD4E4554C719061F82CF
                                          SHA1:2E12C6DF7352C3ED3C61A45BAF68EACE1CC9546E
                                          SHA-256:17AD1A64BA1C382ABF89341B40950F9B31F95015C6B0D3E25925BFEBC1B53EB5
                                          SHA-512:11CF735DCDDBA72BABB9DE8F59E0C180A9FEC8268CBFCA09D17D8535F1B92C17BF32ACDA86499E420CBE7763A96D6067FEB67FA1ED745067AB326FD5B84188C6
                                          Malicious:false
                                          Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable></noInheritable>.. <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>.. <file name="msvcr80.dll" hash="10f4cb2831f1e9288a73387a8734a8b604e5beaa" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>n9On8FItNsK/DmT8UQxu6jYDtWQ=</dsig:DigestValue></asmv2:hash></file>.. <file name="msvcp80.dll" hash="b2082dfd3009365c5b287448dcb3b4e2158a6d26" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xml

                                          C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfc80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):1101824
                                          Entropy (8bit):6.52190273109876
                                          Encrypted:false
                                          SSDEEP:24576:Tp2G61fY62if0Vra3QSNhJK6hIAloY3XjrN/:TcGifY6tOaASNhJK6hPaG/R
                                          MD5:1B7524806D0270B81360C63A2FA047CB
                                          SHA1:D688D77F0CAA897E6EC2ED2C789E77B48304701F
                                          SHA-256:CEEF5AA7F9E6504BCE15B72B29DBEE6430370BAA6A52F82CF4F2857568D11709
                                          SHA-512:B34539FBDA2A2162EFA2F6BB5A513D1BB002073FA63B3FF85AA3ADE84A6B275E396893DF5AB3A0A215CADE1F068E2A0A1BBD8895595E31D5A0708B65ACEC8C73
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'3..'..'n..'..'3..'..'3..'...'..'...'.r.'..'gp.'..'.r.'...'.r.'..'.r.'...'.r.'/..'.r.'..'.r.'..'.r.'..'Rich..'................PE..L....3qE...........!.....p...p......yT.............x................................P@....@..............................e......x...................................0...................................@...............@............................text....o.......p.................. ..`.data...xi.......P..................@....rsrc...............................@..@.reloc..f8.......@..................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfc80u.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):1093120
                                          Entropy (8bit):6.517624141841358
                                          Encrypted:false
                                          SSDEEP:12288:o5lk6KUYmYRP6vAt9+J51r64f22JhPeEiz8F+p/xoOTa+S9XqNNw2ohW3:UyUaP64t9+JfrRJiz8F+p/N2/cmW
                                          MD5:CCC2E312486AE6B80970211DA472268B
                                          SHA1:025B52FF11627760F7006510E9A521B554230FEE
                                          SHA-256:18BE5D3C656236B7E3CD6D619D62496FE3E7F66BF2859E460F8AC3D1A6BDAA9A
                                          SHA-512:D6892ABB1A85B9CF0FC6ABE1C3ACA6C46FC47541DFFC2B75F311E8D2C9C1D367F265599456BD77BE0E2B6D20C6C22FF5F0C46E7D9BA22C847AD1CBEDC8CA3EFF
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................R..............R.......R...............l......n......l......l......l......l.L....l......l......l.....Rich............PE..L...84qE...........!.....p...\.......U.............x......................................@.........................@....e..4...x.......................................................................@...............4...<........................text...'n.......p.................. ..`.data....k.......J...t..............@....rsrc...............................@..@.reloc..R7.......8...v..............@..B................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfcm80.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):69632
                                          Entropy (8bit):5.417242053474202
                                          Encrypted:false
                                          SSDEEP:768:j8a7gcNrNDnQrZ6dOyOi9aBlrkY+qkJlyQA10y0ECL8IRO03VmOAPqixji4GY:j8CbQraAk3qkSqhRrODOACixji4T
                                          MD5:C84E4ECE0D210489738B2F0ADB2723E8
                                          SHA1:63C1FA652F7F5BD1FCCBE3618163B119A79A391C
                                          SHA-256:ED1DCDD98DAC80716B2246D7760F0608C59E566424AC1A562090A3342C22B0A7
                                          SHA-512:3EE1DA854E7D615FA4072140E823A3451DF5D8BEBF8064CC9A399DEC1FB35588F2A17C0620389441CA9EDD1944C9649002FE4E897C743FE8069B79A5AA079FE2
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z#Z..M...M...M.......M.......M...L.v.M...6...M.O.3...M... ...M...0...M...#...M...7...M...1...M...5...M.Rich..M.................PE..L....4qE...........!.........@....................U|......................... ............@.............................................................................................................@...............<...............H............text............................... ..`.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017889.0\mfcm80u.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):57856
                                          Entropy (8bit):6.049264994442299
                                          Encrypted:false
                                          SSDEEP:768:nxSa8B2TJIS8uM07yOi9aBlv0J4Wrk7lyQQz4tzIdcRVS0aWNclFnzmOA7q3PWM:ga88R8n40eWrkMst0qS2KlFaOAm3PW
                                          MD5:DDAD68E160C58D22B49FF039BB9B6751
                                          SHA1:C6C3B3AF37F202025EE3B9CC477611C6C5FB47C2
                                          SHA-256:F3A65BFC7FCE2D93FDF57CF88F083F690BC84B9A7706699D4098D18F79F87AAA
                                          SHA-512:47665672627E34AD9EA3FD21814697D083EEEAFC873407E07B9697C8AB3C18743D9FCB76E0A08A57652EA5FB4396D891E82C7FDE2146FC8B636D202E68843CF4
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_...>._.>._.>._.1._.>._.1._.>._.>._A>._..._.>._E.._.>._..._.>._..._.>._..._.>._..._.>._..._.>._..._.>._Rich.>._........................PE..L....4qE...........!.........,....................e|......................... ......~.....@.........................`...................................................................................@...............,...............H............text...!........................... ..`.data...h...........................@....rsrc...............................@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017889.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8335
                                          Entropy (8bit):7.40317276365929
                                          Encrypted:false
                                          SSDEEP:192:O09xL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTb28uOJjC:VPLCcUJvMYb6uT+qugeajCdbJjC
                                          MD5:7E5E3FE0342A776B1974BA1158B8E458
                                          SHA1:7E2E14E2A0658441828DE084116AFDEC5CC63697
                                          SHA-256:2D3CB7907B1336EA5889A2B731D5E97AD40903A4EFD2287C1C117BC30F208F46
                                          SHA-512:9F0F1F1E6439F101B04888BE54A3711C8439D569B0DC962F29AC26C3637FE9A882C9B0D52D50E83B7562A302673F2D22428A56E6AAF60AD30FC873FFA256EFD2
                                          Malicious:false
                                          Preview:0. ...*.H........ |0. x...1.0...+......0..u..+.....7.....f0..b0...+.....7........>.B4M.EA..r....061202142259Z0...+.....7.....0...0....R2.5.9.3.A.D.7.2.1.D.7.B.E.3.8.2.1.F.D.0.B.4.0.6.1.1.A.4.6.7.D.B.9.7.B.E.8.5.4.7...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........%..r.{......g...G0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....M.i.c.r.o.s.o.f.t...V.C.8.0...M.F.C...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........%..r.{......g...G0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H........

                                          C:\Windows\WinSxS\InstallTemp\20240524114017889.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.manifest

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2371
                                          Entropy (8bit):5.376374702643811
                                          Encrypted:false
                                          SSDEEP:48:3SlK+x6g4m09kkKZzY09kkKSzdz09kkKWz+09kkK5e/zY:CltImXkEMXkvdXkHCXk648
                                          MD5:97B859F11538BBE20F17DFB9C0979A1C
                                          SHA1:2593AD721D7BE3821FD0B40611A467DB97BE8547
                                          SHA-256:4ED3BA814DE7FD08B4E4C6143D144E603536C343602E1071803B86E58391BE36
                                          SHA-512:905C7879DF47559AD271DC052EF8AE38555EAC49E8AC516BC011624BF9A622EB10EE5C6A06FBD3E5C0FA956A0D38F03F6808C1C58EE57813818FE8B8319A3541
                                          Malicious:false
                                          Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable></noInheritable>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>.. <file name="mfc80.dll" hash="8f53f3ce664dfb39cadf8ecb34dd49cbd8348227" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>1ojXfwyqiX5uwu0seJ53tIMEcB8=</dsig:DigestValue></asmv2:hash></file>.. <file name="mfc80u.dll" hash="db3a3bfed210d41af3579d948cace75cb74eee0a" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:

                                          C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80CHS.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):3.7202246676917885
                                          Encrypted:false
                                          SSDEEP:384:PODNemsol/tAGqyVUIrvxW24WRqJwxV0fwItnFiHyt6S26r81Jd5AJd:POZXsKAGDTrvfTx4wItnFfL26r81nE
                                          MD5:AFA7E91C8C9566E03FB1620F95230B93
                                          SHA1:75057A0E936032EC9CBC77559241720F58BFAB84
                                          SHA-256:4EAF1750A573BAB5C853E7714EFCC84FF2FCF992AD935FD01AF9E2A5BD01A93A
                                          SHA-512:B9C34166555F42D4A4E754131FD2868B4FC2965AC8519A6EEED8A32F6C67E1E6E5B4DAA93175967F5F687D8333CA53C4D183A2177191A81BC01E89B7CBDC9BB3
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6].................................@....@..............................................~...........................................................................................................rsrc....~..........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80CHT.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):45056
                                          Entropy (8bit):3.527823884757394
                                          Encrypted:false
                                          SSDEEP:384:PvDNumStwO/tAGqyVB+dvEQW23WRcMUn5xm9za2JokMw6TERPB1ECA:PvZHSGMAGDadv6On5x4pqwPPB1EC
                                          MD5:2DCA32742F80BB37E159B651F8EEF44B
                                          SHA1:DCD0265FBE8EFD63C235ED4611AECC4B935C057C
                                          SHA-256:A7EAF2B5DF991654500FFED95D3950A46DD0FE05CDDCCCD77490F125E22B80D6
                                          SHA-512:40E1533F6989955F537D556AB28FF0BE44658309EEF5D40093BF3FCEC39AD85EA14BB2B880FF5C067CCFC257A35361C25AAC087E0463BAFE39FB265B8A0825EE
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6]................................Mp....@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80DEU.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):65536
                                          Entropy (8bit):3.09089382778059
                                          Encrypted:false
                                          SSDEEP:1536:v1AGDh+vfxzesi870vYtNerHI4Lhp0vcsjsr:v1AGDhuxzesi870hLhp0vcsjsr
                                          MD5:1E6719EBEB1D368E09899A9D0DDFAD70
                                          SHA1:FC510A6DBE0D9180F203AF651E186979B628675F
                                          SHA-256:734EB909C54A0A1C53AA5177727660B1C64F3D261B222FEAEC76FC5853300661
                                          SHA-512:C5753B79D97204C130A2C0A46D7717E74C140D207A446918DF113A6C460F538AFE0A48AF52360D8A501104283311667CE8DD23B4D3E65B7EE99939A791C25AD6
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...^4qE...........!..............................6]................................?.....@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ENU.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):57344
                                          Entropy (8bit):3.050363341730474
                                          Encrypted:false
                                          SSDEEP:384:PODNXnSkNsq/tAGqyV5KOvxW2+WR1BrxiFc+hV9RLNq/HRK/+nnWT59Dl:POZX3s4AGDCOvJ1B4V9RLNqfRKGnWHB
                                          MD5:9090454E6772F7CFBCE240BF4DC5F7E8
                                          SHA1:3AFD27AF1FBB5D2EFDE463869A1E6465AFFBCDD8
                                          SHA-256:A532044DFD1FA6463516125EA74C250762DE4DACBE613F8AD2FF72D50C0B9585
                                          SHA-512:4691138B2E32447A6300A17967C1221153B5B514EE0EDCD25A135DCE2A6EEFEA9CC7F3FC516A9B3482FEB62DC190A7F4192BCF15D9793832F828078557E24CDF
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6].................................g....@.............................................(............................................................................................................rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ESP.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):61440
                                          Entropy (8bit):3.0964773972990574
                                          Encrypted:false
                                          SSDEEP:768:PsZTQAGDf3vr0or0GBFCDCLhedUPYVbS/:AQAGDPvr0or0GBFMkhedUkS
                                          MD5:D47599748B3ECF645C47CAA0BC24A7CD
                                          SHA1:2F47846B9308FE4B444363F0863F394A1B13C938
                                          SHA-256:10FD5EEBE39ACD996309DA073B247B365CBC0F48F43DA3062463EA9F712319CA
                                          SHA-512:30B0F056123657EACA8F97138E1CA5C2981575420938EE7ED645E4D62F2A159C011EFF08C2EE20AC68504BD59D890DBC030718A9BA185871B07DEE9851CF2608
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6]......................................@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80FRA.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):61440
                                          Entropy (8bit):3.1658595093754625
                                          Encrypted:false
                                          SSDEEP:768:xZweyAGDSRvjZrkh2A6NTi7e3RAaTaPCeyGdZmBSg3T1SyyyyyyyyyyyyyyyafyL:7yAGD+vjZbA2SCeB0Ug4
                                          MD5:EEC2F9E4D790BCCDBC542715AB613579
                                          SHA1:8993E9F0CC4657E40866EFBA0CAB7E077060CEA8
                                          SHA-256:E283B055A0B9F522FF415B78F100542255AA07CB17C1EEB3885E75326D9DBC66
                                          SHA-512:89C083C820798872F3FEECFFCCC1A5CCEF9A367C8AF2170EC06B04A64A234DD03CDFE250B31B5969F87CAA8E7EA8393FBCBBCBF16D83C35105814501B6BE08E8
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...^4qE...........!..............................6].................................E....@.............................................(............................................................................................................rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80ITA.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):61440
                                          Entropy (8bit):3.1028777863172503
                                          Encrypted:false
                                          SSDEEP:768:OZ0odoAGDI6vuoG57PxtINJ8Il8QcPOCeFO/:5o+AGDHvuoc7PxtINJ8gIPp
                                          MD5:CB23B162AC655F24C6711A5F5DF348C6
                                          SHA1:E4E0E803B9297B0937824C53F227598998229463
                                          SHA-256:6498EE1449B61B40E2DAB46F0B3DFA15F17590D7AA87919580748EC9D4BC2C55
                                          SHA-512:460D235818CD83D9020A13F47B24AADC777E4BDC81A6387D8BB59DAF37EAF930C70ACE5E238FE2FA34491A03B3972F11A4BDB8D30FF98801ACFF82630B6D24A2
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...^4qE...........!..............................6].....................................@.............................................(............................................................................................................rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80JPN.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):3.7900346517730297
                                          Encrypted:false
                                          SSDEEP:384:VDNCysmq/tAGqyVVp7vhedW20WR2JkQbXDr10Jh8I2Bb4:VZXsPAGDN7vQv2Jkkr10IIc4
                                          MD5:012031B19F0A9F6431997C79E1893822
                                          SHA1:2265C92B3ED9EC169E2C362E448B0E3F449528A3
                                          SHA-256:ED296B3DD004C8845A7015A3A5EF3A92331E30535204A02995323681CBD342AB
                                          SHA-512:B4CCA371481B349546AD09C40461258A99E5AD6CF7B66FE040A37F90071C420CC41E74F495141A490B4848B66DA876AD8B91AC7C14A328CF5C4CCAADFD3E226E
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...^4qE...........!..............................6]......................................@.............................................8............................................................................................................rsrc...8...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017999.0\mfc80KOR.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):3.724944556618916
                                          Encrypted:false
                                          SSDEEP:384:PUDNSnxGr/tAGqyV0/NvbW2OWRFKu/KV0YfmtT2XYm66tHggFK417RTNbU/Ltl3h:PUZSE5AGD0NvrDriHqN
                                          MD5:FEC4610F1174136B1D3DB2AE37924CE8
                                          SHA1:BA94E77BB29B9B74EA8E2A8FD005DC3083166F3C
                                          SHA-256:A6D0B3D20E67C26F7C247F2EEB8DBA723B396B118A1B9EAA4568C474826EA740
                                          SHA-512:9144A0243E41EC17628A740913A745261346EFA2DFF3F61D48CCF186F30A1527F6A4F5CB3F7F7727D7BFD4103E9FC90CAE1E0CEFBC1D8D042218D9D2EA869A36
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L..._4qE...........!..............................6]................................b.....@.........................................................................................................................................................rsrc..............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114017999.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8348
                                          Entropy (8bit):7.393940545952515
                                          Encrypted:false
                                          SSDEEP:192:BBGwxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbmI0TYk:KcLCcUJvMYb6uT+qugeajCfEYk
                                          MD5:DFE03B4FF0EF67F7A08A7D88B3E4BDE3
                                          SHA1:BF907A1B27DB3BF3C10DA685D9CB4CBFF9155E6B
                                          SHA-256:26340819D2EF86080D9001C6F2737D70FD6602DDF4B86B6C26B326EF81CC3342
                                          SHA-512:3D1F6773A476B2F84F53A288F1A1EF0FC44A58F8A9C25F9773871CB4F4F9CB81CBE6C242665D1CBA8BA327C441FC5B13F254E1657258A841102CC571185D70BD
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..|..+.....7.....m0..i0...+.....7......7qN.NqJ...E..8..061202082602Z0...+.....7.....0..&0....R8.3.0.D.6.4.5.9.3.5.0.D.D.1.A.B.3.B.1.F.0.7.0.1.3.5.4.2.5.A.9.3.3.9.5.7.8.2.B.1...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........dY5..;...5BZ.9W..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....4M.i.c.r.o.s.o.f.t...V.C.8.0...M.F.C.L.O.C...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........dY5..;...5BZ.9W..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H.

                                          C:\Windows\WinSxS\InstallTemp\20240524114017999.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.manifest

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1239
                                          Entropy (8bit):5.33259165949927
                                          Encrypted:false
                                          SSDEEP:24:2dtMEDJ/eiNK+EI56g4NnZCO/3QQvhONoajUCvBTmAmWG1YoSoFJF:ciEDJdK+v6g4H3strJnmW27
                                          MD5:56613508687D065362302FF388CD5E82
                                          SHA1:830D6459350DD1AB3B1F070135425A93395782B1
                                          SHA-256:2F79707C5EA8937E8887B642CFA4CE682C52816C20207C1588FD5A1E39E88C1C
                                          SHA-512:66C650CDCF5D15D313B7B0F3AFDAB717F075BC0AC560B75CF2EA5375C62EFEBE01A890204A3E74835B65B60113120815C7DD564F78564029D1F5170D63990814
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable/>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFCLOC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <file name="mfc80CHS.dll" hash="0ed99f840cfe11946fd5aa2002eff17451d441eb" hashalg="SHA1"/>.. <file name="mfc80CHT.dll" hash="3eb85cc7e931f885f2b91aa285432b740edaa6b1" hashalg="SHA1"/>.. <file name="mfc80DEU.dll" hash="5489f4037e83e03786e4c7842cc7599beafac96e" hashalg="SHA1"/>.. <file name="mfc80ENU.dll" hash="ed96ef26e683b48b4f04eefc75d873f863c993cf" hashalg="SHA1"/>.. <file name="mfc80ESP.dll" hash="b3d647f39f26b07f6014b40a9f511cfd4614bdf8" hashalg="SHA1"/>.. <file name="mfc80FRA.dll" hash="89d11dd75a1a74547cf94e0b66d742eb7fe909b2" hashalg="SHA1"/>.. <file name="mfc80ITA.dll" hash="e07b9360a90e74e4ab1bf4f3f9

                                          C:\Windows\WinSxS\InstallTemp\20240524114018092.0\vcomp.dll

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):65536
                                          Entropy (8bit):5.513945595457493
                                          Encrypted:false
                                          SSDEEP:768:G1bALwFH76GlCWWwkNTjHnHJOR+SVk/6SHL2jmPGh0y/aR:lLUHzlCzwudORjirHLSnZ/aR
                                          MD5:72F11C118E514544F1D2981C7396E4F7
                                          SHA1:3AE68E8D5038620D5A04F5893C8C9FF8EDD2CF42
                                          SHA-256:2EA4098722586932ACF9B180374B019ED6D6469825392373E45B3DB459B5EAEF
                                          SHA-512:91CB2EA7DB5958141D4C47F4DDB66D24383FFE6B74A12DE753CA93764AF6C1C41D6A9572777818D6F3CE226AA06E0F168CD28551006B59A89FE1235ABD31F8CD
                                          Malicious:false
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........=...n...n...n.W.n...n.W.n.n6..n.n...n...n.W.n...n.W.n...n.W.n...n.W.n...nRich...n........................PE..L...p=qE...........!.........P.......g.............r......................................@.........................@..........<...................................0..................................@............................................text............................... ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                          C:\Windows\WinSxS\InstallTemp\20240524114018092.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8348
                                          Entropy (8bit):7.40019876068938
                                          Encrypted:false
                                          SSDEEP:192:BF4GKxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbm0SbeA:njOLCcUJvMYb6uT+qugeajCptA
                                          MD5:259F7EAC836FC1FE0871C47276F4D779
                                          SHA1:42B1E4138EDCFC60622167EE60A1AF5CA00A813A
                                          SHA-256:A2492FA83366394B7C17FA6C9650CE5688B887D0AD0AD79743A3422DEBF4D997
                                          SHA-512:053892D867C3BC4C10E34811DA34337055035F599C09566DBF678DFAD97F4FAC7B8459FDB603C4A69E5848A455F319C3A6212E016638F493EFE1DDC3EBF02E1F
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..|..+.....7.....m0..i0...+.....7.....VV...A.G........061202084644Z0...+.....7.....0..&0....R5.9.6.0.1.8.9.8.2.7.6.F.F.7.6.B.4.0.C.9.7.D.4.9.3.D.4.B.9.C.A.2.D.E.6.F.C.C.A.C...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........Y`..'o.k@.}I=K...o.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....4M.i.c.r.o.s.o.f.t...V.C.8.0...O.p.e.n.M.P...m.a.n...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........Y`..'o.k@.}I=K...o.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H.

                                          C:\Windows\WinSxS\InstallTemp\20240524114018092.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.manifest

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):468
                                          Entropy (8bit):5.332272981711254
                                          Encrypted:false
                                          SSDEEP:12:TMHdt7IBeBFJ3/3XO53SNK+tKR/6gVuNnyEbYjoWuFEG:2dtMEDJ/eiNK+856g4NnhYjZu3
                                          MD5:D1240D97B0E1F80D82AD12782DFE8EBE
                                          SHA1:59601898276FF76B40C97D493D4B9CA2DE6FCCAC
                                          SHA-256:BE8327C8D71B61893D455130C2B5A8635E451A7D95BBFAF29432B3844A7AC109
                                          SHA-512:6C64A46715949C36E26045FCF12DC468C6D39782EB0165F966D251DFFF40AF2B065283B8F9391DDDC66C98A5C3DB7B92844E784355D73E1ADBAD1F37ABF384DE
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable/>.. <assemblyIdentity type="win32" name="Microsoft.VC80.OpenMP" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <file name="vcomp.dll" hash="641af563f63d31fb5c9828e2316effa02bbaafac" hashalg="SHA1"/>..</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524114018124.0\8.0.50727.762.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8355
                                          Entropy (8bit):7.401719031801445
                                          Encrypted:false
                                          SSDEEP:192:/NNxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbWyVAz:xLCcUJvMYb6uT+qugeajCRVI
                                          MD5:57FD064E95D299507600F6D80AA6B578
                                          SHA1:9947DD086424ADB4D62FEB33FB9EBB52FA11C281
                                          SHA-256:F7BF65CA621D8AD32EAD1500A08827BE239D0F49D83DC20DABF57D2EB17ADBD7
                                          SHA-512:FD9E17009E0E88B725FC6AA014A95E9516543F54CADBB6A71C1C1F39F4DEF4AD0DF2D8F55720E8B1A54EB2EBCE6C42C8C899E33E490DD304EB014CCAB6DB9C44
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7.....MrG.u..A......j..061202065600Z0...+.....7.....0...0...*8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............N....f.V....vf.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RE.4.8.A.1.E.B.7.8.4.4.E.C.8.1.D.C.C.0.A.6.6.9.0.5.6.1.9.A.F.E.E.E.6.7.6.6.6.A.5...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............N....f.V....vf.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H............

                                          C:\Windows\WinSxS\InstallTemp\20240524114018124.0\8.0.50727.762.policy

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):800
                                          Entropy (8bit):5.197462113683958
                                          Encrypted:false
                                          SSDEEP:24:2dtMEDJ5iN+nyr56g4NnjiNK+2g4NnM23+LJ23sZQR:ciEDJw0yl6g4EK+2g46HQR
                                          MD5:856BBF8E45A26C912BD447EC12DC17DB
                                          SHA1:E48A1EB7844EC81DCC0A66905619AFEEE67666A5
                                          SHA-256:863E67B018E99E1685F03D4FED538F8269332570887FC17534DD3637B7AA6A41
                                          SHA-512:BB79BD9A3A06FB6CFD3312EDB766B8EF5C03AA250CCFA17ADD8799EEC06CCE88BE9369DB452D20B09519A910878E1840513404B5DF59289DD84BEDD01771AD01
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.ATL" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.ATL" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524114018124.1\8.0.50727.762.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8355
                                          Entropy (8bit):7.399558553058028
                                          Encrypted:false
                                          SSDEEP:192:MjDVxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbW/J/:83LCcUJvMYb6uT+qugeajCo
                                          MD5:29C0897D5D709A2394960B26999126D0
                                          SHA1:56501EDA82ECF05C4A90B035BE62B422A24C71C3
                                          SHA-256:DD72F7AB2DEF5F75F58D01B24643B308750C38685DAAED50BCDDF61C18460DEE
                                          SHA-512:75FB603D58105F0A2AACADE320E2EAB212DD6B3D6FCBDAB09CA137D123CC1DECB88C848B81E017BBDDD41D9591900FF723AED90FB0D6166E8C62E3C14D39166E
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7......uU....L..F&.K....061202065436Z0...+.....7.....0...0...*8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........@...@......_...."0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.1.0.4.4.0.9.3.0.C.C.9.9.4.4.0.9.E.9.2.0.D.9.4.C.7.C.4.5.F.0.4.0.5.D.6.0.4.2.2...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........@...@......_...."0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H............

                                          C:\Windows\WinSxS\InstallTemp\20240524114018124.1\8.0.50727.762.policy

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):800
                                          Entropy (8bit):5.192462113683958
                                          Encrypted:false
                                          SSDEEP:24:2dtMEDJ5iN+nhQ56g4NnjiNK+hcg4NnM23+LJ23sZQR:ciEDJw0hk6g4EK+hcg46HQR
                                          MD5:A785CE93C7468DBCDFA7BC379F8FFDDC
                                          SHA1:D10440930CC994409E920D94C7C45F0405D60422
                                          SHA-256:3A131923C7403C1EEF33B59FDCA57D8272549B7912D2B522FC8A4C840CBCA735
                                          SHA-512:8E514E11887F6A198756F4A4B1A584E0A337ABEF90F1A9330436E21E75CD5FFFE7E90A80424018C03EA55AE43758FCFA16F5A7C266D5476CE8F985F76CE5CADA
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524114018139.0\8.0.50727.762.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8355
                                          Entropy (8bit):7.401727457066723
                                          Encrypted:false
                                          SSDEEP:192:T9RpxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbWTI:TnLCcUJvMYb6uT+qugeajC2I
                                          MD5:98DC3A0DE986C24562CA071211F7DFBE
                                          SHA1:1B016B20820EEF49E7BAECB93D19E0A0177110E8
                                          SHA-256:91CA50CEC42075FFF02B366323BF3B45D2053B24544BD12B622B65621BD0EDD5
                                          SHA-512:F76B8972E2175FD84A56B3139C31A87FBFAFD69E131DA46A96225BA9CCE9A4A726FB007B31DE08406C9B3F51D8FD0FD32827A485C668D9C92B54F24F1384BC53
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7.........#.D.(...d.R..061202082602Z0...+.....7.....0...0....R0.9.1.0.5.C.8.8.6.A.8.3.6.7.7.E.4.9.C.E.6.E.F.4.7.F.8.C.F.1.A.0.4.7.2.1.4.A.E.D...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........\.j.g~I.n....G!J.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0...*8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........\.j.g~I.n....G!J.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H............

                                          C:\Windows\WinSxS\InstallTemp\20240524114018139.0\8.0.50727.762.policy

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):800
                                          Entropy (8bit):5.1940185043062534
                                          Encrypted:false
                                          SSDEEP:24:2dtMEDJ5iN+nf56g4NnjiNK+Rg4NnM23+LJ23sZQR:ciEDJw0x6g4EK+Rg46HQR
                                          MD5:E7BF4CF966C7C8D01315DCB7AC64F31D
                                          SHA1:09105C886A83677E49CE6EF47F8CF1A047214AED
                                          SHA-256:8064287E17720B822F845352FE724595FDAFAF9DD2DBF21493327D8C50719A9E
                                          SHA-512:6F6D05EBED3541BE650F0744F8978B88BB7699C60406AEEEBD9D0B3D28D4DC587633AD3A270964E05D96AFCD5EF47C333E7563EF79E44BB72B4670F5ACF84FBB
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.MFC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFC" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524114018155.0\8.0.50727.762.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8361
                                          Entropy (8bit):7.402377797496622
                                          Encrypted:false
                                          SSDEEP:192:F9JFQmFxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbm1:FnGmHLCcUJvMYb6uT+qugeajCA
                                          MD5:93615FE0E4458E717BBA670C9B162E84
                                          SHA1:CE99F878D2528EFC821D05462313C8EF99BE8C2F
                                          SHA-256:D14225A52543AA5A9605B00DD7574812BF89C605EBC73A9730E1E386BFC965F8
                                          SHA-512:F87BA88B0B2BF186872BDF226EA137463A773B710CD4505E50FD22E7E3E629BEAB26AF32313FE09BB4D1A0C621D95DF3E1D0A957D6D5A43868A1C4953CA3343F
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7........1..lI.N.i..-...061202082602Z0...+.....7.....0...0...*8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........V.XpV...L0.W1$....0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.0.8.1.5.6.1.6.5.8.7.0.5.6.1.0.A.D.A.D.4.C.3.0.E.7.5.7.3.1.2.4.9.1.E.D.F.9.E.0...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........V.XpV...L0.W1$....0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H............

                                          C:\Windows\WinSxS\InstallTemp\20240524114018155.0\8.0.50727.762.policy

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):806
                                          Entropy (8bit):5.222427128564631
                                          Encrypted:false
                                          SSDEEP:24:2dtMEDJ5iN+nEI56g4NnjiNK+3g4NnM23+LJ23sZQR:ciEDJw0v6g4EK+3g46HQR
                                          MD5:53094430F66951325C1B88A4F0CA374D
                                          SHA1:F081561658705610ADAD4C30E757312491EDF9E0
                                          SHA-256:4594558E51587C0EDF1F3F95A0D4B8749B3EA3B6C8B76B31B13F1CA1D3E2F4AF
                                          SHA-512:75EAD79C7392DE2BE0964D0399DA4B6B883BFC1E53CB099EC6BF2E4DA594B24B52E1C08AB6BA5B0B18DF7E64DAC0979C2A57E0B20EE6FDD5D54340FFF8F6D462
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.MFCLOC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFCLOC" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

                                          C:\Windows\WinSxS\InstallTemp\20240524114018155.1\8.0.50727.762.cat

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8361
                                          Entropy (8bit):7.40471492725501
                                          Encrypted:false
                                          SSDEEP:192:DCRxL/CldolM3bd59MYbz2uT+InugbyaAqjkKiTbmWDy:sLCcUJvMYb6uT+qugeajCQ
                                          MD5:C664656654DAB45BEB0D352077A884FB
                                          SHA1:5BDB2EE6D91EE321FEF177E534C324DF96BAEF9D
                                          SHA-256:B3BEB16C28DB357E654A6B132F59CD48CB95CEE949D7B97587F8F02F233F3CE1
                                          SHA-512:F9CE3655342A07A29B5338AB5B78BA0B6CBC94EEB1D0538967DD2C23CBBDA6797326763E16F609C179B43E67503A87F76D8C306F0AB449F1601F13D7F7173A15
                                          Malicious:false
                                          Preview:0. ...*.H........ .0. ....1.0...+......0..q..+.....7.....b0..^0...+.....7......Y.s.oON.h..(H^G..061202084644Z0...+.....7.....0...0...*8...0...5.0.7.2.7...7.6.2...p.o.l.i.c.y...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+...........\.-..9.l..Pu..r..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R9.D.8.2.F.A.5.C.E.1.2.D.D.F.E.6.3.9.A.F.6.C.8.9.C.7.5.0.7.5.8.D.8.E.7.2.A.2.0.A...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+...........\.-..9.l..Pu..r..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......{0...0..-.......G....RFC..mH.1.0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Timestamping CA0...031204000000Z..131203235959Z0S1.0...U....US1.0...U....VeriSign, Inc.1+0)..U..."VeriSign Time Stamping Services CA0.."0...*.H............

                                          C:\Windows\WinSxS\InstallTemp\20240524114018155.1\8.0.50727.762.policy

                                          Download File
                                          Process:C:\Windows\System32\msiexec.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):806
                                          Entropy (8bit):5.200250853529196
                                          Encrypted:false
                                          SSDEEP:24:2dtMEDJ5iN+n856g4NnjiNK+wg4NnM23+LJ23sZQR:ciEDJw0I6g4EK+wg46HQR
                                          MD5:11D6A2E757DA71254BFC61D26F06884D
                                          SHA1:9D82FA5CE12DDFE639AF6C89C750758D8E72A20A
                                          SHA-256:58AE1580121AFE06CE2B858B96B6AB893A8D105B17FE54D85711A969C3303DC4
                                          SHA-512:0074430D25861B7B18CFA2C3E5BF728B51B676C5A30799986305BE94C40EE1DCA8E3C00A6279C801771F44D4ED551F73A0DC5C5792715C1C10361712D9EF8B29
                                          Malicious:false
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.... <assemblyIdentity type="win32-policy" name="policy.8.0.Microsoft.VC80.OpenMP" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.VC80.OpenMP" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <bindingRedirect oldVersion="8.0.41204.256-8.0.50608.0" newVersion="8.0.50727.762"/>.. <bindingRedirect oldVersion="8.0.50727.42-8.0.50727.762" newVersion="8.0.50727.762"/>.. </dependentAssembly>.. </dependency>....</assembly>..

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):7.999991119518631
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 98.86%
                                          • Inno Setup installer (109748/4) 1.08%
                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          File name:SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe
                                          File size:70'183'928 bytes
                                          MD5:8c9d7c62d1c19373bb581d879f012b33
                                          SHA1:e0f20fb98b4cd4dee40cccebf82720f1f8f6ac98
                                          SHA256:a27938941515ef4fe27eb078868b252817cff0c33c665db61eb6a499033c3627
                                          SHA512:62049169515c8f3e81f2b502dfed2f1c271975301e44bb216e52202d200d396dafbf54c046914b00a14101944cad3b6370271e69ffb82cb1d5925a4c569f2e49
                                          SSDEEP:1572864:bb6Jk++crwJvCwmUuKv58gfJfu4VGklfA4LI:vax+pJvCwmzrYJfu4xfA4s
                                          TLSH:31F733D0F64020F6F88A4FB65B801BA77589626D7C17EA6B10650F8934FB0A9FC7395C
                                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                          File Icon

                                          Icon Hash:2d2e3797b32b2b99

                                          Static PE Info

                                          General

                                          Entrypoint:0x409a58
                                          Entrypoint Section:CODE
                                          Digitally signed:true
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                          DLL Characteristics:TERMINAL_SERVER_AWARE
                                          Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:1
                                          OS Version Minor:0
                                          File Version Major:1
                                          File Version Minor:0
                                          Subsystem Version Major:1
                                          Subsystem Version Minor:0
                                          Import Hash:884310b1928934402ea6fec1dbd3cf5e

                                          Authenticode Signature

                                          Signature Valid:false
                                          Signature Issuer:CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                                          Signature Validation Error:A certificate was explicitly revoked by its issuer
                                          Error Number:-2146762484
                                          Not Before, Not After
                                          • 01/12/2008 01:00:00 02/12/2011 00:59:59
                                          Subject Chain
                                          • CN=Online Media Technologies Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Online Media Technologies Ltd., L=London, S=London, C=GB
                                          Version:3
                                          Thumbprint MD5:DC8464617374153B37B17F02181CD02E
                                          Thumbprint SHA-1:0E97B631E40EC5D03E0763B5BDEFE6B4C9F293F8
                                          Thumbprint SHA-256:8ACE91BA33CBC63F43179701DF845E5857D9F7E27155F715599AD39C25363DF7
                                          Serial:41ECEDCE3C0C97C050D886547FF849F3

                                          Entrypoint Preview

                                          Instruction
                                          push ebp
                                          mov ebp, esp
                                          add esp, FFFFFFC4h
                                          push ebx
                                          push esi
                                          push edi
                                          xor eax, eax
                                          mov dword ptr [ebp-10h], eax
                                          mov dword ptr [ebp-24h], eax
                                          call 00007F6210735133h
                                          call 00007F621073633Ah
                                          call 00007F6210738565h
                                          call 00007F62107385ACh
                                          call 00007F621073ADD3h
                                          call 00007F621073AF3Ah
                                          xor eax, eax
                                          push ebp
                                          push 0040A10Bh
                                          push dword ptr fs:[eax]
                                          mov dword ptr fs:[eax], esp
                                          xor edx, edx
                                          push ebp
                                          push 0040A0D4h
                                          push dword ptr fs:[edx]
                                          mov dword ptr fs:[edx], esp
                                          mov eax, dword ptr [0040C014h]
                                          call 00007F621073B960h
                                          call 00007F621073B4C7h
                                          lea edx, dword ptr [ebp-10h]
                                          xor eax, eax
                                          call 00007F6210738B71h
                                          mov edx, dword ptr [ebp-10h]
                                          mov eax, 0040CDE4h
                                          call 00007F62107351E4h
                                          push 00000002h
                                          push 00000000h
                                          push 00000001h
                                          mov ecx, dword ptr [0040CDE4h]
                                          mov dl, 01h
                                          mov eax, 004072A4h
                                          call 00007F62107393DCh
                                          mov dword ptr [0040CDE8h], eax
                                          xor edx, edx
                                          push ebp
                                          push 0040A08Ch
                                          push dword ptr fs:[edx]
                                          mov dword ptr fs:[edx], esp
                                          call 00007F621073B9D0h
                                          mov dword ptr [0040CDF0h], eax
                                          mov eax, dword ptr [0040CDF0h]
                                          cmp dword ptr [eax+0Ch], 01h
                                          jne 00007F621073BB0Ah
                                          mov eax, dword ptr [0040CDF0h]
                                          mov edx, 00000028h
                                          call 00007F62107397DDh
                                          mov edx, dword ptr [0040CDF0h]
                                          cmp eax, dword ptr [edx+00h]

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xd0000x950.idata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x110000x2a00.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x42edf780xc80
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0xf0000x18.rdata
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          CODE0x10000x91740x9200ea92e1415bc80e2738e334267ebbb921False0.614699272260274data6.566253815683607IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          DATA0xb0000x24c0x400f96da19d2571a42bdff1b9e8bd62ec99False0.3076171875data2.7350839451932765IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          BSS0xc0000xe480x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .idata0xd0000x9500xa00bb5485bf968b970e5ea81292af2acdbaFalse0.414453125data4.430733069799036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .tls0xe0000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rdata0xf0000x180x2009ba824905bf9c7922b6fc87a38b74366False0.052734375data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                          .reloc0x100000x8b40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                          .rsrc0x110000x2a000x2a0035f3bdfbde1e676e465816245612769fFalse0.33212425595238093data4.506475268119896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_ICON0x113540x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                          RT_ICON0x1147c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                          RT_ICON0x119e40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                          RT_ICON0x11ccc0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                          RT_STRING0x125740x2f2data0.35543766578249336
                                          RT_STRING0x128680x30cdata0.3871794871794872
                                          RT_STRING0x12b740x2cedata0.42618384401114207
                                          RT_STRING0x12e440x68data0.75
                                          RT_STRING0x12eac0xb4data0.6277777777777778
                                          RT_STRING0x12f600xaedata0.5344827586206896
                                          RT_RCDATA0x130100x2cdata1.2045454545454546
                                          RT_GROUP_ICON0x1303c0x3edataEnglishUnited States0.8387096774193549
                                          RT_VERSION0x1307c0x4b8COM executable for DOSEnglishUnited States0.3162251655629139
                                          RT_MANIFEST0x135340x47eXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4330434782608696

                                          Imports

                                          DLLImport
                                          kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
                                          user32.dllMessageBoxA
                                          oleaut32.dllVariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
                                          kernel32.dllWriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
                                          user32.dllTranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
                                          comctl32.dllInitCommonControls
                                          advapi32.dllAdjustTokenPrivileges

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          DutchNetherlands
                                          EnglishUnited States

                                          Network Behavior

                                          Network Port Distribution

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          May 24, 2024 17:40:31.804645061 CEST5640753192.168.2.61.1.1.1
                                          May 24, 2024 17:40:31.804645061 CEST5009953192.168.2.61.1.1.1
                                          May 24, 2024 17:40:31.827419043 CEST53564071.1.1.1192.168.2.6
                                          May 24, 2024 17:40:31.827433109 CEST53604661.1.1.1192.168.2.6
                                          May 24, 2024 17:40:31.832209110 CEST53500991.1.1.1192.168.2.6
                                          May 24, 2024 17:40:31.878818035 CEST53617611.1.1.1192.168.2.6
                                          May 24, 2024 17:40:32.959233046 CEST5707653192.168.2.61.1.1.1
                                          May 24, 2024 17:40:32.959414959 CEST5810553192.168.2.61.1.1.1
                                          May 24, 2024 17:40:33.007405996 CEST53570761.1.1.1192.168.2.6
                                          May 24, 2024 17:40:33.007421017 CEST53581051.1.1.1192.168.2.6
                                          May 24, 2024 17:40:33.304949045 CEST53510151.1.1.1192.168.2.6
                                          May 24, 2024 17:40:34.865976095 CEST6163853192.168.2.61.1.1.1
                                          May 24, 2024 17:40:34.866054058 CEST5586253192.168.2.61.1.1.1
                                          May 24, 2024 17:40:34.866638899 CEST5234253192.168.2.61.1.1.1
                                          May 24, 2024 17:40:34.866739035 CEST5146053192.168.2.61.1.1.1
                                          May 24, 2024 17:40:34.907332897 CEST53504091.1.1.1192.168.2.6
                                          May 24, 2024 17:40:34.911972046 CEST53523421.1.1.1192.168.2.6
                                          May 24, 2024 17:40:34.911983967 CEST53616381.1.1.1192.168.2.6
                                          May 24, 2024 17:40:34.911988974 CEST53558621.1.1.1192.168.2.6
                                          May 24, 2024 17:40:34.911998034 CEST53514601.1.1.1192.168.2.6
                                          May 24, 2024 17:40:34.912357092 CEST5483153192.168.2.61.1.1.1
                                          May 24, 2024 17:40:34.912467003 CEST6358353192.168.2.61.1.1.1
                                          May 24, 2024 17:40:34.932858944 CEST53635831.1.1.1192.168.2.6
                                          May 24, 2024 17:40:34.932882071 CEST53548311.1.1.1192.168.2.6
                                          May 24, 2024 17:40:35.959940910 CEST53546531.1.1.1192.168.2.6
                                          May 24, 2024 17:40:36.357991934 CEST6425753192.168.2.61.1.1.1
                                          May 24, 2024 17:40:36.358294010 CEST5221553192.168.2.61.1.1.1
                                          May 24, 2024 17:40:36.366926908 CEST53522151.1.1.1192.168.2.6
                                          May 24, 2024 17:40:36.367508888 CEST53642571.1.1.1192.168.2.6
                                          May 24, 2024 17:40:36.473843098 CEST6036153192.168.2.61.1.1.1
                                          May 24, 2024 17:40:36.473979950 CEST6450053192.168.2.61.1.1.1
                                          May 24, 2024 17:40:36.483351946 CEST53529661.1.1.1192.168.2.6
                                          May 24, 2024 17:40:36.490021944 CEST53645001.1.1.1192.168.2.6
                                          May 24, 2024 17:40:36.490034103 CEST53603611.1.1.1192.168.2.6
                                          May 24, 2024 17:40:37.912858009 CEST5198953192.168.2.61.1.1.1
                                          May 24, 2024 17:40:37.912858009 CEST6366153192.168.2.61.1.1.1
                                          May 24, 2024 17:40:37.924711943 CEST53519891.1.1.1192.168.2.6
                                          May 24, 2024 17:40:37.924745083 CEST53636611.1.1.1192.168.2.6
                                          May 24, 2024 17:40:38.151442051 CEST5638753192.168.2.61.1.1.1
                                          May 24, 2024 17:40:38.151645899 CEST5870653192.168.2.61.1.1.1
                                          May 24, 2024 17:40:38.177691936 CEST53587061.1.1.1192.168.2.6
                                          May 24, 2024 17:40:38.177721977 CEST53563871.1.1.1192.168.2.6
                                          May 24, 2024 17:40:38.275593042 CEST5715153192.168.2.61.1.1.1
                                          May 24, 2024 17:40:38.275593042 CEST5810853192.168.2.61.1.1.1
                                          May 24, 2024 17:40:39.343839884 CEST53645561.1.1.1192.168.2.6
                                          May 24, 2024 17:40:39.472487926 CEST5978053192.168.2.61.1.1.1
                                          May 24, 2024 17:40:39.472624063 CEST5464353192.168.2.61.1.1.1
                                          May 24, 2024 17:40:39.472928047 CEST5069953192.168.2.61.1.1.1
                                          May 24, 2024 17:40:39.473145008 CEST5387053192.168.2.61.1.1.1
                                          May 24, 2024 17:40:39.503685951 CEST5070553192.168.2.61.1.1.1
                                          May 24, 2024 17:40:39.503774881 CEST5408553192.168.2.61.1.1.1
                                          May 24, 2024 17:40:39.508650064 CEST53597801.1.1.1192.168.2.6
                                          May 24, 2024 17:40:39.508662939 CEST53546431.1.1.1192.168.2.6
                                          May 24, 2024 17:40:39.508666992 CEST53506991.1.1.1192.168.2.6
                                          May 24, 2024 17:40:39.508671045 CEST53538701.1.1.1192.168.2.6
                                          May 24, 2024 17:40:39.513761997 CEST53507051.1.1.1192.168.2.6
                                          May 24, 2024 17:40:39.518560886 CEST53540851.1.1.1192.168.2.6
                                          May 24, 2024 17:40:43.860090971 CEST6234353192.168.2.61.1.1.1
                                          May 24, 2024 17:40:43.860429049 CEST5044153192.168.2.61.1.1.1
                                          May 24, 2024 17:40:43.871973991 CEST53504411.1.1.1192.168.2.6
                                          May 24, 2024 17:40:44.785430908 CEST53652431.1.1.1192.168.2.6
                                          May 24, 2024 17:40:44.944392920 CEST6056653192.168.2.61.1.1.1
                                          May 24, 2024 17:40:44.944658995 CEST5262853192.168.2.61.1.1.1
                                          May 24, 2024 17:40:44.958684921 CEST53526281.1.1.1192.168.2.6
                                          May 24, 2024 17:40:45.711587906 CEST6415053192.168.2.61.1.1.1
                                          May 24, 2024 17:40:45.711700916 CEST5777553192.168.2.61.1.1.1
                                          May 24, 2024 17:40:45.725076914 CEST53641501.1.1.1192.168.2.6
                                          May 24, 2024 17:40:45.725117922 CEST53577751.1.1.1192.168.2.6
                                          May 24, 2024 17:40:46.069294930 CEST5514253192.168.2.61.1.1.1
                                          May 24, 2024 17:40:46.069478035 CEST5357053192.168.2.61.1.1.1
                                          May 24, 2024 17:40:46.079034090 CEST53551421.1.1.1192.168.2.6
                                          May 24, 2024 17:40:46.086832047 CEST53535701.1.1.1192.168.2.6
                                          May 24, 2024 17:40:47.036091089 CEST5396053192.168.2.61.1.1.1
                                          May 24, 2024 17:40:47.036251068 CEST5436553192.168.2.61.1.1.1
                                          May 24, 2024 17:40:47.083405972 CEST53539601.1.1.1192.168.2.6
                                          May 24, 2024 17:40:47.083424091 CEST53543651.1.1.1192.168.2.6
                                          May 24, 2024 17:40:48.314003944 CEST6362853192.168.2.61.1.1.1
                                          May 24, 2024 17:40:48.314115047 CEST6357253192.168.2.61.1.1.1
                                          May 24, 2024 17:40:48.331374884 CEST53635721.1.1.1192.168.2.6
                                          May 24, 2024 17:40:53.309468031 CEST53567191.1.1.1192.168.2.6
                                          May 24, 2024 17:41:13.341368914 CEST53547341.1.1.1192.168.2.6

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          May 24, 2024 17:40:31.804645061 CEST192.168.2.61.1.1.10x1cb5Standard query (0)www.avs4you.comA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:31.804645061 CEST192.168.2.61.1.1.10xb45bStandard query (0)www.avs4you.com65IN (0x0001)false
                                          May 24, 2024 17:40:32.959233046 CEST192.168.2.61.1.1.10x5e16Standard query (0)www.avs4you.comA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:32.959414959 CEST192.168.2.61.1.1.10x7d1bStandard query (0)www.avs4you.com65IN (0x0001)false
                                          May 24, 2024 17:40:34.865976095 CEST192.168.2.61.1.1.10x1509Standard query (0)secure.avangate.comA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:34.866054058 CEST192.168.2.61.1.1.10xad47Standard query (0)secure.avangate.com65IN (0x0001)false
                                          May 24, 2024 17:40:34.866638899 CEST192.168.2.61.1.1.10x9af1Standard query (0)secure.2checkout.comA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:34.866739035 CEST192.168.2.61.1.1.10x63f0Standard query (0)secure.2checkout.com65IN (0x0001)false
                                          May 24, 2024 17:40:34.912357092 CEST192.168.2.61.1.1.10x3563Standard query (0)secure.2checkout.com65IN (0x0001)false
                                          May 24, 2024 17:40:34.912467003 CEST192.168.2.61.1.1.10x42fbStandard query (0)secure.avangate.com65IN (0x0001)false
                                          May 24, 2024 17:40:36.357991934 CEST192.168.2.61.1.1.10x74faStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:36.358294010 CEST192.168.2.61.1.1.10xdbecStandard query (0)www.google.com65IN (0x0001)false
                                          May 24, 2024 17:40:36.473843098 CEST192.168.2.61.1.1.10xd567Standard query (0)dev.visualwebsiteoptimizer.comA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:36.473979950 CEST192.168.2.61.1.1.10xcc1Standard query (0)dev.visualwebsiteoptimizer.com65IN (0x0001)false
                                          May 24, 2024 17:40:37.912858009 CEST192.168.2.61.1.1.10xa22dStandard query (0)dev.visualwebsiteoptimizer.comA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:37.912858009 CEST192.168.2.61.1.1.10xd9c9Standard query (0)dev.visualwebsiteoptimizer.com65IN (0x0001)false
                                          May 24, 2024 17:40:38.151442051 CEST192.168.2.61.1.1.10x4e82Standard query (0)www.avs4you.comA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:38.151645899 CEST192.168.2.61.1.1.10xa71dStandard query (0)www.avs4you.com65IN (0x0001)false
                                          May 24, 2024 17:40:38.275593042 CEST192.168.2.61.1.1.10xd2d4Standard query (0)www.clarity.ms65IN (0x0001)false
                                          May 24, 2024 17:40:38.275593042 CEST192.168.2.61.1.1.10xe38dStandard query (0)www.clarity.msA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:39.472487926 CEST192.168.2.61.1.1.10xa4b2Standard query (0)analytics.google.comA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:39.472624063 CEST192.168.2.61.1.1.10x72bStandard query (0)analytics.google.com65IN (0x0001)false
                                          May 24, 2024 17:40:39.472928047 CEST192.168.2.61.1.1.10xfb33Standard query (0)stats.g.doubleclick.netA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:39.473145008 CEST192.168.2.61.1.1.10x1fd8Standard query (0)stats.g.doubleclick.net65IN (0x0001)false
                                          May 24, 2024 17:40:39.503685951 CEST192.168.2.61.1.1.10xac8Standard query (0)td.doubleclick.netA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:39.503774881 CEST192.168.2.61.1.1.10xe450Standard query (0)td.doubleclick.net65IN (0x0001)false
                                          May 24, 2024 17:40:43.860090971 CEST192.168.2.61.1.1.10x6894Standard query (0)s.clarity.msA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:43.860429049 CEST192.168.2.61.1.1.10x4cd0Standard query (0)s.clarity.ms65IN (0x0001)false
                                          May 24, 2024 17:40:44.944392920 CEST192.168.2.61.1.1.10x47f1Standard query (0)c.clarity.msA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:44.944658995 CEST192.168.2.61.1.1.10xadb9Standard query (0)c.clarity.ms65IN (0x0001)false
                                          May 24, 2024 17:40:45.711587906 CEST192.168.2.61.1.1.10xc9caStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:45.711700916 CEST192.168.2.61.1.1.10x6b6Standard query (0)www.google.com65IN (0x0001)false
                                          May 24, 2024 17:40:46.069294930 CEST192.168.2.61.1.1.10xc383Standard query (0)stats.g.doubleclick.netA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:46.069478035 CEST192.168.2.61.1.1.10xc4d6Standard query (0)stats.g.doubleclick.net65IN (0x0001)false
                                          May 24, 2024 17:40:47.036091089 CEST192.168.2.61.1.1.10x8587Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:47.036251068 CEST192.168.2.61.1.1.10x9816Standard query (0)www.google.com65IN (0x0001)false
                                          May 24, 2024 17:40:48.314003944 CEST192.168.2.61.1.1.10x3433Standard query (0)c.clarity.msA (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:48.314115047 CEST192.168.2.61.1.1.10xe7b3Standard query (0)c.clarity.ms65IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          May 24, 2024 17:40:31.827419043 CEST1.1.1.1192.168.2.60x1cb5No error (0)www.avs4you.com18.244.140.33A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:31.827419043 CEST1.1.1.1192.168.2.60x1cb5No error (0)www.avs4you.com18.244.140.117A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:31.827419043 CEST1.1.1.1192.168.2.60x1cb5No error (0)www.avs4you.com18.244.140.79A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:31.827419043 CEST1.1.1.1192.168.2.60x1cb5No error (0)www.avs4you.com18.244.140.20A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:33.007405996 CEST1.1.1.1192.168.2.60x5e16No error (0)www.avs4you.com18.244.140.33A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:33.007405996 CEST1.1.1.1192.168.2.60x5e16No error (0)www.avs4you.com18.244.140.20A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:33.007405996 CEST1.1.1.1192.168.2.60x5e16No error (0)www.avs4you.com18.244.140.117A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:33.007405996 CEST1.1.1.1192.168.2.60x5e16No error (0)www.avs4you.com18.244.140.79A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:34.911972046 CEST1.1.1.1192.168.2.60x9af1No error (0)secure.2checkout.comsab84n7.x.incapdns.netCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:34.911972046 CEST1.1.1.1192.168.2.60x9af1No error (0)sab84n7.x.incapdns.net45.60.14.94A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:34.911983967 CEST1.1.1.1192.168.2.60x1509No error (0)secure.avangate.commdig4.x.incapdns.netCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:34.911983967 CEST1.1.1.1192.168.2.60x1509No error (0)mdig4.x.incapdns.net45.60.14.94A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:34.911988974 CEST1.1.1.1192.168.2.60xad47Server failure (2)secure.avangate.comnonenone65IN (0x0001)false
                                          May 24, 2024 17:40:34.911998034 CEST1.1.1.1192.168.2.60x63f0Server failure (2)secure.2checkout.comnonenone65IN (0x0001)false
                                          May 24, 2024 17:40:34.932858944 CEST1.1.1.1192.168.2.60x42fbServer failure (2)secure.avangate.comnonenone65IN (0x0001)false
                                          May 24, 2024 17:40:34.932882071 CEST1.1.1.1192.168.2.60x3563Server failure (2)secure.2checkout.comnonenone65IN (0x0001)false
                                          May 24, 2024 17:40:36.366926908 CEST1.1.1.1192.168.2.60xdbecNo error (0)www.google.com65IN (0x0001)false
                                          May 24, 2024 17:40:36.367508888 CEST1.1.1.1192.168.2.60x74faNo error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:36.490034103 CEST1.1.1.1192.168.2.60xd567No error (0)dev.visualwebsiteoptimizer.com34.96.102.137A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:37.924711943 CEST1.1.1.1192.168.2.60xa22dNo error (0)dev.visualwebsiteoptimizer.com34.96.102.137A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:38.177721977 CEST1.1.1.1192.168.2.60x4e82No error (0)www.avs4you.com108.156.60.50A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:38.177721977 CEST1.1.1.1192.168.2.60x4e82No error (0)www.avs4you.com108.156.60.126A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:38.177721977 CEST1.1.1.1192.168.2.60x4e82No error (0)www.avs4you.com108.156.60.95A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:38.177721977 CEST1.1.1.1192.168.2.60x4e82No error (0)www.avs4you.com108.156.60.82A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:38.286962986 CEST1.1.1.1192.168.2.60xe38dNo error (0)www.clarity.msclarity.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:38.286962986 CEST1.1.1.1192.168.2.60xe38dNo error (0)clarity.azurefd.netazurefd-t-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:38.286962986 CEST1.1.1.1192.168.2.60xe38dNo error (0)shed.dual-low.s-part-0039.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:38.286962986 CEST1.1.1.1192.168.2.60xe38dNo error (0)dual.part-0039.t-0009.fb-t-msedge.netpart-0039.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:38.286962986 CEST1.1.1.1192.168.2.60xe38dNo error (0)part-0039.t-0009.fb-t-msedge.net13.107.226.67A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:38.286962986 CEST1.1.1.1192.168.2.60xe38dNo error (0)part-0039.t-0009.fb-t-msedge.net13.107.253.67A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:38.286978960 CEST1.1.1.1192.168.2.60xd2d4No error (0)www.clarity.msclarity.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:38.286978960 CEST1.1.1.1192.168.2.60xd2d4No error (0)clarity.azurefd.netazurefd-t-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:39.508650064 CEST1.1.1.1192.168.2.60xa4b2No error (0)analytics.google.com142.250.184.206A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:39.508662939 CEST1.1.1.1192.168.2.60x72bNo error (0)analytics.google.comanalytics-alv.google.comCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:39.508666992 CEST1.1.1.1192.168.2.60xfb33No error (0)stats.g.doubleclick.net64.233.166.155A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:39.508666992 CEST1.1.1.1192.168.2.60xfb33No error (0)stats.g.doubleclick.net64.233.166.157A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:39.508666992 CEST1.1.1.1192.168.2.60xfb33No error (0)stats.g.doubleclick.net64.233.166.156A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:39.508666992 CEST1.1.1.1192.168.2.60xfb33No error (0)stats.g.doubleclick.net64.233.166.154A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:39.513761997 CEST1.1.1.1192.168.2.60xac8No error (0)td.doubleclick.net172.217.18.2A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:43.871954918 CEST1.1.1.1192.168.2.60x6894No error (0)s.clarity.msclarity-ingest-eus-c-sc.eastus.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:43.871973991 CEST1.1.1.1192.168.2.60x4cd0No error (0)s.clarity.msclarity-ingest-eus-c-sc.eastus.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:44.954845905 CEST1.1.1.1192.168.2.60x47f1No error (0)c.clarity.msc.msn.comCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:44.954845905 CEST1.1.1.1192.168.2.60x47f1No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:44.958684921 CEST1.1.1.1192.168.2.60xadb9No error (0)c.clarity.msc.msn.comCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:44.958684921 CEST1.1.1.1192.168.2.60xadb9No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:45.725076914 CEST1.1.1.1192.168.2.60xc9caNo error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:45.725117922 CEST1.1.1.1192.168.2.60x6b6No error (0)www.google.com65IN (0x0001)false
                                          May 24, 2024 17:40:46.079034090 CEST1.1.1.1192.168.2.60xc383No error (0)stats.g.doubleclick.net66.102.1.156A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:46.079034090 CEST1.1.1.1192.168.2.60xc383No error (0)stats.g.doubleclick.net66.102.1.157A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:46.079034090 CEST1.1.1.1192.168.2.60xc383No error (0)stats.g.doubleclick.net66.102.1.154A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:46.079034090 CEST1.1.1.1192.168.2.60xc383No error (0)stats.g.doubleclick.net66.102.1.155A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:47.083405972 CEST1.1.1.1192.168.2.60x8587No error (0)www.google.com142.250.185.196A (IP address)IN (0x0001)false
                                          May 24, 2024 17:40:47.083424091 CEST1.1.1.1192.168.2.60x9816No error (0)www.google.com65IN (0x0001)false
                                          May 24, 2024 17:40:48.323230982 CEST1.1.1.1192.168.2.60x3433No error (0)c.clarity.msc.msn.comCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:48.323230982 CEST1.1.1.1192.168.2.60x3433No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:48.331374884 CEST1.1.1.1192.168.2.60xe7b3No error (0)c.clarity.msc.msn.comCNAME (Canonical name)IN (0x0001)false
                                          May 24, 2024 17:40:48.331374884 CEST1.1.1.1192.168.2.60xe7b3No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:1
                                          Start time:11:39:11
                                          Start date:24/05/2024
                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe"
                                          Imagebase:0x400000
                                          File size:70'183'928 bytes
                                          MD5 hash:8C9D7C62D1C19373BB581D879F012B33
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:2
                                          Start time:11:39:11
                                          Start date:24/05/2024
                                          Path:C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-P7M8L.tmp\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.tmp" /SL5="$203EE,69853475,53248,C:\Users\user\Desktop\SecuriteInfo.com.Adware.InstallCore.768.7677.16658.exe"
                                          Imagebase:0x400000
                                          File size:685'056 bytes
                                          MD5 hash:52950AC9E2B481453082F096120E355A
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:7
                                          Start time:11:39:41
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\msiexec.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\System32\msiexec.exe" /qn /i "C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\vcredist.msi"
                                          Imagebase:0x990000
                                          File size:59'904 bytes
                                          MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:8
                                          Start time:11:39:41
                                          Start date:24/05/2024
                                          Path:C:\Windows\System32\msiexec.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\msiexec.exe /V
                                          Imagebase:0x7ff740a50000
                                          File size:69'632 bytes
                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:9
                                          Start time:11:39:41
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\msiexec.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 99D16A0121B8E031EBFC9AE17FAE4D01
                                          Imagebase:0x990000
                                          File size:59'904 bytes
                                          MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:10
                                          Start time:11:39:48
                                          Start date:24/05/2024
                                          Path:C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Program Files (x86)\AVS4YOU\AVSVideoEditor\WMFDist11.exe" /Q:A /R:N
                                          Imagebase:0x1000000
                                          File size:10'401'096 bytes
                                          MD5 hash:0ACA9C0DD652AD1340266AC775C1E7AD
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:12
                                          Start time:11:40:06
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\msxml3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:13
                                          Start time:11:40:07
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSUniversalVideoConverter.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:15
                                          Start time:11:40:07
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAVIFile3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:16
                                          Start time:11:40:07
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSDVDFile3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:17
                                          Start time:11:40:08
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaFormatSettings3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:18
                                          Start time:11:40:08
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOverlay.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:19
                                          Start time:11:40:08
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioOverlay.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:20
                                          Start time:11:40:08
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVOBFile3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:21
                                          Start time:11:40:08
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSWMVFile3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:22
                                          Start time:11:40:08
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFiles.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:23
                                          Start time:11:40:08
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFile3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:24
                                          Start time:11:40:09
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayFinalizer.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:25
                                          Start time:11:40:09
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSBluRayMenu.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:26
                                          Start time:11:40:09
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSM2TSFile3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:27
                                          Start time:11:40:09
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoPlayer.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:28
                                          Start time:11:40:09
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioDxPlayer4.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:29
                                          Start time:11:40:10
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMediaCore3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:30
                                          Start time:11:40:10
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoDVDMenu3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:31
                                          Start time:11:40:10
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoXmlDVDMenu.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:32
                                          Start time:11:40:10
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSMPEGFile3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:33
                                          Start time:11:40:10
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioCompress4.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:34
                                          Start time:11:40:10
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransform4.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:35
                                          Start time:11:40:11
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSAudioTransformEx4.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:36
                                          Start time:11:40:11
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSPSCore3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:37
                                          Start time:11:40:11
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSFLVFile3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:38
                                          Start time:11:40:11
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoFile3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:39
                                          Start time:11:40:11
                                          Start date:24/05/2024
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSQuickTimeFile3.dll"
                                          Imagebase:0x5f0000
                                          File size:20'992 bytes
                                          MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:22.8%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:2.4%
                                            Total number of Nodes:1523
                                            Total number of Limit Nodes:27
                                            execution_graph 5856 407544 ReadFile 5857 407564 5856->5857 5858 40757b 5856->5858 5859 407574 5857->5859 5860 40756a GetLastError 5857->5860 5861 4073a4 21 API calls 5859->5861 5860->5858 5860->5859 5861->5858 6702 402b48 RaiseException 6703 40294a 6704 402952 6703->6704 6705 403554 4 API calls 6704->6705 6706 402967 6704->6706 6705->6704 6707 403f4a 6708 403f53 6707->6708 6709 403f5c 6707->6709 6710 403f07 4 API calls 6708->6710 6710->6709 6217 407052 6218 40703c 6217->6218 6219 403198 4 API calls 6218->6219 6220 407044 6219->6220 6221 403198 4 API calls 6220->6221 6222 40704c 6221->6222 6223 403a52 6224 403a74 6223->6224 6225 403a5a WriteFile 6223->6225 6225->6224 6226 403a78 GetLastError 6225->6226 6226->6224 6227 402654 6228 403154 4 API calls 6227->6228 6229 402614 6228->6229 6230 403154 4 API calls 6229->6230 6231 402632 6229->6231 6230->6231 6232 409c56 6233 409c7b 6232->6233 6234 40961c 15 API calls 6233->6234 6238 409c80 6234->6238 6235 409cd3 6266 4026c4 GetSystemTime 6235->6266 6237 409cd8 6239 409188 33 API calls 6237->6239 6238->6235 6241 408c34 4 API calls 6238->6241 6240 409ce0 6239->6240 6242 4031e8 4 API calls 6240->6242 6243 409caf 6241->6243 6244 409ced 6242->6244 6246 409cb7 MessageBoxA 6243->6246 6245 40686c 5 API calls 6244->6245 6248 409cfa 6245->6248 6246->6235 6247 409cc4 6246->6247 6249 4057b4 5 API calls 6247->6249 6250 406608 5 API calls 6248->6250 6249->6235 6251 409d0a 6250->6251 6252 406594 5 API calls 6251->6252 6253 409d1b 6252->6253 6254 403340 4 API calls 6253->6254 6255 409d29 6254->6255 6256 4031e8 4 API calls 6255->6256 6257 409d39 6256->6257 6258 4073f8 23 API calls 6257->6258 6259 409d78 6258->6259 6260 402594 4 API calls 6259->6260 6261 409d98 6260->6261 6262 407904 5 API calls 6261->6262 6263 409dda 6262->6263 6264 407b94 23 API calls 6263->6264 6265 409e01 6264->6265 6266->6237 5871 409a58 5910 4030dc 5871->5910 5873 409a6e 5913 4042e8 5873->5913 5875 409a73 5916 406518 5875->5916 5879 409a7d 5926 408efc GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 5879->5926 5888 4031e8 4 API calls 5889 409ac9 5888->5889 5890 4073f8 23 API calls 5889->5890 5891 409ae1 5890->5891 5962 409a04 FindResourceA 5891->5962 5894 407830 InterlockedExchange 5897 409b18 5894->5897 5895 4098b8 4 API calls 5896 409b56 5895->5896 5898 4073b8 20 API calls 5896->5898 5897->5895 5897->5896 5899 409b7c 5898->5899 5900 409b97 5899->5900 5901 4098b8 4 API calls 5899->5901 5902 407904 5 API calls 5900->5902 5901->5900 5903 409bbc 5902->5903 5975 4089e4 5903->5975 5907 409c00 5908 4089e4 23 API calls 5907->5908 5909 409c37 5907->5909 5908->5907 5989 403094 5910->5989 5912 4030e1 GetModuleHandleA GetCommandLineA 5912->5873 5914 403154 4 API calls 5913->5914 5915 404323 5913->5915 5914->5915 5915->5875 5990 405bf8 5916->5990 5925 406564 6F9E1CD0 5925->5879 5927 408f4f 5926->5927 6070 406ec4 SetErrorMode 5927->6070 5930 4071a8 5 API calls 5931 408f7f 5930->5931 5932 403198 4 API calls 5931->5932 5933 408f94 5932->5933 5934 409948 GetSystemInfo VirtualQuery 5933->5934 5935 4099fc 5934->5935 5938 409972 5934->5938 5940 4094b4 5935->5940 5936 4099dd VirtualQuery 5936->5935 5936->5938 5937 40999c VirtualProtect 5937->5938 5938->5935 5938->5936 5938->5937 5939 4099cb VirtualProtect 5938->5939 5939->5936 6074 406b0c GetCommandLineA 5940->6074 5942 409571 5944 4031b8 4 API calls 5942->5944 5943 406b68 6 API calls 5945 4094d1 5943->5945 5946 40958b 5944->5946 5945->5942 5945->5943 5947 403454 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5945->5947 5948 406b68 5946->5948 5947->5945 5949 406bb3 GetCommandLineA 5948->5949 5950 406b8f GetModuleFileNameA 5948->5950 5958 406bb8 5949->5958 5951 403278 4 API calls 5950->5951 5953 406bb1 5951->5953 5952 406bbd 5954 403198 4 API calls 5952->5954 5956 406be0 5953->5956 5957 406bc5 5954->5957 5955 406a2c 4 API calls 5955->5958 5959 403198 4 API calls 5956->5959 5960 40322c 4 API calls 5957->5960 5958->5952 5958->5955 5958->5957 5961 406bf5 5959->5961 5960->5956 5961->5888 5963 409a19 5962->5963 5964 409a1e SizeofResource 5962->5964 5965 4098b8 4 API calls 5963->5965 5966 409a30 LoadResource 5964->5966 5967 409a2b 5964->5967 5965->5964 5969 409a43 LockResource 5966->5969 5970 409a3e 5966->5970 5968 4098b8 4 API calls 5967->5968 5968->5966 5972 409a54 5969->5972 5973 409a4f 5969->5973 5971 4098b8 4 API calls 5970->5971 5971->5969 5972->5894 5972->5897 5974 4098b8 4 API calls 5973->5974 5974->5972 5976 408a58 5975->5976 5979 408a12 5975->5979 5977 407b94 23 API calls 5976->5977 5978 408a6c 5977->5978 5981 403198 4 API calls 5978->5981 5979->5976 5980 403278 4 API calls 5979->5980 5983 4031e8 4 API calls 5979->5983 5984 403420 4 API calls 5979->5984 5985 407b94 23 API calls 5979->5985 5980->5979 5982 408a81 5981->5982 5986 404b70 5982->5986 5983->5979 5984->5979 5985->5979 5987 402594 4 API calls 5986->5987 5988 404b7b 5987->5988 5988->5907 5989->5912 5991 405890 5 API calls 5990->5991 5992 405c09 5991->5992 5993 4051d0 GetSystemDefaultLCID 5992->5993 5995 405206 5993->5995 5994 404c2c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 5994->5995 5995->5994 5996 40515c LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 5995->5996 5997 4031e8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5995->5997 6000 405268 5995->6000 5996->5995 5997->5995 5998 404c2c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 5998->6000 5999 40515c LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 5999->6000 6000->5998 6000->5999 6001 4031e8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 6000->6001 6002 4052eb 6000->6002 6001->6000 6003 4031b8 4 API calls 6002->6003 6004 405305 6003->6004 6005 405314 GetSystemDefaultLCID 6004->6005 6062 40515c GetLocaleInfoA 6005->6062 6008 4031e8 4 API calls 6009 405354 6008->6009 6010 40515c 5 API calls 6009->6010 6011 405369 6010->6011 6012 40515c 5 API calls 6011->6012 6013 40538d 6012->6013 6068 4051a8 GetLocaleInfoA 6013->6068 6016 4051a8 GetLocaleInfoA 6017 4053bd 6016->6017 6018 40515c 5 API calls 6017->6018 6019 4053d7 6018->6019 6020 4051a8 GetLocaleInfoA 6019->6020 6021 4053f4 6020->6021 6022 40515c 5 API calls 6021->6022 6023 40540e 6022->6023 6024 4031e8 4 API calls 6023->6024 6025 40541b 6024->6025 6026 40515c 5 API calls 6025->6026 6027 405430 6026->6027 6028 4031e8 4 API calls 6027->6028 6029 40543d 6028->6029 6030 4051a8 GetLocaleInfoA 6029->6030 6031 40544b 6030->6031 6032 40515c 5 API calls 6031->6032 6033 405465 6032->6033 6034 4031e8 4 API calls 6033->6034 6035 405472 6034->6035 6036 40515c 5 API calls 6035->6036 6037 405487 6036->6037 6038 4031e8 4 API calls 6037->6038 6039 405494 6038->6039 6040 40515c 5 API calls 6039->6040 6041 4054a9 6040->6041 6042 4054c6 6041->6042 6043 4054b7 6041->6043 6045 40322c 4 API calls 6042->6045 6044 40322c 4 API calls 6043->6044 6046 4054c4 6044->6046 6045->6046 6047 40515c 5 API calls 6046->6047 6048 4054e8 6047->6048 6049 405505 6048->6049 6050 4054f6 6048->6050 6051 403198 4 API calls 6049->6051 6052 40322c 4 API calls 6050->6052 6053 405503 6051->6053 6052->6053 6054 4033b4 4 API calls 6053->6054 6055 405527 6054->6055 6056 4033b4 4 API calls 6055->6056 6057 405541 6056->6057 6058 4031b8 4 API calls 6057->6058 6059 40555b 6058->6059 6060 405c44 GetVersionExA 6059->6060 6061 405c5b 6060->6061 6061->5925 6063 405183 6062->6063 6064 405195 6062->6064 6065 403278 4 API calls 6063->6065 6066 40322c 4 API calls 6064->6066 6067 405193 6065->6067 6066->6067 6067->6008 6069 4051c4 6068->6069 6069->6016 6071 403414 6070->6071 6072 406efc LoadLibraryA 6071->6072 6073 406f12 6072->6073 6073->5930 6081 406a2c 6074->6081 6076 406b2f 6077 406b41 6076->6077 6078 406a2c 4 API calls 6076->6078 6079 403198 4 API calls 6077->6079 6078->6076 6080 406b56 6079->6080 6080->5945 6082 406a58 6081->6082 6083 403278 4 API calls 6082->6083 6084 406a65 6083->6084 6085 403420 4 API calls 6084->6085 6086 406a6d 6085->6086 6087 4031e8 4 API calls 6086->6087 6088 406a85 6087->6088 6089 403198 4 API calls 6088->6089 6090 406aa4 6089->6090 6090->6076 4897 407460 4898 40746c CloseHandle 4897->4898 4899 407475 4897->4899 4898->4899 6267 402e64 6268 402e69 6267->6268 6269 402e7a RtlUnwind 6268->6269 6270 402e5e 6268->6270 6271 402e9d 6269->6271 5283 409c71 5320 4098b8 5283->5320 5285 409c76 5286 409c7b 5285->5286 5426 402f24 5285->5426 5327 40961c 5286->5327 5289 409cd3 5348 4026c4 GetSystemTime 5289->5348 5291 409cd8 5349 409188 5291->5349 5292 409c80 5292->5289 5431 408c34 5292->5431 5296 4031e8 4 API calls 5297 409ced 5296->5297 5367 40686c 5297->5367 5298 409caf 5300 409cb7 MessageBoxA 5298->5300 5300->5289 5301 409cc4 5300->5301 5434 4057b4 5301->5434 5307 409d1b 5394 403340 5307->5394 5309 409d29 5310 4031e8 4 API calls 5309->5310 5311 409d39 5310->5311 5409 4073f8 5311->5409 5314 402594 4 API calls 5315 409d98 5314->5315 5416 407904 5315->5416 5317 409dda 5438 407b94 5317->5438 5319 409e01 5321 4098c1 5320->5321 5322 4098d9 5320->5322 5323 4057e0 4 API calls 5321->5323 5324 4057e0 4 API calls 5322->5324 5325 4098d3 5323->5325 5326 4098ea 5324->5326 5325->5285 5326->5285 5328 409665 5327->5328 5334 409629 5327->5334 5329 409672 5328->5329 5330 40966e 5328->5330 5452 406f48 GetModuleHandleA GetProcAddress 5329->5452 5331 40967b GetUserDefaultLangID 5330->5331 5338 409670 5330->5338 5331->5338 5334->5328 5337 409655 5334->5337 5335 409723 5336 4095d0 5 API calls 5335->5336 5339 40965c 5336->5339 5446 4095d0 5337->5446 5338->5335 5341 4096d2 5338->5341 5342 4096c5 5338->5342 5343 4096bb GetACP 5338->5343 5339->5292 5341->5335 5344 409716 5341->5344 5345 40970c GetACP 5341->5345 5346 4095d0 5 API calls 5342->5346 5343->5338 5343->5342 5347 4095d0 5 API calls 5344->5347 5345->5341 5345->5344 5346->5339 5347->5339 5348->5291 5352 4091a8 5349->5352 5353 4091cd CreateDirectoryA 5352->5353 5358 408c34 4 API calls 5352->5358 5363 4071a8 5 API calls 5352->5363 5366 4057e0 4 API calls 5352->5366 5554 406c30 5352->5554 5577 40907c 5352->5577 5596 404be4 5352->5596 5599 408c04 5352->5599 5354 409245 5353->5354 5355 4091d7 GetLastError 5353->5355 5356 40322c 4 API calls 5354->5356 5355->5352 5357 40924f 5356->5357 5359 4031b8 4 API calls 5357->5359 5358->5352 5361 409269 5359->5361 5362 4031b8 4 API calls 5361->5362 5364 409276 5362->5364 5363->5352 5364->5296 5366->5352 5716 406764 5367->5716 5370 403454 4 API calls 5371 40688e 5370->5371 5372 406608 5371->5372 5721 406828 5372->5721 5375 406646 5378 403454 4 API calls 5375->5378 5376 406638 5377 403340 4 API calls 5376->5377 5380 406644 5377->5380 5379 406659 5378->5379 5381 403340 4 API calls 5379->5381 5382 403198 4 API calls 5380->5382 5381->5380 5383 40667b 5382->5383 5384 406594 5383->5384 5385 4065c0 5384->5385 5386 40659e 5384->5386 5387 40322c 4 API calls 5385->5387 5727 406894 5386->5727 5389 4065c9 5387->5389 5389->5307 5390 4065a5 5390->5385 5391 4065af 5390->5391 5392 403340 4 API calls 5391->5392 5393 4065bd 5392->5393 5393->5307 5395 403344 5394->5395 5396 4033a5 5394->5396 5397 4031e8 5395->5397 5398 40334c 5395->5398 5399 4031fc 5397->5399 5401 403254 4 API calls 5397->5401 5398->5396 5402 4031e8 4 API calls 5398->5402 5404 40335b 5398->5404 5400 403228 5399->5400 5405 4025ac 4 API calls 5399->5405 5400->5309 5401->5399 5402->5404 5403 403254 4 API calls 5406 403375 5403->5406 5404->5403 5405->5400 5407 4031e8 4 API calls 5406->5407 5408 4033a1 5407->5408 5408->5309 5410 407402 5409->5410 5731 407490 5410->5731 5734 40748e 5410->5734 5411 40742e 5412 4073a4 21 API calls 5411->5412 5413 407442 5411->5413 5412->5413 5413->5314 5417 407911 5416->5417 5418 4057e0 4 API calls 5417->5418 5419 407965 5417->5419 5418->5419 5420 407830 InterlockedExchange 5419->5420 5421 407977 5420->5421 5422 4057e0 4 API calls 5421->5422 5423 40798d 5421->5423 5422->5423 5424 4079d0 5423->5424 5425 4057e0 4 API calls 5423->5425 5424->5317 5425->5424 5427 403154 4 API calls 5426->5427 5428 402f29 5427->5428 5737 402bcc 5428->5737 5430 402f51 5430->5430 5432 408c04 4 API calls 5431->5432 5433 408c50 5432->5433 5433->5298 5435 4057b9 5434->5435 5436 405890 5 API calls 5435->5436 5437 4057cb 5436->5437 5437->5437 5439 407ba4 5438->5439 5440 407baf 5438->5440 5740 407db4 5439->5740 5751 407b38 5440->5751 5443 4057e0 4 API calls 5444 407bad 5443->5444 5444->5319 5447 4095d8 5446->5447 5451 409612 5446->5451 5447->5451 5473 403420 5447->5473 5449 40960c 5477 408cdc 5449->5477 5451->5339 5453 406f82 5452->5453 5454 406f8b 5452->5454 5464 403198 4 API calls 5453->5464 5455 406f94 5454->5455 5456 406fcc 5454->5456 5500 406e8c 5455->5500 5458 406e8c RegOpenKeyExA 5456->5458 5461 406fe5 5458->5461 5459 406fad 5460 407002 5459->5460 5503 406e80 5459->5503 5506 40322c 5460->5506 5461->5460 5463 406e80 6 API calls 5461->5463 5467 406ff9 RegCloseKey 5463->5467 5468 407044 5464->5468 5467->5460 5470 403198 4 API calls 5468->5470 5472 40704c 5470->5472 5472->5338 5474 403426 5473->5474 5476 403437 5473->5476 5475 403254 4 API calls 5474->5475 5474->5476 5475->5476 5476->5449 5478 408cea 5477->5478 5480 408d02 5478->5480 5490 408c74 5478->5490 5481 408c74 4 API calls 5480->5481 5482 408d26 5480->5482 5481->5482 5493 407830 5482->5493 5485 408c74 4 API calls 5487 408d52 5485->5487 5486 408c74 4 API calls 5486->5487 5487->5486 5488 403278 4 API calls 5487->5488 5489 408d81 5487->5489 5488->5487 5489->5451 5491 4057e0 4 API calls 5490->5491 5492 408c85 5491->5492 5492->5480 5496 4077dc 5493->5496 5497 4077ee 5496->5497 5498 4077ff 5496->5498 5499 4077f3 InterlockedExchange 5497->5499 5498->5485 5498->5487 5499->5498 5501 406e97 5500->5501 5502 406e9d RegOpenKeyExA 5500->5502 5501->5502 5502->5459 5524 406d4c 5503->5524 5508 403230 5506->5508 5507 403252 5510 4032fc 5507->5510 5508->5507 5509 4025ac 4 API calls 5508->5509 5509->5507 5511 403300 5510->5511 5512 40333f 5510->5512 5513 4031e8 5511->5513 5514 40330a 5511->5514 5512->5453 5521 403254 4 API calls 5513->5521 5522 4031fc 5513->5522 5515 403334 5514->5515 5516 40331d 5514->5516 5517 4034f0 4 API calls 5515->5517 5519 4034f0 4 API calls 5516->5519 5520 403322 5517->5520 5518 403228 5518->5453 5519->5520 5520->5453 5521->5522 5522->5518 5523 4025ac 4 API calls 5522->5523 5523->5518 5525 406d71 RegQueryValueExA 5524->5525 5531 406d91 5525->5531 5539 406db3 5525->5539 5526 403198 4 API calls 5528 406e6c RegCloseKey 5526->5528 5527 406dab 5529 403198 4 API calls 5527->5529 5528->5460 5529->5539 5530 403278 4 API calls 5530->5531 5531->5527 5531->5530 5532 403420 4 API calls 5531->5532 5531->5539 5533 406dd3 RegQueryValueExA 5532->5533 5533->5525 5534 406de8 5533->5534 5534->5539 5541 4034f0 5534->5541 5537 406e42 5538 4031e8 4 API calls 5537->5538 5538->5539 5539->5526 5540 403420 4 API calls 5540->5537 5542 4034fd 5541->5542 5549 40352d 5541->5549 5543 403526 5542->5543 5545 403509 5542->5545 5546 403254 4 API calls 5543->5546 5544 403198 4 API calls 5547 403517 5544->5547 5550 4025c4 5545->5550 5546->5549 5547->5537 5547->5540 5549->5544 5551 4025ca 5550->5551 5552 403154 4 API calls 5551->5552 5553 4025dc 5551->5553 5552->5553 5553->5547 5603 406994 5554->5603 5557 406c62 5559 406994 5 API calls 5557->5559 5561 406cae 5557->5561 5560 406c72 5559->5560 5562 406c7e 5560->5562 5564 406970 7 API calls 5560->5564 5611 4067cc 5561->5611 5562->5561 5565 406994 5 API calls 5562->5565 5574 406ca3 5562->5574 5564->5562 5568 406c97 5565->5568 5571 406970 7 API calls 5568->5571 5568->5574 5569 406594 5 API calls 5570 406cc3 5569->5570 5572 40322c 4 API calls 5570->5572 5571->5574 5573 406ccd 5572->5573 5575 4031b8 4 API calls 5573->5575 5574->5561 5623 406c04 GetWindowsDirectoryA 5574->5623 5576 406ce7 5575->5576 5576->5352 5578 40909c 5577->5578 5579 406594 5 API calls 5578->5579 5580 4090b5 5579->5580 5581 40322c 4 API calls 5580->5581 5582 4090c0 5581->5582 5584 4068b4 6 API calls 5582->5584 5586 408c34 4 API calls 5582->5586 5588 4057e0 4 API calls 5582->5588 5589 40913c 5582->5589 5664 409008 5582->5664 5672 4033b4 5582->5672 5678 408e8c 5582->5678 5584->5582 5586->5582 5588->5582 5590 40322c 4 API calls 5589->5590 5591 409147 5590->5591 5592 4031b8 4 API calls 5591->5592 5593 409161 5592->5593 5594 403198 4 API calls 5593->5594 5595 409169 5594->5595 5595->5352 5597 4050f8 19 API calls 5596->5597 5598 404c02 5597->5598 5598->5352 5600 408c24 5599->5600 5706 408b04 5600->5706 5604 4034f0 4 API calls 5603->5604 5606 4069a7 5604->5606 5605 4069be GetEnvironmentVariableA 5605->5606 5607 4069ca 5605->5607 5606->5605 5610 4069d1 5606->5610 5625 406d28 5606->5625 5608 403198 4 API calls 5607->5608 5608->5610 5610->5557 5620 406970 5610->5620 5629 403414 5611->5629 5614 406812 5617 40322c 4 API calls 5614->5617 5615 4067fb 5615->5614 5616 406803 5615->5616 5618 403278 4 API calls 5616->5618 5619 406810 5617->5619 5618->5619 5619->5569 5631 406918 5620->5631 5624 406c25 5623->5624 5624->5561 5626 406d36 5625->5626 5627 4034f0 4 API calls 5626->5627 5628 406d44 5627->5628 5628->5606 5630 403418 GetFullPathNameA 5629->5630 5630->5614 5630->5615 5638 4068b4 5631->5638 5633 40693a 5634 406942 GetFileAttributesA 5633->5634 5635 406957 5634->5635 5636 403198 4 API calls 5635->5636 5637 40695f 5636->5637 5637->5557 5648 40668c 5638->5648 5640 4068c5 5641 4068d7 CharPrevA 5640->5641 5642 4068eb 5640->5642 5641->5640 5643 406901 5642->5643 5644 4068f6 5642->5644 5655 403454 5643->5655 5646 40322c 4 API calls 5644->5646 5647 4068ff 5646->5647 5647->5633 5650 40669d 5648->5650 5649 4066fd 5651 4065d8 IsDBCSLeadByte 5649->5651 5653 4066f8 5649->5653 5650->5649 5652 4066b9 5650->5652 5651->5653 5652->5653 5662 4065d8 IsDBCSLeadByte 5652->5662 5653->5640 5656 403486 5655->5656 5657 403459 5655->5657 5658 403198 4 API calls 5656->5658 5657->5656 5659 40346d 5657->5659 5661 40347c 5658->5661 5660 403278 4 API calls 5659->5660 5660->5661 5661->5647 5663 4065ec 5662->5663 5663->5652 5665 403198 4 API calls 5664->5665 5667 409029 5665->5667 5669 409056 5667->5669 5687 4032a8 5667->5687 5690 403494 5667->5690 5670 403198 4 API calls 5669->5670 5671 40906b 5670->5671 5671->5582 5673 4033bc 5672->5673 5674 403254 4 API calls 5673->5674 5675 4033cf 5674->5675 5676 4031e8 4 API calls 5675->5676 5677 4033f7 5676->5677 5694 408dc8 5678->5694 5680 408ea2 5681 408ea6 5680->5681 5700 406984 5680->5700 5681->5582 5684 408ed9 5703 408e04 5684->5703 5688 403278 4 API calls 5687->5688 5689 4032b5 5688->5689 5689->5667 5691 403498 5690->5691 5693 4034c3 5690->5693 5692 4034f0 4 API calls 5691->5692 5692->5693 5693->5667 5695 408dd2 5694->5695 5696 408dd6 5694->5696 5695->5680 5697 408df8 SetLastError 5696->5697 5698 408ddf Wow64DisableWow64FsRedirection 5696->5698 5699 408df3 5697->5699 5698->5699 5699->5680 5701 406918 7 API calls 5700->5701 5702 40698e GetLastError 5701->5702 5702->5684 5704 408e13 5703->5704 5705 408e09 Wow64RevertWow64FsRedirection 5703->5705 5704->5582 5705->5704 5707 403198 4 API calls 5706->5707 5709 408b35 5706->5709 5707->5709 5708 4031b8 4 API calls 5710 408be5 5708->5710 5711 408b4c 5709->5711 5712 403278 4 API calls 5709->5712 5714 4032fc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5709->5714 5715 408b60 5709->5715 5710->5352 5713 4032fc 4 API calls 5711->5713 5712->5709 5713->5715 5714->5709 5715->5708 5717 40668c IsDBCSLeadByte 5716->5717 5719 406779 5717->5719 5718 4067c2 5718->5370 5719->5718 5720 4065d8 IsDBCSLeadByte 5719->5720 5720->5719 5722 406837 5721->5722 5723 406764 IsDBCSLeadByte 5722->5723 5726 406842 5723->5726 5724 406632 5724->5375 5724->5376 5725 4065d8 IsDBCSLeadByte 5725->5726 5726->5724 5726->5725 5728 40689b 5727->5728 5729 40689f 5727->5729 5728->5390 5730 4068a6 CharPrevA 5729->5730 5730->5390 5732 403414 5731->5732 5733 4074cf CreateFileA 5732->5733 5733->5411 5735 407490 5734->5735 5736 4074cf CreateFileA 5735->5736 5736->5411 5738 402bd5 RaiseException 5737->5738 5739 402be6 5737->5739 5738->5739 5739->5430 5741 407dc9 5740->5741 5743 407dd8 5741->5743 5758 407ccc 5741->5758 5744 407e12 5743->5744 5745 407ccc 19 API calls 5743->5745 5746 407e26 5744->5746 5747 407ccc 19 API calls 5744->5747 5745->5744 5750 407e52 5746->5750 5755 407d5c 5746->5755 5747->5746 5750->5444 5752 407b8b 5751->5752 5753 407b4c 5751->5753 5752->5443 5752->5444 5753->5752 5769 407a88 5753->5769 5756 407d6b VirtualFree 5755->5756 5757 407d7d VirtualAlloc 5755->5757 5756->5757 5757->5750 5761 405814 5758->5761 5760 407cee 5760->5743 5762 405820 5761->5762 5763 4050e4 19 API calls 5762->5763 5764 40584d 5763->5764 5765 4031e8 4 API calls 5764->5765 5766 405858 5765->5766 5767 403198 4 API calls 5766->5767 5768 40586d 5767->5768 5768->5760 5770 407a93 5769->5770 5771 407aa4 5769->5771 5772 4057e0 4 API calls 5770->5772 5781 4073b8 5771->5781 5772->5771 5775 4073b8 20 API calls 5776 407ad9 5775->5776 5777 407830 InterlockedExchange 5776->5777 5778 407aee 5777->5778 5779 407b04 5778->5779 5780 4057e0 4 API calls 5778->5780 5779->5753 5780->5779 5782 4073cc 5781->5782 5783 4073dc 5782->5783 5784 407304 20 API calls 5782->5784 5783->5775 5784->5783 6284 408e76 6285 408e68 6284->6285 6286 408e04 Wow64RevertWow64FsRedirection 6285->6286 6287 408e70 6286->6287 6288 407e78 6289 407ea0 6288->6289 6291 407ea7 6288->6291 6290 407db4 21 API calls 6289->6290 6290->6291 6292 407eda 6291->6292 6294 407ed0 6291->6294 6295 407ece 6291->6295 6293 407f0f 6292->6293 6296 407ccc 19 API calls 6292->6296 6298 403198 4 API calls 6293->6298 6297 407ccc 19 API calls 6294->6297 6299 4050e4 19 API calls 6295->6299 6296->6293 6297->6292 6300 407f24 6298->6300 6301 407ef6 6299->6301 6303 407c54 6301->6303 6304 407c57 6303->6304 6305 40322c 4 API calls 6304->6305 6306 407c79 6305->6306 6307 4032fc 4 API calls 6306->6307 6308 407c83 6307->6308 6309 4057e0 4 API calls 6308->6309 6310 407c92 6309->6310 6311 403198 4 API calls 6310->6311 6312 407cac 6311->6312 6312->6292 6313 408e78 SetLastError 6314 408e81 6313->6314 6737 403f7d 6738 403fa2 6737->6738 6741 403f84 6737->6741 6740 403e8e 4 API calls 6738->6740 6738->6741 6739 403f8c 6740->6741 6741->6739 6742 402674 4 API calls 6741->6742 6743 403fca 6742->6743 5785 403d02 5792 403d12 5785->5792 5786 403ddf ExitProcess 5787 403db8 5801 403cc8 5787->5801 5788 403dea 5791 403cc8 4 API calls 5793 403dcc 5791->5793 5792->5786 5792->5787 5792->5788 5792->5792 5795 403da4 5792->5795 5796 403d8f MessageBoxA 5792->5796 5805 4019dc 5793->5805 5817 403fe4 5795->5817 5796->5787 5797 403dd1 5797->5786 5797->5788 5802 403cd6 5801->5802 5803 403ceb 5802->5803 5821 402674 5802->5821 5803->5791 5806 401abb 5805->5806 5807 4019ed 5805->5807 5806->5797 5808 401a04 RtlEnterCriticalSection 5807->5808 5809 401a0e LocalFree 5807->5809 5808->5809 5810 401a41 5809->5810 5811 401a2f VirtualFree 5810->5811 5812 401a49 5810->5812 5811->5810 5813 401a70 LocalFree 5812->5813 5814 401a87 5812->5814 5813->5813 5813->5814 5815 401aa9 RtlDeleteCriticalSection 5814->5815 5816 401a9f RtlLeaveCriticalSection 5814->5816 5815->5797 5816->5815 5818 403fe8 5817->5818 5824 403f07 5818->5824 5820 404006 5822 403154 4 API calls 5821->5822 5823 40267a 5822->5823 5823->5803 5827 403f09 5824->5827 5826 403f3c 5826->5820 5829 403e9c 5827->5829 5830 403154 4 API calls 5827->5830 5836 403f3d 5827->5836 5847 403e9c 5827->5847 5828 403ef2 5832 402674 4 API calls 5828->5832 5829->5826 5829->5828 5834 403ea9 5829->5834 5838 403e8e 5829->5838 5830->5827 5833 403ecf 5832->5833 5833->5820 5834->5833 5837 402674 4 API calls 5834->5837 5836->5820 5837->5833 5839 403e4c 5838->5839 5840 403e62 5839->5840 5841 403e7b 5839->5841 5844 403e67 5839->5844 5842 403cc8 4 API calls 5840->5842 5843 402674 4 API calls 5841->5843 5842->5844 5845 403e78 5843->5845 5844->5845 5846 402674 4 API calls 5844->5846 5845->5828 5845->5834 5846->5845 5848 403ed7 5847->5848 5854 403ea9 5847->5854 5850 403ef2 5848->5850 5851 403e8e 4 API calls 5848->5851 5849 403ecf 5849->5827 5852 402674 4 API calls 5850->5852 5853 403ee6 5851->5853 5852->5849 5853->5850 5853->5854 5854->5849 5855 402674 4 API calls 5854->5855 5855->5849 6325 404206 6326 4041cc 6325->6326 6329 40420a 6325->6329 6327 404282 6328 403154 4 API calls 6330 404323 6328->6330 6329->6327 6329->6328 6091 409f08 6121 409394 GetLastError 6091->6121 6094 409f14 6096 409f1e CreateWindowExA SetWindowLongA 6094->6096 6095 402f24 5 API calls 6095->6094 6097 4050e4 19 API calls 6096->6097 6098 409fa1 6097->6098 6099 4032fc 4 API calls 6098->6099 6100 409faf 6099->6100 6101 4032fc 4 API calls 6100->6101 6102 409fbc 6101->6102 6134 406ab8 GetCommandLineA 6102->6134 6105 4032fc 4 API calls 6106 409fd1 6105->6106 6139 4097bc 6106->6139 6109 4095d0 5 API calls 6110 409ff6 6109->6110 6111 40a02f 6110->6111 6155 409330 6110->6155 6113 40a048 6111->6113 6116 40a042 RemoveDirectoryA 6111->6116 6114 40a051 73EA5CF0 6113->6114 6115 40a05c 6113->6115 6114->6115 6117 40a084 6115->6117 6163 40357c 6115->6163 6116->6113 6119 40a07a 6120 4025ac 4 API calls 6119->6120 6120->6117 6122 404be4 19 API calls 6121->6122 6123 4093db 6122->6123 6124 4071a8 5 API calls 6123->6124 6125 4093eb 6124->6125 6126 408c04 4 API calls 6125->6126 6127 409400 6126->6127 6128 4057e0 4 API calls 6127->6128 6129 40940f 6128->6129 6130 4031b8 4 API calls 6129->6130 6131 40942e 6130->6131 6132 403198 4 API calls 6131->6132 6133 409436 6132->6133 6133->6094 6133->6095 6135 406a2c 4 API calls 6134->6135 6136 406add 6135->6136 6137 403198 4 API calls 6136->6137 6138 406afb 6137->6138 6138->6105 6140 4033b4 4 API calls 6139->6140 6141 4097f7 6140->6141 6142 409829 CreateProcessA 6141->6142 6143 409835 6142->6143 6144 40983c CloseHandle 6142->6144 6145 409394 21 API calls 6143->6145 6146 409845 6144->6146 6145->6144 6176 409790 6146->6176 6149 409861 6150 409790 3 API calls 6149->6150 6151 409866 GetExitCodeProcess CloseHandle 6150->6151 6152 409886 6151->6152 6153 403198 4 API calls 6152->6153 6154 40988e 6153->6154 6154->6109 6154->6110 6156 409343 6155->6156 6157 40938a 6155->6157 6156->6157 6158 40934b Sleep 6156->6158 6159 40935b Sleep 6156->6159 6161 409372 GetLastError 6156->6161 6180 408e14 6156->6180 6157->6111 6158->6156 6159->6156 6161->6157 6162 40937c GetLastError 6161->6162 6162->6156 6162->6157 6164 403591 6163->6164 6165 4035a0 6163->6165 6168 4035b6 6164->6168 6171 4035d0 6164->6171 6172 40359b 6164->6172 6166 4035b1 6165->6166 6167 4035b8 6165->6167 6169 403198 4 API calls 6166->6169 6170 4031b8 4 API calls 6167->6170 6168->6119 6169->6168 6170->6168 6171->6168 6173 40357c 4 API calls 6171->6173 6172->6165 6175 4035ec 6172->6175 6173->6171 6175->6168 6188 403554 6175->6188 6177 4097a4 PeekMessageA 6176->6177 6178 4097b6 MsgWaitForMultipleObjects 6177->6178 6179 409798 TranslateMessage DispatchMessageA 6177->6179 6178->6146 6178->6149 6179->6177 6181 408dc8 2 API calls 6180->6181 6182 408e2a 6181->6182 6183 408e2e 6182->6183 6184 408e4a DeleteFileA GetLastError 6182->6184 6183->6156 6185 408e68 6184->6185 6186 408e04 Wow64RevertWow64FsRedirection 6185->6186 6187 408e70 6186->6187 6187->6156 6189 403566 6188->6189 6191 403578 6189->6191 6192 403604 6189->6192 6191->6175 6193 40357c 6192->6193 6194 4035a0 6193->6194 6197 4035b6 6193->6197 6200 40359b 6193->6200 6204 4035d0 6193->6204 6195 4035b1 6194->6195 6196 4035b8 6194->6196 6198 403198 4 API calls 6195->6198 6199 4031b8 4 API calls 6196->6199 6197->6189 6198->6197 6199->6197 6200->6194 6201 4035ec 6200->6201 6201->6197 6203 403554 4 API calls 6201->6203 6202 40357c 4 API calls 6202->6204 6203->6201 6204->6197 6204->6202 6331 402c08 6332 402c82 6331->6332 6335 402c19 6331->6335 6333 402c56 RtlUnwind 6334 403154 4 API calls 6333->6334 6334->6332 6335->6332 6335->6333 6338 402b28 6335->6338 6339 402b31 RaiseException 6338->6339 6340 402b47 6338->6340 6339->6340 6340->6333 6762 407512 GetFileSize 6763 40753e 6762->6763 6764 40752e GetLastError 6762->6764 6764->6763 6765 407537 6764->6765 6766 4073a4 21 API calls 6765->6766 6766->6763 6341 403018 6342 403070 6341->6342 6343 403025 6341->6343 6344 40302a RtlUnwind 6343->6344 6346 40304e 6344->6346 6345 402f78 6346->6345 6348 402be8 6346->6348 6349 402bf1 RaiseException 6348->6349 6350 402c04 6348->6350 6349->6350 6350->6342 6767 406f1f 6768 406f2c SetErrorMode 6767->6768 6351 409e20 6352 409e45 6351->6352 6353 407830 InterlockedExchange 6352->6353 6354 409e6f 6353->6354 6355 409e7f 6354->6355 6356 4098b8 4 API calls 6354->6356 6361 4075c4 SetEndOfFile 6355->6361 6356->6355 6358 409e9b 6359 4025ac 4 API calls 6358->6359 6360 409ed2 6359->6360 6362 4075d4 6361->6362 6363 4075db 6361->6363 6364 4073a4 21 API calls 6362->6364 6363->6358 6364->6363 6365 405a24 6366 405a34 6365->6366 6367 405a2c 6365->6367 6368 405a32 6367->6368 6369 405a3b 6367->6369 6372 40599c 6368->6372 6370 405890 5 API calls 6369->6370 6370->6366 6373 4059a4 6372->6373 6374 4059be 6373->6374 6375 403154 4 API calls 6373->6375 6376 4059c3 6374->6376 6377 4059da 6374->6377 6375->6373 6378 405890 5 API calls 6376->6378 6379 403154 4 API calls 6377->6379 6380 4059d6 6378->6380 6381 4059df 6379->6381 6383 403154 4 API calls 6380->6383 6382 405900 19 API calls 6381->6382 6382->6380 6384 405a08 6383->6384 6385 403154 4 API calls 6384->6385 6386 405a16 6385->6386 6386->6366 6387 403a28 ReadFile 6388 403a46 6387->6388 6389 403a49 GetLastError 6387->6389 6773 409730 6774 409749 6773->6774 6775 40973f 6773->6775 6775->6774 6776 40976e CallWindowProcA 6775->6776 6776->6774 6777 403932 6778 403924 6777->6778 6779 40374c VariantClear 6778->6779 6780 40392c 6779->6780 6205 406f3b 6206 406f2c SetErrorMode 6205->6206 6390 409e3b 6391 4098b8 4 API calls 6390->6391 6392 409e40 6391->6392 6393 409e45 6392->6393 6394 402f24 5 API calls 6392->6394 6395 407830 InterlockedExchange 6393->6395 6394->6393 6396 409e6f 6395->6396 6397 409e7f 6396->6397 6398 4098b8 4 API calls 6396->6398 6399 4075c4 22 API calls 6397->6399 6398->6397 6400 409e9b 6399->6400 6401 4025ac 4 API calls 6400->6401 6402 409ed2 6401->6402 5862 4075c4 SetEndOfFile 5863 4075d4 5862->5863 5864 4075db 5862->5864 5865 4073a4 21 API calls 5863->5865 5865->5864 6409 402ccc 6412 402cfe 6409->6412 6413 402cdd 6409->6413 6410 402d88 RtlUnwind 6411 403154 4 API calls 6410->6411 6411->6412 6413->6410 6413->6412 6414 402b28 RaiseException 6413->6414 6415 402d7f 6414->6415 6415->6410 6781 403fcd 6782 403f07 4 API calls 6781->6782 6783 403fd6 6782->6783 6784 403e9c 4 API calls 6783->6784 6785 403fe2 6784->6785 4900 4024d0 4901 4024e4 4900->4901 4902 4024f7 4900->4902 4939 401918 RtlInitializeCriticalSection 4901->4939 4903 402518 4902->4903 4904 40250e RtlEnterCriticalSection 4902->4904 4916 402300 4903->4916 4904->4903 4908 4024ed 4910 402525 4912 402581 4910->4912 4913 402577 RtlLeaveCriticalSection 4910->4913 4913->4912 4914 402531 4914->4910 4946 40215c 4914->4946 4917 402314 4916->4917 4918 402335 4917->4918 4923 4023b8 4917->4923 4920 402344 4918->4920 4960 401b74 4918->4960 4920->4910 4926 401fd4 4920->4926 4923->4920 4924 402455 4923->4924 4963 401d80 4923->4963 4971 401e84 4923->4971 4924->4920 4967 401d00 4924->4967 4927 401fe8 4926->4927 4928 401ffb 4926->4928 4929 401918 4 API calls 4927->4929 4930 402012 RtlEnterCriticalSection 4928->4930 4933 40201c 4928->4933 4931 401fed 4929->4931 4930->4933 4931->4928 4932 401ff1 4931->4932 4938 402052 4932->4938 4933->4938 5053 401ee0 4933->5053 4936 402147 4936->4914 4937 40213d RtlLeaveCriticalSection 4937->4936 4938->4914 4940 40193c RtlEnterCriticalSection 4939->4940 4941 401946 4939->4941 4940->4941 4942 401964 LocalAlloc 4941->4942 4943 40197e 4942->4943 4944 4019c3 RtlLeaveCriticalSection 4943->4944 4945 4019cd 4943->4945 4944->4945 4945->4902 4945->4908 4947 40217a 4946->4947 4948 402175 4946->4948 4950 4021ab RtlEnterCriticalSection 4947->4950 4953 40217e 4947->4953 4956 4021b5 4947->4956 4949 401918 4 API calls 4948->4949 4949->4947 4950->4956 4951 4021c1 4954 4022e3 RtlLeaveCriticalSection 4951->4954 4955 4022ed 4951->4955 4952 402244 4952->4953 4957 401d80 7 API calls 4952->4957 4953->4910 4954->4955 4955->4910 4956->4951 4956->4952 4958 402270 4956->4958 4957->4953 4958->4951 4959 401d00 7 API calls 4958->4959 4959->4951 4961 40215c 9 API calls 4960->4961 4962 401b95 4961->4962 4962->4920 4964 401d89 4963->4964 4966 401d92 4963->4966 4965 401b74 9 API calls 4964->4965 4964->4966 4965->4966 4966->4923 4968 401d4e 4967->4968 4969 401d1e 4967->4969 4968->4969 4976 401c68 4968->4976 4969->4920 5031 401768 4971->5031 4973 401e99 4975 401ea6 4973->4975 5042 401dcc 4973->5042 4975->4923 4977 401c7a 4976->4977 4978 401c9d 4977->4978 4979 401caf 4977->4979 4989 40188c 4978->4989 4981 40188c 3 API calls 4979->4981 4982 401cad 4981->4982 4983 401cc5 4982->4983 4999 401b44 4982->4999 4983->4969 4985 401cd4 4986 401cee 4985->4986 5004 401b98 4985->5004 5009 4013a0 4986->5009 4990 4018b2 4989->4990 4991 40190b 4989->4991 5013 401658 4990->5013 4991->4982 4996 4018e6 4996->4991 4998 4013a0 LocalAlloc 4996->4998 4998->4991 5000 401b61 4999->5000 5001 401b52 4999->5001 5000->4985 5002 401d00 9 API calls 5001->5002 5003 401b5f 5002->5003 5003->4985 5005 401b9d 5004->5005 5007 401bab 5004->5007 5006 401b74 9 API calls 5005->5006 5008 401baa 5006->5008 5007->4986 5008->4986 5010 4013ab 5009->5010 5011 4013c6 5010->5011 5012 4012e4 LocalAlloc 5010->5012 5011->4983 5012->5011 5015 40168f 5013->5015 5014 4016cf 5017 40132c 5014->5017 5015->5014 5016 4016a9 VirtualFree 5015->5016 5016->5015 5018 401348 5017->5018 5025 4012e4 5018->5025 5021 40150c 5022 40153b 5021->5022 5023 401594 5022->5023 5024 401568 VirtualFree 5022->5024 5023->4996 5024->5022 5028 40128c 5025->5028 5029 401298 LocalAlloc 5028->5029 5030 4012aa 5028->5030 5029->5030 5030->4996 5030->5021 5032 401787 5031->5032 5033 40183b 5032->5033 5034 401494 LocalAlloc VirtualAlloc VirtualAlloc VirtualFree 5032->5034 5035 40132c LocalAlloc 5032->5035 5037 401821 5032->5037 5039 4017d6 5032->5039 5040 4017e7 5033->5040 5049 4015c4 5033->5049 5034->5032 5035->5032 5038 40150c VirtualFree 5037->5038 5038->5040 5041 40150c VirtualFree 5039->5041 5040->4973 5041->5040 5043 401d80 9 API calls 5042->5043 5044 401de0 5043->5044 5045 40132c LocalAlloc 5044->5045 5047 401df0 5045->5047 5046 401df8 5046->4975 5047->5046 5048 401b44 9 API calls 5047->5048 5048->5046 5051 40160a 5049->5051 5050 40163a 5050->5040 5051->5050 5052 401626 VirtualAlloc 5051->5052 5052->5050 5052->5051 5054 401ef0 5053->5054 5055 401f1c 5054->5055 5058 401f40 5054->5058 5059 401e58 5054->5059 5056 401d00 9 API calls 5055->5056 5055->5058 5056->5058 5058->4936 5058->4937 5064 4016d8 5059->5064 5062 401dcc 9 API calls 5063 401e75 5062->5063 5063->5054 5065 4016f4 5064->5065 5067 4016fe 5065->5067 5069 40175b 5065->5069 5070 40132c LocalAlloc 5065->5070 5072 40174f 5065->5072 5074 401430 5065->5074 5068 4015c4 VirtualAlloc 5067->5068 5071 40170a 5068->5071 5069->5062 5069->5063 5070->5065 5071->5069 5073 40150c VirtualFree 5072->5073 5073->5069 5075 40143f VirtualAlloc 5074->5075 5077 40146c 5075->5077 5078 40148f 5075->5078 5079 4012e4 LocalAlloc 5077->5079 5078->5065 5080 401478 5079->5080 5080->5078 5081 40147c VirtualFree 5080->5081 5081->5078 6416 4028d2 6417 4028da 6416->6417 6418 403554 4 API calls 6417->6418 6419 4028ef 6417->6419 6418->6417 6420 4025ac 4 API calls 6419->6420 6421 4028f4 6420->6421 6786 4019d3 6787 4019ba 6786->6787 6788 4019c3 RtlLeaveCriticalSection 6787->6788 6789 4019cd 6787->6789 6788->6789 6790 4065d4 IsDBCSLeadByte 6791 4065ec 6790->6791 6422 40a0d9 6431 409448 6422->6431 6425 402f24 5 API calls 6426 40a0e3 6425->6426 6427 403198 4 API calls 6426->6427 6428 40a102 6427->6428 6429 403198 4 API calls 6428->6429 6430 40a10a 6429->6430 6440 4055fc 6431->6440 6433 409463 6434 409491 6433->6434 6446 407130 6433->6446 6437 403198 4 API calls 6434->6437 6436 409481 6439 409489 MessageBoxA 6436->6439 6438 4094a6 6437->6438 6438->6425 6439->6434 6441 403154 4 API calls 6440->6441 6442 405601 6441->6442 6443 405619 6442->6443 6444 403154 4 API calls 6442->6444 6443->6433 6445 40560f 6444->6445 6445->6433 6447 4055fc 4 API calls 6446->6447 6448 40713f 6447->6448 6449 407145 6448->6449 6451 407153 6448->6451 6450 40322c 4 API calls 6449->6450 6452 407151 6450->6452 6453 407163 6451->6453 6454 40716f 6451->6454 6452->6436 6457 4070f4 6453->6457 6464 4032b8 6454->6464 6458 40322c 4 API calls 6457->6458 6459 407103 6458->6459 6460 407120 6459->6460 6461 406894 CharPrevA 6459->6461 6460->6452 6462 40710f 6461->6462 6462->6460 6463 4032fc 4 API calls 6462->6463 6463->6460 6465 403278 4 API calls 6464->6465 6466 4032c2 6465->6466 6466->6452 6795 407bdb 6798 407be1 6795->6798 6796 40322c 4 API calls 6797 407c79 6796->6797 6799 4032fc 4 API calls 6797->6799 6798->6796 6800 407c83 6799->6800 6801 4057e0 4 API calls 6800->6801 6802 407c92 6801->6802 6803 403198 4 API calls 6802->6803 6804 407cac 6803->6804 6207 4074dc SetFilePointer 6208 40750f 6207->6208 6209 4074ff GetLastError 6207->6209 6209->6208 6210 407508 6209->6210 6211 4073a4 21 API calls 6210->6211 6211->6208 5082 4075e0 WriteFile 5083 407600 5082->5083 5085 407607 5082->5085 5088 4073a4 GetLastError 5083->5088 5084 407618 5085->5084 5091 407304 5085->5091 5089 407304 20 API calls 5088->5089 5090 4073b5 5089->5090 5090->5085 5100 4071a8 FormatMessageA 5091->5100 5094 40734c 5107 4057e0 5094->5107 5097 40735b 5111 403198 5097->5111 5101 4071ce 5100->5101 5115 403278 5101->5115 5104 4050e4 5142 4050f8 5104->5142 5108 4057e7 5107->5108 5109 4031e8 4 API calls 5108->5109 5110 4057ff 5109->5110 5110->5097 5112 4031b7 5111->5112 5113 40319e 5111->5113 5112->5084 5113->5112 5114 4025ac 4 API calls 5113->5114 5114->5112 5120 403254 5115->5120 5117 403288 5118 403198 4 API calls 5117->5118 5119 4032a0 5118->5119 5119->5094 5119->5104 5121 403274 5120->5121 5122 403258 5120->5122 5121->5117 5125 402594 5122->5125 5124 403261 5124->5117 5126 402598 5125->5126 5127 4025a2 5125->5127 5126->5127 5129 403154 5126->5129 5127->5124 5127->5127 5130 403164 5129->5130 5131 40318c TlsGetValue 5129->5131 5130->5127 5132 403196 5131->5132 5133 40316f 5131->5133 5132->5127 5137 40310c 5133->5137 5135 403174 TlsGetValue 5136 403184 5135->5136 5136->5127 5138 403120 LocalAlloc 5137->5138 5139 403116 5137->5139 5140 40313e TlsSetValue 5138->5140 5141 403132 5138->5141 5139->5138 5140->5141 5141->5135 5143 405115 5142->5143 5150 404da8 5143->5150 5146 405141 5147 403278 4 API calls 5146->5147 5149 4050f3 5147->5149 5149->5094 5153 404dc3 5150->5153 5151 404dd5 5151->5146 5155 404b34 5151->5155 5153->5151 5158 404eca 5153->5158 5165 404d9c 5153->5165 5275 405890 5155->5275 5157 404b45 5157->5146 5159 404edb 5158->5159 5160 404f29 5158->5160 5159->5160 5162 404faf 5159->5162 5163 404f47 5160->5163 5168 404d44 5160->5168 5162->5163 5172 404d88 5162->5172 5163->5153 5166 403198 4 API calls 5165->5166 5167 404da6 5166->5167 5167->5153 5169 404d52 5168->5169 5175 404b4c 5169->5175 5171 404d80 5171->5160 5205 4039a4 5172->5205 5178 405900 5175->5178 5177 404b65 5177->5171 5179 40590e 5178->5179 5188 404c2c LoadStringA 5179->5188 5182 4050e4 19 API calls 5183 405946 5182->5183 5191 4031e8 5183->5191 5189 403278 4 API calls 5188->5189 5190 404c59 5189->5190 5190->5182 5192 4031ec 5191->5192 5195 4031fc 5191->5195 5194 403254 4 API calls 5192->5194 5192->5195 5193 403228 5197 4031b8 5193->5197 5194->5195 5195->5193 5201 4025ac 5195->5201 5198 4031be 5197->5198 5199 4031e3 5198->5199 5200 4025ac 4 API calls 5198->5200 5199->5177 5200->5198 5202 4025b0 5201->5202 5204 4025ba 5201->5204 5203 403154 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5202->5203 5202->5204 5203->5204 5204->5193 5206 4039ab 5205->5206 5211 4038b4 5206->5211 5208 4039cb 5209 403198 4 API calls 5208->5209 5210 4039d2 5209->5210 5210->5163 5212 4038d5 5211->5212 5213 4038c8 5211->5213 5215 403934 5212->5215 5216 4038db 5212->5216 5239 403780 5213->5239 5217 403993 5215->5217 5218 40393b 5215->5218 5219 4038e1 5216->5219 5220 4038ee 5216->5220 5222 4037f4 3 API calls 5217->5222 5223 403941 5218->5223 5224 40394b 5218->5224 5246 403894 5219->5246 5221 403894 6 API calls 5220->5221 5227 4038fc 5221->5227 5225 4038d0 5222->5225 5261 403864 5223->5261 5229 4037f4 3 API calls 5224->5229 5225->5208 5251 4037f4 5227->5251 5231 40395d 5229->5231 5232 403864 9 API calls 5231->5232 5234 403976 5232->5234 5233 403917 5257 40374c 5233->5257 5236 40374c VariantClear 5234->5236 5238 40398b 5236->5238 5237 40392c 5237->5208 5238->5208 5240 4037f0 5239->5240 5241 403744 5239->5241 5240->5225 5241->5239 5242 403793 VariantClear 5241->5242 5243 403198 4 API calls 5241->5243 5244 4037dc VariantCopyInd 5241->5244 5245 4037ab 5241->5245 5242->5241 5243->5241 5244->5240 5244->5241 5245->5225 5266 4036b8 5246->5266 5249 40374c VariantClear 5250 4038a9 5249->5250 5250->5225 5252 403845 VariantChangeTypeEx 5251->5252 5253 40380a VariantChangeTypeEx 5251->5253 5256 403832 5252->5256 5254 403826 5253->5254 5255 40374c VariantClear 5254->5255 5255->5256 5256->5233 5258 403766 5257->5258 5259 403759 5257->5259 5258->5237 5259->5258 5260 403779 VariantClear 5259->5260 5260->5237 5272 40369c SysStringLen 5261->5272 5264 40374c VariantClear 5265 403882 5264->5265 5265->5225 5267 4036cb 5266->5267 5268 403706 MultiByteToWideChar SysAllocStringLen MultiByteToWideChar 5267->5268 5269 4036db 5267->5269 5270 40372e 5268->5270 5271 4036ed MultiByteToWideChar SysAllocStringLen 5269->5271 5270->5249 5271->5270 5273 403610 7 API calls 5272->5273 5274 4036b3 5273->5274 5274->5264 5276 40589c 5275->5276 5277 404c2c 5 API calls 5276->5277 5278 4058c2 5277->5278 5279 4031e8 4 API calls 5278->5279 5280 4058cd 5279->5280 5281 403198 4 API calls 5280->5281 5282 4058e2 5281->5282 5282->5157 6471 409ee4 6472 409f14 6471->6472 6473 409f1e CreateWindowExA SetWindowLongA 6472->6473 6474 4050e4 19 API calls 6473->6474 6475 409fa1 6474->6475 6476 4032fc 4 API calls 6475->6476 6477 409faf 6476->6477 6478 4032fc 4 API calls 6477->6478 6479 409fbc 6478->6479 6480 406ab8 5 API calls 6479->6480 6481 409fc8 6480->6481 6482 4032fc 4 API calls 6481->6482 6483 409fd1 6482->6483 6484 4097bc 29 API calls 6483->6484 6485 409fe3 6484->6485 6486 4095d0 5 API calls 6485->6486 6487 409ff6 6485->6487 6486->6487 6488 40a02f 6487->6488 6489 409330 9 API calls 6487->6489 6490 40a048 6488->6490 6493 40a042 RemoveDirectoryA 6488->6493 6489->6488 6491 40a051 73EA5CF0 6490->6491 6492 40a05c 6490->6492 6491->6492 6494 40a084 6492->6494 6495 40357c 4 API calls 6492->6495 6493->6490 6496 40a07a 6495->6496 6497 4025ac 4 API calls 6496->6497 6497->6494 6809 402be9 RaiseException 6810 402c04 6809->6810 6512 402af2 6513 402afe 6512->6513 6516 402ed0 6513->6516 6517 403154 4 API calls 6516->6517 6519 402ee0 6517->6519 6518 402b03 6519->6518 6521 402b0c 6519->6521 6522 402b25 6521->6522 6523 402b15 RaiseException 6521->6523 6522->6518 6523->6522 6524 405af2 6526 405af4 6524->6526 6525 405b30 6529 405890 5 API calls 6525->6529 6526->6525 6527 405b47 6526->6527 6528 405b2a 6526->6528 6533 404c2c 5 API calls 6527->6533 6528->6525 6530 405b9c 6528->6530 6531 405b43 6529->6531 6532 405900 19 API calls 6530->6532 6534 403198 4 API calls 6531->6534 6532->6531 6535 405b70 6533->6535 6536 405bd6 6534->6536 6537 405900 19 API calls 6535->6537 6537->6531 6556 409ef6 6557 409f3a CreateWindowExA SetWindowLongA 6556->6557 6558 409efa 6556->6558 6559 409fa1 6557->6559 6560 4050e4 19 API calls 6557->6560 6558->6557 6561 4032fc 4 API calls 6559->6561 6560->6559 6562 409faf 6561->6562 6563 4032fc 4 API calls 6562->6563 6564 409fbc 6563->6564 6565 406ab8 5 API calls 6564->6565 6566 409fc8 6565->6566 6567 4032fc 4 API calls 6566->6567 6568 409fd1 6567->6568 6569 4097bc 29 API calls 6568->6569 6570 409fe3 6569->6570 6571 4095d0 5 API calls 6570->6571 6572 409ff6 6570->6572 6571->6572 6573 40a02f 6572->6573 6574 409330 9 API calls 6572->6574 6575 40a048 6573->6575 6578 40a042 RemoveDirectoryA 6573->6578 6574->6573 6576 40a051 73EA5CF0 6575->6576 6577 40a05c 6575->6577 6576->6577 6579 40a084 6577->6579 6580 40357c 4 API calls 6577->6580 6578->6575 6581 40a07a 6580->6581 6582 4025ac 4 API calls 6581->6582 6582->6579 6815 402dfa 6816 402e26 6815->6816 6817 402e0d 6815->6817 6819 402ba4 6817->6819 6820 402bc9 6819->6820 6821 402bad 6819->6821 6820->6816 6822 402bb5 RaiseException 6821->6822 6822->6820 6583 403a80 CloseHandle 6584 403a90 6583->6584 6585 403a91 GetLastError 6583->6585 6590 404283 6591 4042c3 6590->6591 6592 403154 4 API calls 6591->6592 6593 404323 6592->6593 6827 404185 6828 4041ff 6827->6828 6829 4041cc 6828->6829 6830 403154 4 API calls 6828->6830 6831 404323 6830->6831 6598 403e87 6599 403e4c 6598->6599 6600 403e62 6599->6600 6601 403e7b 6599->6601 6604 403e67 6599->6604 6602 403cc8 4 API calls 6600->6602 6603 402674 4 API calls 6601->6603 6602->6604 6605 403e78 6603->6605 6604->6605 6606 402674 4 API calls 6604->6606 6606->6605 6836 408d88 6839 408c58 6836->6839 6840 408c61 6839->6840 6841 403198 4 API calls 6840->6841 6842 408c6f 6840->6842 6841->6840 6607 40a091 6608 40a003 6607->6608 6609 40a02f 6608->6609 6610 409330 9 API calls 6608->6610 6611 40a048 6609->6611 6614 40a042 RemoveDirectoryA 6609->6614 6610->6609 6612 40a051 73EA5CF0 6611->6612 6613 40a05c 6611->6613 6612->6613 6615 40a084 6613->6615 6616 40357c 4 API calls 6613->6616 6614->6611 6617 40a07a 6616->6617 6618 4025ac 4 API calls 6617->6618 6618->6615 6619 408a92 6620 408a9b 6619->6620 6621 403198 4 API calls 6620->6621 6628 408b35 6621->6628 6622 408b60 6623 4031b8 4 API calls 6622->6623 6624 408be5 6623->6624 6625 408b4c 6627 4032fc 4 API calls 6625->6627 6626 403278 4 API calls 6626->6628 6627->6622 6628->6622 6628->6625 6628->6626 6629 4032fc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 6628->6629 6629->6628 6643 40a096 6644 40a09f 6643->6644 6646 40a0ca 6643->6646 6653 4092a0 6644->6653 6648 403198 4 API calls 6646->6648 6647 40a0a4 6647->6646 6650 40a0c2 MessageBoxA 6647->6650 6649 40a102 6648->6649 6651 403198 4 API calls 6649->6651 6650->6646 6652 40a10a 6651->6652 6654 409307 ExitWindowsEx 6653->6654 6655 4092ac GetCurrentProcess OpenProcessToken 6653->6655 6657 4092be 6654->6657 6656 4092c2 LookupPrivilegeValueA AdjustTokenPrivileges GetLastError 6655->6656 6655->6657 6656->6654 6656->6657 6657->6647 6658 403a97 6659 403aac 6658->6659 6660 403bbc GetStdHandle 6659->6660 6661 403b0e CreateFileA 6659->6661 6671 403ab2 6659->6671 6662 403c17 GetLastError 6660->6662 6666 403bba 6660->6666 6661->6662 6663 403b2c 6661->6663 6662->6671 6665 403b3b GetFileSize 6663->6665 6663->6666 6665->6662 6667 403b4e SetFilePointer 6665->6667 6668 403be7 GetFileType 6666->6668 6666->6671 6667->6662 6672 403b6a ReadFile 6667->6672 6670 403c02 CloseHandle 6668->6670 6668->6671 6670->6671 6672->6662 6673 403b8c 6672->6673 6673->6666 6674 403b9f SetFilePointer 6673->6674 6674->6662 6675 403bb0 SetEndOfFile 6674->6675 6675->6662 6675->6666 6855 4011aa 6856 4011ac GetStdHandle 6855->6856 6683 4028ac 6684 402594 4 API calls 6683->6684 6685 4028b6 6684->6685 6690 4050b0 6691 4050c3 6690->6691 6692 404da8 19 API calls 6691->6692 6693 4050d7 6692->6693 6698 401ab9 6699 401a96 6698->6699 6700 401aa9 RtlDeleteCriticalSection 6699->6700 6701 401a9f RtlLeaveCriticalSection 6699->6701 6701->6700

                                            Executed Functions

                                            Function 00409948 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 163 409948-40996c GetSystemInfo VirtualQuery 164 409972 163->164 165 4099fc-409a03 163->165 166 4099f1-4099f6 164->166 166->165 167 409974-40997b 166->167 168 4099dd-4099ef VirtualQuery 167->168 169 40997d-409981 167->169 168->165 168->166 169->168 170 409983-40998b 169->170 171 40999c-4099ad VirtualProtect 170->171 172 40998d-409990 170->172 174 4099b1-4099b3 171->174 175 4099af 171->175 172->171 173 409992-409995 172->173 173->171 177 409997-40999a 173->177 176 4099c2-4099c5 174->176 175->174 178 4099b5-4099be call 409940 176->178 179 4099c7-4099c9 176->179 177->171 177->174 178->176 179->168 181 4099cb-4099d8 VirtualProtect 179->181 181->168
                                            APIs
                                            • GetSystemInfo.KERNEL32(?), ref: 0040995A
                                            • VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409965
                                            • VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 004099A6
                                            • VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 004099D8
                                            • VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 004099E8
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Virtual$ProtectQuery$InfoSystem
                                            • String ID:
                                            • API String ID: 2441996862-0
                                            • Opcode ID: 2c2c90e72dc40e46b51dc553d84ebc029875cc2798a18ec57c7a7b28b8fc0619
                                            • Instruction ID: c51dc94dc7e70e4f078c95023904a162ea503a2a47d9e89981edb447ffe3f24e
                                            • Opcode Fuzzy Hash: 2c2c90e72dc40e46b51dc553d84ebc029875cc2798a18ec57c7a7b28b8fc0619
                                            • Instruction Fuzzy Hash: 5F216DF12002046BDA309A598D85E6BB7D89B45360F08492FFA89E37C3D738ED40D669
                                            Function 0040515C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: 8ef9b48ed96d6a8df8db933101511442404bdd0abec70889978d036278c5d13e
                                            • Instruction ID: b78bf48cff894a3999656c5243e329942f020ab22272e2e872fdbeeaebf0035e
                                            • Opcode Fuzzy Hash: 8ef9b48ed96d6a8df8db933101511442404bdd0abec70889978d036278c5d13e
                                            • Instruction Fuzzy Hash: EDE09271B0021426D711A9699C86AEB735DDB58310F0006BFB904EB3C6EDB49E8046ED
                                            Function 00408EFC Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00408F95,?,?,?,?,00000000,?,00409A87), ref: 00408F1C
                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408F22
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,Wow64DisableWow64FsRedirection,00000000,00408F95,?,?,?,?,00000000,?,00409A87), ref: 00408F36
                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408F3C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                            • API String ID: 1646373207-2130885113
                                            • Opcode ID: 8f04cc14bccfcdb17213992c023d8f7c3ecead8bf0913e3ac44b7e7d270b511d
                                            • Instruction ID: ef4badd54955bda93fd7c631ce084268f05c1d5093e10ec72b10b69b713a5d4b
                                            • Opcode Fuzzy Hash: 8f04cc14bccfcdb17213992c023d8f7c3ecead8bf0913e3ac44b7e7d270b511d
                                            • Instruction Fuzzy Hash: D701F770108301EEE700BB72DE57B163A59D745718F60443FF248761C2CE7C4904CA2D
                                            Function 00409EE4 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00409F40
                                            • SetWindowLongA.USER32(000203EE,000000FC,00409730), ref: 00409F57
                                              • Part of subcall function 00406AB8: GetCommandLineA.KERNEL32(00000000,00406AFC,?,?,?,?,00000000,?,00409FC8,?), ref: 00406AD0
                                              • Part of subcall function 004097BC: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020CBDCC,004098A8,00000000,0040988F), ref: 0040982C
                                              • Part of subcall function 004097BC: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020CBDCC,004098A8,00000000), ref: 00409840
                                              • Part of subcall function 004097BC: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409859
                                              • Part of subcall function 004097BC: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 0040986B
                                              • Part of subcall function 004097BC: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020CBDCC,004098A8), ref: 00409874
                                            • RemoveDirectoryA.KERNEL32(00000000,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A043
                                            • 73EA5CF0.USER32(000203EE,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A057
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryExitLineLongMultipleObjectsRemoveWait
                                            • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                            • API String ID: 978128352-3001827809
                                            • Opcode ID: 236cca2b7f0ad913bc20f36f3a7df695144f04c2335042181becfcebe84b62ef
                                            • Instruction ID: 4f29ae81ace6c5531c846cbde0b22070d88524e95894dc47e3de1b2ea254153d
                                            • Opcode Fuzzy Hash: 236cca2b7f0ad913bc20f36f3a7df695144f04c2335042181becfcebe84b62ef
                                            • Instruction Fuzzy Hash: 19412A70600205DFD711EBA9EE85B9E7BA5EB88304F10427BF510B72E2DB789805DB5D
                                            Function 00409F08 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 00409394: GetLastError.KERNEL32(00000000,00409437,?,0040B240,?,020CBDCC), ref: 004093B8
                                            • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00409F40
                                            • SetWindowLongA.USER32(000203EE,000000FC,00409730), ref: 00409F57
                                              • Part of subcall function 00406AB8: GetCommandLineA.KERNEL32(00000000,00406AFC,?,?,?,?,00000000,?,00409FC8,?), ref: 00406AD0
                                              • Part of subcall function 004097BC: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020CBDCC,004098A8,00000000,0040988F), ref: 0040982C
                                              • Part of subcall function 004097BC: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020CBDCC,004098A8,00000000), ref: 00409840
                                              • Part of subcall function 004097BC: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409859
                                              • Part of subcall function 004097BC: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 0040986B
                                              • Part of subcall function 004097BC: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020CBDCC,004098A8), ref: 00409874
                                            • RemoveDirectoryA.KERNEL32(00000000,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A043
                                            • 73EA5CF0.USER32(000203EE,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A057
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryErrorExitLastLineLongMultipleObjectsRemoveWait
                                            • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                            • API String ID: 240127915-3001827809
                                            • Opcode ID: cecf565c0961afba62185dae83a1111a0a24350c08567557d89fa88e41d9bdcc
                                            • Instruction ID: 8d10768f6f352a97fd7f45d9d75da35781c42c574274e542ef9de71c66c7d0f2
                                            • Opcode Fuzzy Hash: cecf565c0961afba62185dae83a1111a0a24350c08567557d89fa88e41d9bdcc
                                            • Instruction Fuzzy Hash: 26410B70A00205DBD711EBA9EE86B9E7BA5EB48304F10427BF510B73E2DB789805DB5D
                                            Function 004097BC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020CBDCC,004098A8,00000000,0040988F), ref: 0040982C
                                            • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020CBDCC,004098A8,00000000), ref: 00409840
                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409859
                                            • GetExitCodeProcess.KERNEL32(?,0040B240), ref: 0040986B
                                            • CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004098B4,020CBDCC,004098A8), ref: 00409874
                                              • Part of subcall function 00409394: GetLastError.KERNEL32(00000000,00409437,?,0040B240,?,020CBDCC), ref: 004093B8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                            • String ID: D
                                            • API String ID: 3356880605-2746444292
                                            • Opcode ID: c5e523d568ed87ab69b8de1fa4de2ba8e9d12516204b82cc72ca68b77ef72ee6
                                            • Instruction ID: 4b44df64f6e4367ebc453b3e314358db19e806afbd12f45635a8daf6f5489de3
                                            • Opcode Fuzzy Hash: c5e523d568ed87ab69b8de1fa4de2ba8e9d12516204b82cc72ca68b77ef72ee6
                                            • Instruction Fuzzy Hash: F71145716102086EDB10FBE6CC52F9E77ACDF49714F50413BBA04F72C6DA785D048669
                                            Function 004019DC Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 108 4019dc-4019e7 109 401abb-401abd 108->109 110 4019ed-401a02 108->110 111 401a04-401a09 RtlEnterCriticalSection 110->111 112 401a0e-401a2d LocalFree 110->112 111->112 113 401a41-401a47 112->113 114 401a49-401a6e call 4012dc * 3 113->114 115 401a2f-401a3f VirtualFree 113->115 122 401a70-401a85 LocalFree 114->122 123 401a87-401a9d 114->123 115->113 122->122 122->123 125 401aa9-401ab3 RtlDeleteCriticalSection 123->125 126 401a9f-401aa4 RtlLeaveCriticalSection 123->126 126->125
                                            APIs
                                            • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
                                            • LocalFree.KERNEL32(00000000,00000000,00401AB4), ref: 00401A1B
                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401AB4), ref: 00401A3A
                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401AB4), ref: 00401A79
                                            • RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
                                            • RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                            • String ID:
                                            • API String ID: 3782394904-0
                                            • Opcode ID: 2760f6fc436d2282df077fa3fe2c561b0ff429e9c23b98cc44d100e589fe962f
                                            • Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
                                            • Opcode Fuzzy Hash: 2760f6fc436d2282df077fa3fe2c561b0ff429e9c23b98cc44d100e589fe962f
                                            • Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D
                                            Function 00409EF6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 127 409ef6-409ef8 128 409f3a-409f97 CreateWindowExA SetWindowLongA 127->128 129 409efa-409f04 127->129 130 409fa1-409fcc call 4032fc * 2 call 406ab8 call 4032fc 128->130 131 409f9c call 4050e4 128->131 129->128 139 409fd1-409fde call 4097bc 130->139 131->130 141 409fe3-409fea 139->141 142 409ff6-40a014 call 402924 141->142 143 409fec-409ff1 call 4095d0 141->143 148 40a016-40a02a call 409330 142->148 149 40a02f-40a036 142->149 143->142 148->149 151 40a048-40a04f 149->151 152 40a038-40a03d call 403414 149->152 154 40a051-40a057 73EA5CF0 151->154 155 40a05c-40a063 151->155 156 40a042-40a043 RemoveDirectoryA 152->156 154->155 157 40a065-40a086 call 40357c call 4025ac 155->157 158 40a08b 155->158 156->151 157->158
                                            APIs
                                            • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00409F40
                                            • SetWindowLongA.USER32(000203EE,000000FC,00409730), ref: 00409F57
                                            • RemoveDirectoryA.KERNEL32(00000000,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A043
                                            • 73EA5CF0.USER32(000203EE,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A057
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$CreateDirectoryLongRemove
                                            • String ID: /SL5="$%x,%d,%d,
                                            • API String ID: 3138356250-3932573195
                                            • Opcode ID: b613a7ce4edcb41dc67f34e270572c8bd45005561bf10fdcf5b8ae4482e344bf
                                            • Instruction ID: 92da378220fa86c3d7769582b63b95c30d1cbd5b696cf01c1bf744cbf4438da8
                                            • Opcode Fuzzy Hash: b613a7ce4edcb41dc67f34e270572c8bd45005561bf10fdcf5b8ae4482e344bf
                                            • Instruction Fuzzy Hash: B6313870A00205DFC715EBA9EE85B9E3BA5EB48304F10427BE450B73E2DB789805DB9D
                                            Function 00403D02 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 183 403d02-403d10 184 403d12-403d19 183->184 185 403d29-403d30 183->185 186 403ddf-403de5 ExitProcess 184->186 187 403d1f 184->187 188 403d32-403d3c 185->188 189 403d3e-403d45 185->189 187->185 190 403d21-403d23 187->190 188->185 191 403d47-403d51 189->191 192 403db8-403dcc call 403cc8 * 2 call 4019dc 189->192 190->185 193 403dea-403e19 call 4030b4 190->193 196 403d56-403d62 191->196 208 403dd1-403dd8 192->208 196->196 198 403d64-403d6e 196->198 201 403d73-403d84 198->201 201->201 204 403d86-403d8d 201->204 206 403da4-403db3 call 403fe4 call 403f67 204->206 207 403d8f-403da2 MessageBoxA 204->207 206->192 207->192 208->193 210 403dda call 4030b4 208->210 210->186
                                            APIs
                                            • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
                                            • ExitProcess.KERNEL32 ref: 00403DE5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ExitMessageProcess
                                            • String ID: Error$Runtime error at 00000000
                                            • API String ID: 1220098344-2970929446
                                            • Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                            • Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
                                            • Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                            • Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E
                                            Function 00409188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00409277,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091CE
                                            • GetLastError.KERNEL32(00000000,00000000,?,00000000,00409277,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091D7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateDirectoryErrorLast
                                            • String ID: .tmp
                                            • API String ID: 1375471231-2986845003
                                            • Opcode ID: 2a9b5b531dfd0466f51cddb5784c326d8b9171bad11d05e807471eb9e268ae76
                                            • Instruction ID: b3c939f821d6d3b02d73a6ffc60c10d65ff6e2c1a1ef0f9f166dc2fc0ea9728e
                                            • Opcode Fuzzy Hash: 2a9b5b531dfd0466f51cddb5784c326d8b9171bad11d05e807471eb9e268ae76
                                            • Instruction Fuzzy Hash: 16214774A00209ABDB01EFA1C9429DFB7B9EB88304F50457FE501B73C2DA7C9E058BA5
                                            Function 00409330 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 244 409330-409341 245 409343-409344 244->245 246 40938a-40938f 244->246 247 409346-409349 245->247 248 409356-409359 247->248 249 40934b-409354 Sleep 247->249 250 409364-409369 call 408e14 248->250 251 40935b-40935f Sleep 248->251 249->250 253 40936e-409370 250->253 251->250 253->246 254 409372-40937a GetLastError 253->254 254->246 255 40937c-409384 GetLastError 254->255 255->246 256 409386-409388 255->256 256->246 256->247
                                            APIs
                                            • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040934F
                                            • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040935F
                                            • GetLastError.KERNEL32(?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 00409372
                                            • GetLastError.KERNEL32(?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040937C
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLastSleep
                                            • String ID:
                                            • API String ID: 1458359878-0
                                            • Opcode ID: 3a4a69ca31a42f451232f6dfa0c76d71d3bd0a4d90442bfbcbe60d550a1314de
                                            • Instruction ID: e54841d902c556b0a825a3a9b48dc11fcb5fd53647a295a33fe7abc41a02d5de
                                            • Opcode Fuzzy Hash: 3a4a69ca31a42f451232f6dfa0c76d71d3bd0a4d90442bfbcbe60d550a1314de
                                            • Instruction Fuzzy Hash: C6F0B472A0031497CB34A5EF9986A6F628DEADA768710403BFD04F73C3D538DD014AAD
                                            Function 00409C56 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117windowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409CBA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Message
                                            • String ID: .tmp
                                            • API String ID: 2030045667-2986845003
                                            • Opcode ID: e37c67d54dac57feaabedb1cd41a5786e804cc8be819c9315e680249df306dc9
                                            • Instruction ID: 59ccd3a8e5ff0a6346b3f4a7db234678dac937939a17de0d6313a761c5d443a3
                                            • Opcode Fuzzy Hash: e37c67d54dac57feaabedb1cd41a5786e804cc8be819c9315e680249df306dc9
                                            • Instruction Fuzzy Hash: B141C130604241DFD715EF29DE92A5A7BA6FB49308B11457AF800B73E2CB79AC01DB9D
                                            Function 00409C71 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113windowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409CBA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Message
                                            • String ID: .tmp
                                            • API String ID: 2030045667-2986845003
                                            • Opcode ID: f91dc667a2d24a60a81ae003db88dd446dde78fb0bef1b00c0f9948de59b2fab
                                            • Instruction ID: 097be32f3f4cb42389ad5c0a501b1885a0adcc09f85d4dbd7a75a59d9c7c1898
                                            • Opcode Fuzzy Hash: f91dc667a2d24a60a81ae003db88dd446dde78fb0bef1b00c0f9948de59b2fab
                                            • Instruction Fuzzy Hash: 6A41AF30600245DFD715EF29DE92A5A7BA6FB49308B10457AF800B73E2CB79AC01DB9D
                                            Function 00408E14 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • DeleteFileA.KERNEL32(00000000,00000000,00408E71,?,0000000D,00000000), ref: 00408E4B
                                            • GetLastError.KERNEL32(00000000,00000000,00408E71,?,0000000D,00000000), ref: 00408E53
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: DeleteErrorFileLast
                                            • String ID:
                                            • API String ID: 2018770650-0
                                            • Opcode ID: 5ad5950806733bcf976988d4047345537b4de7b768f241e6fe6ec66469b23289
                                            • Instruction ID: 8e3a3489f19a851cbc55d1ffa575bc1ec5a38ce87ee949def71102c7139105aa
                                            • Opcode Fuzzy Hash: 5ad5950806733bcf976988d4047345537b4de7b768f241e6fe6ec66469b23289
                                            • Instruction Fuzzy Hash: 6FF0AF71A04308AACB01DBB59D4189EB3A8EB4871875049BBE804F36C1EA385E0095D8
                                            Function 0040A091 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 367 40a091 call 402924 371 40a016-40a02a call 409330 367->371 372 40a02f-40a036 367->372 371->372 374 40a048-40a04f 372->374 375 40a038-40a03d call 403414 372->375 377 40a051-40a057 73EA5CF0 374->377 378 40a05c-40a063 374->378 379 40a042-40a043 RemoveDirectoryA 375->379 377->378 380 40a065-40a086 call 40357c call 4025ac 378->380 381 40a08b 378->381 379->374 380->381
                                            APIs
                                            • RemoveDirectoryA.KERNEL32(00000000,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A043
                                            • 73EA5CF0.USER32(000203EE,0040A096,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A057
                                              • Part of subcall function 00409330: Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040934F
                                              • Part of subcall function 00409330: GetLastError.KERNEL32(?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 00409372
                                              • Part of subcall function 00409330: GetLastError.KERNEL32(?,?,?,0000000D,?,0040A02F,000000FA,00000032,0040A096), ref: 0040937C
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast$DirectoryRemoveSleep
                                            • String ID:
                                            • API String ID: 936953547-0
                                            • Opcode ID: 0a9a254d274ac92dca22db73f0530a1f3c1fd5e301e13facd71e410900e3005e
                                            • Instruction ID: e699c83f6f305330f0c2698d9d65548414d6799202a3aea6d5bad6df6870d186
                                            • Opcode Fuzzy Hash: 0a9a254d274ac92dca22db73f0530a1f3c1fd5e301e13facd71e410900e3005e
                                            • Instruction Fuzzy Hash: FBF03170641201DBD725EB69EEC9B1637A5AF84309F00413BA101B62F1CB7C8851DB4E
                                            Function 00406EC4 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 363 406ec4-406f17 SetErrorMode call 403414 LoadLibraryA
                                            APIs
                                            • SetErrorMode.KERNEL32(00008000), ref: 00406ECE
                                            • LoadLibraryA.KERNEL32(00000000,00000000,00406F18,?,00000000,00406F36,?,00008000), ref: 00406EFD
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLibraryLoadMode
                                            • String ID:
                                            • API String ID: 2987862817-0
                                            • Opcode ID: 730de3fdc093f184fd2de9ac27439434a3bd3e782f0b7281efe78e7bb3385372
                                            • Instruction ID: 5e20ffdb52ff7e8261d23daca573ea8644dcd49689b218f11c6781c5bce8f48d
                                            • Opcode Fuzzy Hash: 730de3fdc093f184fd2de9ac27439434a3bd3e782f0b7281efe78e7bb3385372
                                            • Instruction Fuzzy Hash: D7F089705147047EDB119F769C6241ABBECD749B047534875F910A26D2E53C4C208568
                                            Function 00407544 Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0040755B
                                            • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 0040756A
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorFileLastRead
                                            • String ID:
                                            • API String ID: 1948546556-0
                                            • Opcode ID: 92944724dee91b38b7ee5b374f910e74d6c8544434624f4b14ecda59d71e3572
                                            • Instruction ID: 34e576fd7e6559e3ef6c853e67441063c40c11266019ec046b6cc2e4d5471cd5
                                            • Opcode Fuzzy Hash: 92944724dee91b38b7ee5b374f910e74d6c8544434624f4b14ecda59d71e3572
                                            • Instruction Fuzzy Hash: ABE06DA1A081507AEB20965AAC85FAB66DC8BC5314F04417BF904DB282C678DC00C27A
                                            Function 00407584 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 004075A3
                                            • GetLastError.KERNEL32(?,?,?,00000000), ref: 004075AB
                                              • Part of subcall function 004073A4: GetLastError.KERNEL32(004072A4,00407442,?,?,020903AC,?,00409AE1,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 004073A7
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast$FilePointer
                                            • String ID:
                                            • API String ID: 1156039329-0
                                            • Opcode ID: 64234936368745cadff0884a95fa07edb9d6d799bdb4626fca8da24a174aceff
                                            • Instruction ID: 1215520e40270bbf1c42edbfe5ddbfad2f0444ede1f1e4d22e24bec04403dad1
                                            • Opcode Fuzzy Hash: 64234936368745cadff0884a95fa07edb9d6d799bdb4626fca8da24a174aceff
                                            • Instruction Fuzzy Hash: 6FE092B66081006BD700D55DC881A9B33DCDFC5364F044136BA54EB2C1D6B5EC008376
                                            Function 004074DC Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 004074F3
                                            • GetLastError.KERNEL32(?,00000000,?,00000001), ref: 004074FF
                                              • Part of subcall function 004073A4: GetLastError.KERNEL32(004072A4,00407442,?,?,020903AC,?,00409AE1,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 004073A7
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast$FilePointer
                                            • String ID:
                                            • API String ID: 1156039329-0
                                            • Opcode ID: 7dcdc125b41699120aae8acb46450914bebfaac92dc1c1f3d4146a6219e6b847
                                            • Instruction ID: 3a188f8a391a656106576682ef5fc0e36605e971047c99b326a67709d18e7f8b
                                            • Opcode Fuzzy Hash: 7dcdc125b41699120aae8acb46450914bebfaac92dc1c1f3d4146a6219e6b847
                                            • Instruction Fuzzy Hash: B4E04FB1600210AFEB20EEB98981B9272D89F44364F0485B6EA14DF2C6D274DC00C766
                                            Function 00401430 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID:
                                            • API String ID: 2087232378-0
                                            • Opcode ID: c2c164bf1270d4a813d1c1f6386065a20bb20e5e17a0c6be31043b1a06862ade
                                            • Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
                                            • Opcode Fuzzy Hash: c2c164bf1270d4a813d1c1f6386065a20bb20e5e17a0c6be31043b1a06862ade
                                            • Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9
                                            Function 004051D0 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemDefaultLCID.KERNEL32(00000000,00405306), ref: 004051EF
                                              • Part of subcall function 00404C2C: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404C49
                                              • Part of subcall function 0040515C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: DefaultInfoLoadLocaleStringSystem
                                            • String ID:
                                            • API String ID: 1658689577-0
                                            • Opcode ID: 9ea3c66d670cb0c44a2644de082ff92dfdb36693542507e19320d23b5394a13d
                                            • Instruction ID: c760dbbb10683706500036a577470844d35ac6ab0c013c9c95042e4326961867
                                            • Opcode Fuzzy Hash: 9ea3c66d670cb0c44a2644de082ff92dfdb36693542507e19320d23b5394a13d
                                            • Instruction Fuzzy Hash: 3B313D75E00119ABCB00EF95C8C19EEB779FF84304F158977E815BB285E739AE058B98
                                            Function 004068B4 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                            Download Yara Rule
                                            APIs
                                            • CharPrevA.USER32(00000000,00000000,?,?,?,00000000,0040693A,00000000,00406960,?,?,?,?,00000000,?,00406975), ref: 004068DC
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CharPrev
                                            • String ID:
                                            • API String ID: 122130370-0
                                            • Opcode ID: 71189d5fdb67734adcc989176e972d73cabe0a8508cd7dda32cb2fd1e54b45a1
                                            • Instruction ID: 028ce23b60034aad2079abf39c8673be77ca980571763ae766079fdae63e366f
                                            • Opcode Fuzzy Hash: 71189d5fdb67734adcc989176e972d73cabe0a8508cd7dda32cb2fd1e54b45a1
                                            • Instruction Fuzzy Hash: 59F0BE523019341BC6117A7F18815AFA7888B86709752417FF506FB382DE3EAE6352AE
                                            Function 0040748E Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004074D0
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 15eb5b8bcf830c4b195572af03a6c999168ba8d47e453751ce572d84692466fb
                                            • Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
                                            • Opcode Fuzzy Hash: 15eb5b8bcf830c4b195572af03a6c999168ba8d47e453751ce572d84692466fb
                                            • Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8
                                            Function 00407490 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004074D0
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 460f9172ef9680e9bf065e809d42603cad769bb4ead04fe75bdd308fccde6f1f
                                            • Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
                                            • Opcode Fuzzy Hash: 460f9172ef9680e9bf065e809d42603cad769bb4ead04fe75bdd308fccde6f1f
                                            • Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8
                                            Function 00406918 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004068B4: CharPrevA.USER32(00000000,00000000,?,?,?,00000000,0040693A,00000000,00406960,?,?,?,?,00000000,?,00406975), ref: 004068DC
                                            • GetFileAttributesA.KERNEL32(00000000,00000000,00406960,?,?,?,?,00000000,?,00406975,00406CA3,00000000,00406CE8,?,?,?), ref: 00406943
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AttributesCharFilePrev
                                            • String ID:
                                            • API String ID: 4082512850-0
                                            • Opcode ID: ce07a51bfea017e2e55e9614cb9ba507b4cfa1873d9ff840f51688b3279052b8
                                            • Instruction ID: 89044d1ea86e4fdb03922753e0a58770fdf95516ab6f2bcb8662fa4781c06fed
                                            • Opcode Fuzzy Hash: ce07a51bfea017e2e55e9614cb9ba507b4cfa1873d9ff840f51688b3279052b8
                                            • Instruction Fuzzy Hash: 04E09B713043047FD701EFB2DD53E59B7ECD789704B524476B501F7682D5785E108468
                                            Function 004075E0 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004075F7
                                              • Part of subcall function 004073A4: GetLastError.KERNEL32(004072A4,00407442,?,?,020903AC,?,00409AE1,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 004073A7
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorFileLastWrite
                                            • String ID:
                                            • API String ID: 442123175-0
                                            • Opcode ID: 40637416ea930bd2570c4396363680a61cc257afb866cc0a67376a26f5c88c76
                                            • Instruction ID: cd18fb99e22355188e9d2f817127a110343b64b119c62ac1cd4bac3fbb067e43
                                            • Opcode Fuzzy Hash: 40637416ea930bd2570c4396363680a61cc257afb866cc0a67376a26f5c88c76
                                            • Instruction Fuzzy Hash: 66E06D726081106BEB10A65ED880E6B67DCCFC6364F04447BBA04EB241C575AC0096B6
                                            Function 004071A8 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00408F7F,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,Wow64DisableWow64FsRedirection,00000000,00408F95), ref: 004071C7
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FormatMessage
                                            • String ID:
                                            • API String ID: 1306739567-0
                                            • Opcode ID: b5d7a52e02d208d464bf7f6ecdaab9899475a573c382e68083ca8db3329c0493
                                            • Instruction ID: 5be2c53bb0bc0b7205463fa080de9070734fc39b970025fcf129f6524892d52e
                                            • Opcode Fuzzy Hash: b5d7a52e02d208d464bf7f6ecdaab9899475a573c382e68083ca8db3329c0493
                                            • Instruction Fuzzy Hash: F8E0D8B179830135F22500A44C87B76160E4780700F20403A3B10EE3D2D9BEA50A415F
                                            Function 004075C4 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetEndOfFile.KERNEL32(?,020CBE4C,00409E9B,00000000), ref: 004075CB
                                              • Part of subcall function 004073A4: GetLastError.KERNEL32(004072A4,00407442,?,?,020903AC,?,00409AE1,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 004073A7
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorFileLast
                                            • String ID:
                                            • API String ID: 734332943-0
                                            • Opcode ID: db8739a5fd2cf61c38ac8d555984da3fa994a5017d3c1d655494e9af8eb405ba
                                            • Instruction ID: 3dced8f94abca6fd64a7c9696b134c452ef52fe1396460a469a389ba9e9200de
                                            • Opcode Fuzzy Hash: db8739a5fd2cf61c38ac8d555984da3fa994a5017d3c1d655494e9af8eb405ba
                                            • Instruction Fuzzy Hash: 78C04CA160410057DB50A7BE8AC2A0672D85F5820430441B6B908DB287D678EC009615
                                            Function 00406F1F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(?,00406F3D), ref: 00406F30
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: 3473aa6fdb671349066f074fc3b2aebd5c1d3b8cb352d1e979c386aa55b3b604
                                            • Instruction ID: f94a5d2238f2ee5303b4d558b5d93000027bb0092eeb8c65c9d9a83f01a259cd
                                            • Opcode Fuzzy Hash: 3473aa6fdb671349066f074fc3b2aebd5c1d3b8cb352d1e979c386aa55b3b604
                                            • Instruction Fuzzy Hash: A4B09BB661C2015DE705DAD5745153863D4D7C47103E14577F114D25C0D53C94154518
                                            Function 00406F3B Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(?,00406F3D), ref: 00406F30
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: 5557acf2148e23312bf2bdc7768f633380236e382c485dac7de260305449c299
                                            • Instruction ID: 8ce709a7dcc0858879a49907ae7d49f16bd3fabbd46d8b550b3201db24fc95e8
                                            • Opcode Fuzzy Hash: 5557acf2148e23312bf2bdc7768f633380236e382c485dac7de260305449c299
                                            • Instruction Fuzzy Hash: 46A022B8C00003B2CE80E2F08080A3C23282A883003C00AA2320EB2080C23EC0000A0A
                                            Function 00407DB4 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407E44
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 4b604b7c04c55a97cf12a425da2613599e639526dade8246110179d0dcd9af86
                                            • Instruction ID: e346e479d4e19dc6fbf4ec70e04c611644565a823529d475df5ed673f567dbda
                                            • Opcode Fuzzy Hash: 4b604b7c04c55a97cf12a425da2613599e639526dade8246110179d0dcd9af86
                                            • Instruction Fuzzy Hash: 521172716082059BDB10FF19C881B5B3794AF84359F04847AF958AB3C6DA38EC008B6B
                                            Function 00401658 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualFree.KERNEL32(00000000,00000000,00004000,?,?,?,?,?,004018BF), ref: 004016B2
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FreeVirtual
                                            • String ID:
                                            • API String ID: 1263568516-0
                                            • Opcode ID: a2f32dd8ef58eb042d1926e7c5d87192c2fb778a874e681f692e1318d4ea2181
                                            • Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
                                            • Opcode Fuzzy Hash: a2f32dd8ef58eb042d1926e7c5d87192c2fb778a874e681f692e1318d4ea2181
                                            • Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8
                                            Function 00407460 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: 57bb830fb3630d9a83ec57f7eac22a277ae175c199a92d969abe11a9c095749b
                                            • Instruction ID: 0a303eee8e17872e34e3f08f3f74197a254d67d3e0467507f6d8b9a4d6bdce8a
                                            • Opcode Fuzzy Hash: 57bb830fb3630d9a83ec57f7eac22a277ae175c199a92d969abe11a9c095749b
                                            • Instruction Fuzzy Hash: 9FD0A7C1B00A6017D315F6BF498865B96C85F88685F08843BF684E73D1D67CAC00C3CD
                                            Function 00407D5C Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualFree.KERNEL32(?,00000000,00008000,?,00407E3A), ref: 00407D73
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FreeVirtual
                                            • String ID:
                                            • API String ID: 1263568516-0
                                            • Opcode ID: f18d662fc38f0284a7c8bdb2170b2a8644905928442529ab0c2341243e9dd2c5
                                            • Instruction ID: 987a95dec6bedafdacc6f30d71d69a0298e18a8a9a30f6cccb61f0e346f0d057
                                            • Opcode Fuzzy Hash: f18d662fc38f0284a7c8bdb2170b2a8644905928442529ab0c2341243e9dd2c5
                                            • Instruction Fuzzy Hash: 6FD0E9B17557045BDB90EEB94CC1B1237D97F48600F5044B66904EB296E674E800D614

                                            Non-executed Functions

                                            Function 004092A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcess.KERNEL32(00000028), ref: 004092AF
                                            • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004092B5
                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004092CE
                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 004092F5
                                            • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004092FA
                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 0040930B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                            • String ID: SeShutdownPrivilege
                                            • API String ID: 107509674-3733053543
                                            • Opcode ID: 2a0162333a77e08806ee048c8adb2592b0adbd8e17023ac1d43b711a23017a7c
                                            • Instruction ID: 46e638963846eb8b1a8eef1e5041d40b59806408d3aca7422040dec9ba119927
                                            • Opcode Fuzzy Hash: 2a0162333a77e08806ee048c8adb2592b0adbd8e17023ac1d43b711a23017a7c
                                            • Instruction Fuzzy Hash: 3FF012B079430276E620AAB58D07F6B62885BC5B48F50493EBA51FA1D3D7BCD8044A6E
                                            Function 00409A04 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                            Download Yara Rule
                                            APIs
                                            • FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409A0E
                                            • SizeofResource.KERNEL32(00000000,00000000,?,00409AF9,00000000,0040A08C,?,00000001,00000000,00000002,00000000,0040A0D4,?,00000000,0040A10B), ref: 00409A21
                                            • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,00409AF9,00000000,0040A08C,?,00000001,00000000,00000002,00000000,0040A0D4,?,00000000), ref: 00409A33
                                            • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00409AF9,00000000,0040A08C,?,00000001,00000000,00000002,00000000,0040A0D4), ref: 00409A44
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Resource$FindLoadLockSizeof
                                            • String ID:
                                            • API String ID: 3473537107-0
                                            • Opcode ID: 13ffe1952f0d95e29d084444e35be522072a07585fb49b2685a126b429e6487b
                                            • Instruction ID: d67f3324bf52c58dde7a17cbdb2efc6a036c8c105ddb558a6a56d7c7a7ea3d45
                                            • Opcode Fuzzy Hash: 13ffe1952f0d95e29d084444e35be522072a07585fb49b2685a126b429e6487b
                                            • Instruction Fuzzy Hash: 30E07E913A434225FA6036F708C3B6A014C8BA670EF04503BBB00792C3DEBC8C04452E
                                            Function 004051A8 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004053AA,?,?,?,00000000,0040555C), ref: 004051BB
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: 5ea09b3054f78be8d61aadd1ef4a431fb4c5ee7ddbf8397ee2588b1f4940bcb7
                                            • Instruction ID: dec8dcb9893e8432c944e1b70884c8cc40709e939aac0c2d0d2241257bb7fc31
                                            • Opcode Fuzzy Hash: 5ea09b3054f78be8d61aadd1ef4a431fb4c5ee7ddbf8397ee2588b1f4940bcb7
                                            • Instruction Fuzzy Hash: D3D05EB631E6502AE210519B2D85EBB4EACCAC57A4F14443BF648DB242D2248C069776
                                            Function 004026C4 Relevance: 1.5, APIs: 1, Instructions: 20timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemTime.KERNEL32(?), ref: 004026CE
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: SystemTime
                                            • String ID:
                                            • API String ID: 2656138-0
                                            • Opcode ID: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                            • Instruction ID: 69442b1fa125f02c17f5f00667ba5619268a94e84ed87230136e9e38920861ba
                                            • Opcode Fuzzy Hash: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                            • Instruction Fuzzy Hash: 14E04F21E0010A82C704ABA5CD435EDF7AEAB95600B044272A418E92E0F631C251C748
                                            Function 00405C44 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetVersionExA.KERNEL32(?,00406540,00000000,0040654E,?,?,?,?,?,00409A78), ref: 00405C52
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Version
                                            • String ID:
                                            • API String ID: 1889659487-0
                                            • Opcode ID: b3c8fce3f516c1eeee7654ac00498b0e6f5204205adccd6d1250d5bfc2945711
                                            • Instruction ID: 6a84e84a5bdb2c7c5b206d002f2a3fc227ad50a79849cf1aa773f1ea3c1cbc6a
                                            • Opcode Fuzzy Hash: b3c8fce3f516c1eeee7654ac00498b0e6f5204205adccd6d1250d5bfc2945711
                                            • Instruction Fuzzy Hash: 5AC0126040470186E7109B319C42B1672D4A744310F4805396DA4953C2E73C81018A5A
                                            Function 004082E8 Relevance: .5, Instructions: 545COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                            • Instruction ID: bf64fe3dbf7489daa5b396f442bfdc43c732794851cc1dd68f6a4bedb61b4a1f
                                            • Opcode Fuzzy Hash: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                            • Instruction Fuzzy Hash: 7F32E875E00219DFCB14CF99CA80A9DB7B2BF88314F24816AD855B7395DB34AE42CF54
                                            Function 00406F48 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0040704D), ref: 00406F71
                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00406F77
                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0040704D), ref: 00406FC5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressCloseHandleModuleProc
                                            • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                            • API String ID: 4190037839-2401316094
                                            • Opcode ID: f607686cc0d7273f9df9d94dd6e76e9aefdf0fdd96e28e4fed3be5d0e4603d73
                                            • Instruction ID: 82a514a35929d101a3f87db01d263b67a2005a07a92a8f1bbb0e3c876c3699bd
                                            • Opcode Fuzzy Hash: f607686cc0d7273f9df9d94dd6e76e9aefdf0fdd96e28e4fed3be5d0e4603d73
                                            • Instruction Fuzzy Hash: F3214130E44209AFDB10EAA1CC56B9F77B8AB44304F60857BA605F72C1D77CAA05C79E
                                            Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
                                            • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
                                            • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
                                            • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
                                            • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
                                            • GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
                                            • GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
                                            • CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
                                            • GetLastError.KERNEL32(000000F5), ref: 00403C1E
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                            • String ID:
                                            • API String ID: 1694776339-0
                                            • Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                            • Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
                                            • Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                            • Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D
                                            Function 00405314 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemDefaultLCID.KERNEL32(00000000,0040555C,?,?,?,?,00000000,00000000,00000000,?,0040653B,00000000,0040654E), ref: 0040532E
                                              • Part of subcall function 0040515C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A
                                              • Part of subcall function 004051A8: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004053AA,?,?,?,00000000,0040555C), ref: 004051BB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: InfoLocale$DefaultSystem
                                            • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                            • API String ID: 1044490935-665933166
                                            • Opcode ID: 161572950381ad7cbc257d6fe5eb76d638651fb1e2415ab537dea70fc89fa197
                                            • Instruction ID: f22f4b18e1885e1925b87b286fa486de3d96a381b4aec2b7527aff107c54c5fa
                                            • Opcode Fuzzy Hash: 161572950381ad7cbc257d6fe5eb76d638651fb1e2415ab537dea70fc89fa197
                                            • Instruction Fuzzy Hash: 8E514234B00648ABDB00EBA59C91B9F776ADB89304F50957BB514BB3C6CA3DCA058B5C
                                            Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
                                            • SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
                                            • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$AllocString
                                            • String ID:
                                            • API String ID: 262959230-0
                                            • Opcode ID: daf431a3c2bb6397145c0312c95092c7dd6e0c4ca2be07fc82856b41fd6094de
                                            • Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
                                            • Opcode Fuzzy Hash: daf431a3c2bb6397145c0312c95092c7dd6e0c4ca2be07fc82856b41fd6094de
                                            • Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD
                                            Function 004030DC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(00000000,00409A6E), ref: 004030E3
                                            • GetCommandLineA.KERNEL32(00000000,00409A6E), ref: 004030EE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CommandHandleLineModule
                                            • String ID: U1hd.@$X(F
                                            • API String ID: 2123368496-1895430669
                                            • Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                            • Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
                                            • Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                            • Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD
                                            Function 00401918 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,020C8000,?,00000000,?,?,00401B95,00401BAA,00401CEE), ref: 0040192E
                                            • RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,020C8000,?,00000000,?,?,00401B95,00401BAA,00401CEE), ref: 00401941
                                            • LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,020C8000,?,00000000,?,?,00401B95,00401BAA,00401CEE), ref: 0040196B
                                            • RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,020C8000,?,00000000,?,?,00401B95,00401BAA,00401CEE), ref: 004019C8
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.3014152169.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000001.00000002.3013684101.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014286905.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000001.00000002.3014380761.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                            • String ID:
                                            • API String ID: 730355536-0
                                            • Opcode ID: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
                                            • Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
                                            • Opcode Fuzzy Hash: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
                                            • Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D

                                            Execution Graph

                                            Execution Coverage:20.3%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:7%
                                            Total number of Nodes:2000
                                            Total number of Limit Nodes:118
                                            execution_graph 47320 44ab84 47321 44ab92 47320->47321 47323 44abb1 47320->47323 47321->47323 47324 44aa68 47321->47324 47325 44aa9b 47324->47325 47335 414a90 47325->47335 47327 44aaae 47328 44aadb 73E9A570 47327->47328 47358 40357c 47327->47358 47339 41a190 47328->47339 47332 44ab0c 47347 44a79c 47332->47347 47334 44ab20 73E9A480 47334->47323 47336 414a9e 47335->47336 47372 4034e0 47336->47372 47338 414aab 47338->47327 47340 41a257 47339->47340 47341 41a1bb 47339->47341 47342 403400 4 API calls 47340->47342 47403 403520 47341->47403 47343 41a26f SelectObject 47342->47343 47343->47332 47345 41a213 47346 41a24b CreateFontIndirectA 47345->47346 47346->47340 47348 44a7b3 47347->47348 47349 44a846 47348->47349 47350 44a82f 47348->47350 47351 44a7c6 47348->47351 47349->47334 47352 44a83f DrawTextA 47350->47352 47351->47349 47353 402648 4 API calls 47351->47353 47352->47349 47354 44a7d7 47353->47354 47355 44a7f5 MultiByteToWideChar DrawTextW 47354->47355 47356 402660 4 API calls 47355->47356 47357 44a827 47356->47357 47357->47334 47359 403580 47358->47359 47360 4035bf 47358->47360 47361 403450 47359->47361 47362 40358a 47359->47362 47360->47328 47368 4034bc 4 API calls 47361->47368 47369 403464 47361->47369 47363 4035b4 47362->47363 47364 40359d 47362->47364 47365 4038a4 4 API calls 47363->47365 47406 4038a4 47364->47406 47371 4035a2 47365->47371 47366 403490 47366->47328 47368->47369 47369->47366 47370 402660 4 API calls 47369->47370 47370->47366 47371->47328 47377 4034bc 47372->47377 47374 4034f0 47382 403400 47374->47382 47378 4034c0 47377->47378 47379 4034dc 47377->47379 47386 402648 47378->47386 47379->47374 47381 4034c9 47381->47374 47383 403406 47382->47383 47384 40341f 47382->47384 47383->47384 47399 402660 47383->47399 47384->47338 47387 40264c 47386->47387 47388 402656 47386->47388 47387->47388 47390 4033bc 47387->47390 47388->47381 47388->47388 47391 4033f4 TlsGetValue 47390->47391 47392 4033cc 47390->47392 47393 4033d7 47391->47393 47394 4033fe 47391->47394 47392->47388 47398 403374 LocalAlloc TlsSetValue 47393->47398 47394->47388 47396 4033dc TlsGetValue 47397 4033ec 47396->47397 47397->47388 47398->47396 47400 402664 47399->47400 47401 40266e 47399->47401 47400->47401 47402 4033bc 4 API calls 47400->47402 47401->47384 47401->47401 47402->47401 47404 4034e0 4 API calls 47403->47404 47405 40352a 47404->47405 47405->47345 47407 4038b1 47406->47407 47414 4038e1 47406->47414 47408 4038da 47407->47408 47410 4038bd 47407->47410 47411 4034bc 4 API calls 47408->47411 47409 403400 4 API calls 47412 4038cb 47409->47412 47415 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 47410->47415 47411->47414 47412->47371 47414->47409 47415->47412 47416 41fb00 47417 41fb09 47416->47417 47420 41fda4 47417->47420 47419 41fb16 47421 41fe96 47420->47421 47422 41fdbb 47420->47422 47421->47419 47422->47421 47441 41f964 GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 47422->47441 47424 41fdf1 47425 41fdf5 47424->47425 47426 41fe1b 47424->47426 47442 41fb44 47425->47442 47451 41f964 GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 47426->47451 47429 41fe29 47431 41fe53 47429->47431 47432 41fe2d 47429->47432 47435 41fb44 10 API calls 47431->47435 47434 41fb44 10 API calls 47432->47434 47433 41fb44 10 API calls 47436 41fe19 47433->47436 47437 41fe3f 47434->47437 47438 41fe65 47435->47438 47436->47419 47439 41fb44 10 API calls 47437->47439 47440 41fb44 10 API calls 47438->47440 47439->47436 47440->47436 47441->47424 47443 41fb5f 47442->47443 47444 41fb75 47443->47444 47445 41f8e4 4 API calls 47443->47445 47452 41f8e4 47444->47452 47445->47444 47447 41fbbd 47448 41fbe0 SetScrollInfo 47447->47448 47460 41fa44 47448->47460 47451->47429 47471 418188 47452->47471 47454 41f901 GetWindowLongA 47455 41f93e 47454->47455 47456 41f91e 47454->47456 47474 41f870 GetWindowLongA GetSystemMetrics GetSystemMetrics 47455->47474 47473 41f870 GetWindowLongA GetSystemMetrics GetSystemMetrics 47456->47473 47459 41f92a 47459->47447 47461 41fa52 47460->47461 47462 41fa5a 47460->47462 47461->47433 47463 41fa97 47462->47463 47464 41fa99 47462->47464 47465 41fa89 47462->47465 47466 41fad9 GetScrollPos 47463->47466 47476 417df0 IsWindowVisible ScrollWindow SetWindowPos 47464->47476 47475 417df0 IsWindowVisible ScrollWindow SetWindowPos 47465->47475 47466->47461 47469 41fae4 47466->47469 47470 41faf3 SetScrollPos 47469->47470 47470->47461 47472 418192 47471->47472 47472->47454 47473->47459 47474->47459 47475->47463 47476->47463 47477 4171c3 47478 41728f 47477->47478 47479 4171d9 47477->47479 47480 4171e3 47479->47480 47481 417259 47479->47481 47480->47478 47484 417207 GetCursorPos 47480->47484 47487 4171f3 47480->47487 47481->47478 47482 41726c GetLastActivePopup GetForegroundWindow 47481->47482 47482->47478 47483 417285 47482->47483 47491 4241e8 GetLastActivePopup IsWindowVisible IsWindowEnabled SetForegroundWindow 47483->47491 47486 41721a 47484->47486 47490 416878 PtInRect 47486->47490 47487->47478 47488 41724a SetCursor 47487->47488 47488->47478 47490->47487 47491->47478 47492 420540 47493 420553 47492->47493 47513 415ad8 47493->47513 47495 42069a 47496 4206b1 47495->47496 47520 41467c KiUserCallbackDispatcher 47495->47520 47500 4206c8 47496->47500 47521 4146c0 KiUserCallbackDispatcher 47496->47521 47497 42058e 47497->47495 47498 4205f9 47497->47498 47506 4205ea MulDiv 47497->47506 47518 4207f0 20 API calls 47498->47518 47501 4206ea 47500->47501 47522 420008 12 API calls 47500->47522 47504 420612 47504->47495 47519 420008 12 API calls 47504->47519 47517 41a2ac LocalAlloc TlsSetValue TlsGetValue TlsGetValue DeleteObject 47506->47517 47509 42062f 47510 42064b MulDiv 47509->47510 47511 42066e 47509->47511 47510->47511 47511->47495 47512 420677 MulDiv 47511->47512 47512->47495 47514 415aea 47513->47514 47523 414418 47514->47523 47516 415b02 47516->47497 47517->47498 47518->47504 47519->47509 47520->47496 47521->47500 47522->47501 47524 414432 47523->47524 47527 4105f0 47524->47527 47526 414448 47526->47516 47530 40de3c 47527->47530 47529 4105f6 47529->47526 47531 40de9e 47530->47531 47532 40de4f 47530->47532 47533 40deac 19 API calls 47531->47533 47541 40deac 47532->47541 47534 40dea8 47533->47534 47534->47529 47538 40de81 47554 40d8c0 73EA5CF0 47538->47554 47540 40de96 47540->47529 47542 40debc 47541->47542 47544 40ded2 47542->47544 47555 40d778 47542->47555 47575 40e234 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 47542->47575 47558 40e0e4 47544->47558 47547 40d778 5 API calls 47548 40deda 47547->47548 47548->47547 47549 40df46 47548->47549 47561 40dcf8 47548->47561 47550 40e0e4 5 API calls 47549->47550 47552 40de79 47550->47552 47553 40d814 73EA5CF0 47552->47553 47553->47538 47554->47540 47576 40eba0 47555->47576 47584 40d654 47558->47584 47593 40e0ec 47561->47593 47575->47542 47579 40d918 47576->47579 47581 40d923 47579->47581 47580 40d782 47580->47542 47581->47580 47583 40d964 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 47581->47583 47583->47581 47585 40eba0 5 API calls 47584->47585 47586 40d661 47585->47586 47587 40d674 47586->47587 47591 40eca4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 47586->47591 47587->47548 47589 40d66f 47592 40d5f0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 47589->47592 47591->47589 47592->47587 47617 40d8fc 47593->47617 47595 40dd2b 47600 40eb04 47595->47600 47597 40eba0 5 API calls 47598 40e110 47597->47598 47598->47595 47620 40e070 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 47598->47620 47601 40d918 5 API calls 47600->47601 47602 40eb19 47601->47602 47603 4034e0 4 API calls 47602->47603 47604 40eb27 47603->47604 47621 403744 47604->47621 47606 40eb2e 47607 40d918 5 API calls 47606->47607 47618 40eba0 5 API calls 47617->47618 47619 40d906 47618->47619 47619->47595 47619->47597 47620->47595 47622 40374a 47621->47622 47624 40375b 47621->47624 47623 4034bc 4 API calls 47622->47623 47622->47624 47623->47624 47624->47606 47626 475fc4 47627 475fcf 47626->47627 47629 475fe5 GetLastError 47627->47629 47630 476010 47627->47630 47634 451084 47627->47634 47629->47630 47631 475fef GetLastError 47629->47631 47631->47630 47632 475ff9 GetTickCount 47631->47632 47632->47630 47633 476007 Sleep 47632->47633 47633->47627 47640 450ea0 47634->47640 47636 45109a 47637 45109e 47636->47637 47638 4510ba DeleteFileA GetLastError 47636->47638 47637->47627 47646 450edc 47638->47646 47641 450eae 47640->47641 47642 450eaa 47640->47642 47643 450eb7 Wow64DisableWow64FsRedirection 47641->47643 47644 450ed0 SetLastError 47641->47644 47642->47636 47645 450ecb 47643->47645 47644->47645 47645->47636 47647 450ee1 Wow64RevertWow64FsRedirection 47646->47647 47648 450eeb 47646->47648 47647->47648 47648->47637 47649 402584 47650 402598 47649->47650 47651 4025ab 47649->47651 47679 4019cc RtlInitializeCriticalSection RtlEnterCriticalSection LocalAlloc RtlLeaveCriticalSection 47650->47679 47653 4025c2 RtlEnterCriticalSection 47651->47653 47654 4025cc 47651->47654 47653->47654 47665 4023b4 13 API calls 47654->47665 47655 40259d 47655->47651 47657 4025a1 47655->47657 47658 4025d5 47659 4025d9 47658->47659 47666 402088 47658->47666 47661 402635 47659->47661 47662 40262b RtlLeaveCriticalSection 47659->47662 47662->47661 47663 4025e5 47663->47659 47680 402210 9 API calls 47663->47680 47665->47658 47667 40209c 47666->47667 47668 4020af 47666->47668 47687 4019cc RtlInitializeCriticalSection RtlEnterCriticalSection LocalAlloc RtlLeaveCriticalSection 47667->47687 47670 4020c6 RtlEnterCriticalSection 47668->47670 47673 4020d0 47668->47673 47670->47673 47671 4020a1 47671->47668 47672 4020a5 47671->47672 47676 402106 47672->47676 47673->47676 47681 401f94 47673->47681 47676->47663 47677 4021f1 RtlLeaveCriticalSection 47678 4021fb 47677->47678 47678->47663 47679->47655 47680->47659 47684 401fa4 47681->47684 47682 401fd0 47686 401ff4 47682->47686 47693 401db4 47682->47693 47684->47682 47684->47686 47688 401f0c 47684->47688 47686->47677 47686->47678 47687->47671 47697 40178c 47688->47697 47692 401f29 47692->47684 47694 401e02 47693->47694 47695 401dd2 47693->47695 47694->47695 47720 401d1c 47694->47720 47695->47686 47701 4017a8 47697->47701 47698 4017b2 47716 401678 VirtualAlloc 47698->47716 47701->47698 47703 401803 47701->47703 47706 40180f 47701->47706 47708 4014e4 47701->47708 47717 4013e0 LocalAlloc 47701->47717 47718 4015c0 VirtualFree 47703->47718 47705 4017be 47705->47706 47706->47692 47707 401e80 9 API calls 47706->47707 47707->47692 47709 4014f3 VirtualAlloc 47708->47709 47711 401520 47709->47711 47712 401543 47709->47712 47719 401398 LocalAlloc 47711->47719 47712->47701 47714 40152c 47714->47712 47715 401530 VirtualFree 47714->47715 47715->47712 47716->47705 47717->47701 47718->47706 47719->47714 47721 401d2e 47720->47721 47722 401d51 47721->47722 47723 401d63 47721->47723 47733 401940 47722->47733 47725 401940 3 API calls 47723->47725 47726 401d61 47725->47726 47727 401d79 47726->47727 47743 401bf8 9 API calls 47726->47743 47727->47695 47729 401d88 47730 401da2 47729->47730 47744 401c4c 9 API calls 47729->47744 47745 401454 LocalAlloc 47730->47745 47734 401966 47733->47734 47742 4019bf 47733->47742 47746 40170c 47734->47746 47738 401983 47740 40199a 47738->47740 47751 4015c0 VirtualFree 47738->47751 47740->47742 47752 401454 LocalAlloc 47740->47752 47742->47726 47743->47729 47744->47730 47745->47727 47748 401743 47746->47748 47747 401783 47750 4013e0 LocalAlloc 47747->47750 47748->47747 47749 40175d VirtualFree 47748->47749 47749->47748 47750->47738 47751->47740 47752->47742 47753 4169c4 47754 4169d7 47753->47754 47755 4169ef 47753->47755 47756 416a42 47754->47756 47757 4169d9 47754->47757 47758 4169ea 47755->47758 47778 416938 PtInRect GetCapture 47755->47778 47770 415218 47756->47770 47760 416a0c 47757->47760 47761 4169de 47757->47761 47764 415218 59 API calls 47758->47764 47768 416a79 47758->47768 47760->47758 47769 421a94 6 API calls 47760->47769 47761->47758 47765 416aa9 GetCapture 47761->47765 47762 416a4b 47762->47768 47777 416878 PtInRect 47762->47777 47764->47768 47765->47758 47769->47758 47771 415225 47770->47771 47772 415280 47771->47772 47773 41528b 47771->47773 47776 415289 47771->47776 47772->47776 47780 415004 46 API calls 47772->47780 47779 424b34 13 API calls 47773->47779 47776->47762 47777->47768 47778->47758 47779->47776 47780->47776 47781 422804 47782 422817 47781->47782 47784 422834 47781->47784 47782->47784 47821 408c5c 47782->47821 47783 422aa7 47784->47783 47786 422a49 47784->47786 47787 42286e 47784->47787 47788 422a91 47786->47788 47789 422a9b 47786->47789 47805 4228c5 47787->47805 47829 423150 GetSystemMetrics 47787->47829 47832 421dd4 11 API calls 47788->47832 47789->47783 47793 422ac0 47789->47793 47794 422adf 47789->47794 47790 422971 47795 4229b3 47790->47795 47796 42297d 47790->47796 47791 422a24 47798 422a3e ShowWindow 47791->47798 47801 422ad7 SetWindowPos 47793->47801 47802 422ae9 GetActiveWindow 47794->47802 47800 4229cd ShowWindow 47795->47800 47803 422987 SendMessageA 47796->47803 47798->47783 47799 422909 47830 423148 GetSystemMetrics 47799->47830 47804 418188 47800->47804 47801->47783 47806 422af4 47802->47806 47807 422b13 47802->47807 47808 418188 47803->47808 47810 4229ef CallWindowProcA 47804->47810 47805->47790 47805->47791 47815 422afc IsIconic 47806->47815 47811 422b19 47807->47811 47812 422b3e 47807->47812 47813 4229ab ShowWindow 47808->47813 47831 414c6c 47810->47831 47817 422b30 SetWindowPos SetActiveWindow 47811->47817 47818 422b48 ShowWindow 47812->47818 47816 422a02 SendMessageA 47813->47816 47815->47807 47819 422b06 47815->47819 47816->47783 47817->47783 47818->47783 47833 41ef9c GetCurrentThreadId 73EA5940 47819->47833 47822 408c68 47821->47822 47835 406d8c LoadStringA 47822->47835 47827 403400 4 API calls 47828 408cae 47827->47828 47828->47784 47829->47799 47830->47805 47831->47816 47832->47789 47834 41efca 47833->47834 47834->47807 47836 4034e0 4 API calls 47835->47836 47837 406db9 47836->47837 47838 403450 47837->47838 47839 403454 47838->47839 47841 403464 47838->47841 47839->47841 47842 4034bc 4 API calls 47839->47842 47840 403490 47840->47827 47841->47840 47843 402660 4 API calls 47841->47843 47842->47841 47843->47840 47844 4797c1 47846 4797f5 47844->47846 47847 4797ca 47844->47847 47845 479834 47849 479847 47845->47849 47850 479854 47845->47850 47846->47845 48235 4781e4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 47846->48235 47847->47846 47959 47087c 47847->47959 47853 47984b 47849->47853 47854 479889 47849->47854 47856 47986e 47850->47856 47857 47985d 47850->47857 47852 479827 48236 4783b0 36 API calls 47852->48236 47862 47984f 47853->47862 47866 4798e7 47853->47866 47867 4798cc 47853->47867 47859 479892 47854->47859 47860 4798ad 47854->47860 48238 478420 36 API calls 47856->48238 48237 4783b0 36 API calls 47857->48237 48239 478420 36 API calls 47859->48239 48240 478420 36 API calls 47860->48240 47871 479910 47862->47871 47872 47992e 47862->47872 48242 478420 36 API calls 47866->48242 48241 478420 36 API calls 47867->48241 47873 479925 47871->47873 48243 4783b0 36 API calls 47871->48243 48245 47807c 23 API calls 47872->48245 48244 47807c 23 API calls 47873->48244 47877 47992c 47878 479944 47877->47878 47879 47993e 47877->47879 47880 479942 47878->47880 47882 47838c 36 API calls 47878->47882 47879->47880 47983 47838c 47879->47983 47988 475968 47880->47988 47882->47880 48296 470ab8 47959->48296 48815 477d10 36 API calls 47983->48815 47985 4783a7 48816 408b80 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 47985->48816 48817 42d77c GetWindowsDirectoryA 47988->48817 47990 475986 47991 403450 4 API calls 47990->47991 47992 475993 47991->47992 48819 42d7a8 GetSystemDirectoryA 47992->48819 47994 47599b 47995 403450 4 API calls 47994->47995 47996 4759a8 47995->47996 48821 42d7d4 47996->48821 47998 4759b0 47999 403450 4 API calls 47998->47999 48000 4759bd 47999->48000 48001 4759c6 48000->48001 48002 4759e2 48000->48002 48855 42d0ec 48001->48855 48004 403400 4 API calls 48002->48004 48006 4759e0 48004->48006 48235->47852 48236->47845 48237->47862 48238->47862 48239->47862 48240->47862 48241->47862 48242->47862 48243->47873 48244->47877 48245->47877 48297 470ac2 48296->48297 48411 48d904 48297->48411 48412 48d90d 48411->48412 48455 420154 48412->48455 48456 420164 48455->48456 48465 420290 48456->48465 48466 42029a 48465->48466 48480 41fbf8 48466->48480 48481 41fbfe 48480->48481 48496 4158f4 48481->48496 48497 4158fe 48496->48497 48506 414284 48497->48506 48501 41591f 48515 41a58c 48501->48515 48507 41428e 48506->48507 48519 4101c8 48507->48519 48512 41f36c 48513 41f37c VirtualAlloc 48512->48513 48514 41f3aa 48512->48514 48513->48514 48514->48501 48516 41a592 48515->48516 48517 419b04 4 API calls 48516->48517 48520 4101cf 48519->48520 48522 4101f2 48520->48522 48527 410360 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 48520->48527 48523 41a08c 48522->48523 48524 41a092 48523->48524 48528 419b04 48524->48528 48526 4142ba 48526->48512 48527->48522 48529 419b17 48528->48529 48530 402648 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 48529->48530 48531 419b4c 48529->48531 48530->48531 48531->48526 48815->47985 48818 42d79d 48817->48818 48818->47990 48820 42d7c9 48819->48820 48820->47994 48822 403400 4 API calls 48821->48822 48823 42d7e4 GetModuleHandleA GetProcAddress 48822->48823 48824 42d7fd 48823->48824 48824->47998 48856 4038a4 4 API calls 48855->48856 51987 442d48 51988 403494 4 API calls 51987->51988 51989 442d78 51988->51989 51990 4037b8 4 API calls 51989->51990 51994 442d85 51989->51994 51991 442da6 51990->51991 51991->51994 51995 431334 4 API calls 51991->51995 51992 403400 4 API calls 51993 442fb5 51992->51993 51994->51992 51996 442e19 51995->51996 51997 431404 4 API calls 51996->51997 52004 442e39 51996->52004 51997->51996 51998 442e96 51999 442eb7 51998->51999 52000 442ed8 51998->52000 52011 441a30 51999->52011 52007 441a30 5 API calls 52000->52007 52002 442e7c 52002->51998 52005 442ccc 4 API calls 52002->52005 52004->52002 52024 442ccc 52004->52024 52005->51998 52006 442ed4 52027 442d0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 52006->52027 52007->52006 52009 442f98 52028 442d1c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 73EA5CF0 52009->52028 52012 442a0e 52011->52012 52013 441a69 52011->52013 52015 403400 4 API calls 52012->52015 52014 403400 4 API calls 52013->52014 52016 441a71 52014->52016 52017 442a23 52015->52017 52018 431334 4 API calls 52016->52018 52017->52006 52021 441a7d 52018->52021 52019 4429fe 52020 402b58 73EA5CF0 52019->52020 52022 442a06 52020->52022 52021->52019 52029 441108 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 52021->52029 52022->52006 52025 402648 4 API calls 52024->52025 52026 442ce0 52025->52026 52026->52004 52027->52009 52028->51994 52029->52021 52030 40cdcc 52033 406eb0 WriteFile 52030->52033 52034 406ecd 52033->52034 52035 490b04 52089 403344 52035->52089 52037 490b12 52092 4056a0 52037->52092 52039 490b17 52095 4098ec 52039->52095 52393 4032fc 52089->52393 52091 403349 GetModuleHandleA GetCommandLineA 52091->52037 52093 4033bc 4 API calls 52092->52093 52094 4056db 52092->52094 52093->52094 52094->52039 52394 408fc4 52095->52394 52393->52091 52395 408c5c 5 API calls 52394->52395 52396 408fd5 52395->52396 52397 40857c GetSystemDefaultLCID 52396->52397 52401 4085b2 52397->52401 52398 406d8c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 52398->52401 52399 408508 LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 52399->52401 52400 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 52400->52401 52401->52398 52401->52399 52401->52400 52405 408614 52401->52405 52402 406d8c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 52402->52405 52403 408508 LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 52403->52405 52404 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 52404->52405 52405->52402 52405->52403 52405->52404 52406 408697 52405->52406 52407 403420 4 API calls 52406->52407 52408 4086b1 52407->52408 52409 4086c0 GetSystemDefaultLCID 52408->52409 52466 408508 GetLocaleInfoA 52409->52466 52412 403450 4 API calls 52413 408700 52412->52413 52414 408508 5 API calls 52413->52414 52415 408715 52414->52415 52416 408508 5 API calls 52415->52416 52417 408739 52416->52417 52472 408554 GetLocaleInfoA 52417->52472 52420 408554 GetLocaleInfoA 52467 408541 52466->52467 52468 40852f 52466->52468 52470 403494 4 API calls 52467->52470 52469 4034e0 4 API calls 52468->52469 52471 40853f 52469->52471 52470->52471 52471->52412 52473 408570 52472->52473 52473->52420 53760 42228c 53761 42229b 53760->53761 53766 42121c 53761->53766 53764 4222bb 53767 42128b 53766->53767 53769 42122b 53766->53769 53771 42129c 53767->53771 53791 412478 GetMenuItemCount GetMenuStringA GetMenuState 53767->53791 53769->53767 53790 408ccc 19 API calls 53769->53790 53770 4212ca 53774 42133d 53770->53774 53781 4212e5 53770->53781 53771->53770 53772 421362 53771->53772 53775 421376 SetMenu 53772->53775 53788 42133b 53772->53788 53773 42138e 53794 421164 10 API calls 53773->53794 53779 421351 53774->53779 53774->53788 53775->53788 53778 421395 53778->53764 53789 422190 10 API calls 53778->53789 53782 42135a SetMenu 53779->53782 53783 421308 GetMenu 53781->53783 53781->53788 53782->53788 53784 421312 53783->53784 53785 42132b 53783->53785 53787 421325 SetMenu 53784->53787 53792 412478 GetMenuItemCount GetMenuStringA GetMenuState 53785->53792 53787->53785 53788->53773 53793 421dd4 11 API calls 53788->53793 53789->53764 53790->53769 53791->53771 53792->53788 53793->53773 53794->53778 53795 40d014 53796 40d01c 53795->53796 53797 40d04a 53796->53797 53798 40d03f 53796->53798 53806 40d046 53796->53806 53800 40d060 53797->53800 53801 40d04e 53797->53801 53807 4062a0 GlobalHandle GlobalUnWire GlobalFree 53798->53807 53809 406284 GlobalHandle GlobalUnWire GlobalReAlloc GlobalFix 53800->53809 53808 406274 GlobalAlloc GlobalFix 53801->53808 53804 40d05c 53805 408c5c 5 API calls 53804->53805 53804->53806 53805->53806 53807->53806 53808->53804 53809->53804 53810 44c69c 53811 44c6ca 53810->53811 53812 44c76a 53811->53812 53813 44c726 SetRectEmpty 53811->53813 53817 41b03c 19 API calls 53812->53817 53814 44c73f 53813->53814 53815 41b03c 19 API calls 53814->53815 53816 44c754 DrawTextA 53815->53816 53816->53812 53818 44c7ed DrawTextA 53817->53818 53819 44c801 53818->53819 53820 403400 4 API calls 53819->53820 53821 44c835 53820->53821 53822 40cddc 53825 406edc SetFilePointer 53822->53825 53824 40cde7 53825->53824 53826 479727 53827 4502b0 5 API calls 53826->53827 53828 47973b 53827->53828 53829 47889c 23 API calls 53828->53829 53830 47975f 53829->53830 53831 402b58 73EA5CF0 53830->53831 53832 479775 53831->53832 53833 442fe4 53836 443017 53833->53836 53834 403400 4 API calls 53835 4432bc 53834->53835 53837 403494 4 API calls 53836->53837 53839 443025 53836->53839 53838 4430bd 53837->53838 53838->53839 53840 4037b8 4 API calls 53838->53840 53839->53834 53841 4430eb 53840->53841 53842 4334d0 4 API calls 53841->53842 53843 443114 53842->53843 53843->53839 53844 431334 4 API calls 53843->53844 53845 44313a 53844->53845 53846 442ccc 4 API calls 53845->53846 53847 443147 53846->53847 53848 431404 4 API calls 53847->53848 53849 443151 53848->53849 53850 431404 4 API calls 53849->53850 53857 44316e 53849->53857 53850->53849 53851 4431c9 53853 441a30 5 API calls 53851->53853 53852 4431af 53852->53851 53855 442ccc 4 API calls 53852->53855 53856 4431fe 53853->53856 53854 442ccc 4 API calls 53854->53857 53855->53851 53863 442d0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53856->53863 53857->53852 53857->53854 53859 443297 53864 442d1c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 73EA5CF0 53859->53864 53861 44329f 53865 4334f4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53861->53865 53863->53859 53864->53861 53865->53839 53866 416ba0 53869 41369c 53866->53869 53868 416bac 53870 4136a7 GetWindowThreadProcessId 53869->53870 53871 4136cc 53869->53871 53870->53871 53872 4136b2 GetCurrentProcessId 53870->53872 53871->53868 53872->53871 53873 4136bc GetPropA 53872->53873 53873->53871 53874 466924 53875 46695a 53874->53875 53900 466b47 53874->53900 53879 4669b6 53875->53879 53880 4669c7 53875->53880 53881 4669a5 53875->53881 53882 4669d8 53875->53882 53883 4669e9 53875->53883 53892 46698e 53875->53892 53876 403400 4 API calls 53878 466bd3 53876->53878 53877 4641fc 19 API calls 53893 466a0b 53877->53893 53886 403400 4 API calls 53878->53886 54064 466378 36 API calls 53879->54064 53910 4664c0 53880->53910 54063 466210 149 API calls 53881->54063 54065 466694 151 API calls 53882->54065 54066 4668b4 40 API calls 53883->54066 53890 466bdb 53886->53890 53891 4669ab 53891->53892 53891->53900 53892->53877 53892->53900 53894 48cf80 127 API calls 53893->53894 53893->53900 53903 466a4d 53893->53903 53894->53903 53895 464138 19 API calls 53895->53903 53896 466b34 53949 47bf8c 53896->53949 53897 414a90 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53897->53903 53898 42caa4 6 API calls 53898->53903 53900->53876 53903->53895 53903->53896 53903->53897 53903->53898 53903->53900 53904 465c24 131 API calls 53903->53904 53905 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53903->53905 53907 466bb5 53903->53907 53966 465b50 53903->53966 53973 465488 53903->53973 53993 47bb48 53903->53993 54067 465ff0 127 API calls 53903->54067 53904->53903 53905->53903 53908 465c24 131 API calls 53907->53908 53908->53900 54068 466fc4 53910->54068 53913 466658 53915 403400 4 API calls 53913->53915 53914 414a90 4 API calls 53916 46650e 53914->53916 53917 46666d 53915->53917 53920 42c7c4 5 API calls 53916->53920 53948 466644 53916->53948 53918 403420 4 API calls 53917->53918 53919 46667a 53918->53919 53922 403400 4 API calls 53919->53922 53923 46652a 53920->53923 53921 403450 4 API calls 53921->53913 53924 466682 53922->53924 53925 42c3a4 5 API calls 53923->53925 53924->53892 53926 466535 53925->53926 54071 454320 GetModuleHandleA GetProcAddress 53926->54071 53948->53913 53948->53921 53950 47bfc3 53949->53950 53953 47bfd6 53950->53953 54206 47bea4 53950->54206 53954 47bff2 53953->53954 53956 461e6c 20 API calls 53953->53956 53955 47c066 53954->53955 53957 455970 23 API calls 53954->53957 54216 47b14c 53955->54216 53959 47c034 53956->53959 53957->53955 54220 477d10 36 API calls 53959->54220 53963 47c0a2 53964 403400 4 API calls 53963->53964 53965 47c0b7 53964->53965 53965->53900 53967 465b61 53966->53967 53968 465b5c 53966->53968 54598 465008 137 API calls 53967->54598 53969 465b5f 53968->53969 54508 4655c8 53968->54508 53969->53903 53971 465b69 53971->53903 53974 4654af 53973->53974 54614 476d64 53974->54614 53976 4654c1 53977 461e6c 20 API calls 53976->53977 53992 46551f 53976->53992 53979 4654cf 53977->53979 53978 403400 4 API calls 53980 465550 53978->53980 53981 40357c 4 API calls 53979->53981 53980->53903 53982 4654dc 53981->53982 53983 40357c 4 API calls 53982->53983 53984 4654e9 53983->53984 53985 40357c 4 API calls 53984->53985 53986 4654f6 53985->53986 53987 40357c 4 API calls 53986->53987 53988 465504 53987->53988 53989 414ac0 4 API calls 53988->53989 53990 465512 53989->53990 53991 4621a4 11 API calls 53990->53991 53991->53992 53992->53978 53994 466fc4 45 API calls 53993->53994 53995 47bb8b 53994->53995 53996 47bb94 53995->53996 54865 408b80 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53995->54865 53998 414a90 4 API calls 53996->53998 53999 47bba4 53998->53999 54000 403450 4 API calls 53999->54000 54001 47bbb1 54000->54001 54656 4672ac 54001->54656 54004 47bbc1 54006 414a90 4 API calls 54004->54006 54007 47bbd1 54006->54007 54008 403450 4 API calls 54007->54008 54009 47bbde 54008->54009 54010 464df0 SendMessageA 54009->54010 54011 47bbf7 54010->54011 54012 47bc35 54011->54012 54867 473510 23 API calls 54011->54867 54685 424184 IsIconic 54012->54685 54016 47bc65 54018 47b14c 127 API calls 54016->54018 54017 47bc50 SetActiveWindow 54017->54016 54019 47bc78 54018->54019 54063->53891 54064->53892 54065->53892 54066->53892 54067->53903 54097 467050 54068->54097 54072 450ea0 2 API calls 54071->54072 54073 454368 54072->54073 54074 454375 54073->54074 54075 45436c 54073->54075 54076 454387 54074->54076 54077 4543ae 54074->54077 54079 403420 4 API calls 54075->54079 54078 42c3a4 5 API calls 54076->54078 54080 42c6fc 5 API calls 54077->54080 54082 454453 54079->54082 54098 414a90 4 API calls 54097->54098 54099 467082 54098->54099 54151 461f04 54099->54151 54102 414ac0 4 API calls 54103 467094 54102->54103 54104 4670a3 54103->54104 54106 4670bc 54103->54106 54180 477d10 36 API calls 54104->54180 54108 467103 54106->54108 54110 4670ea 54106->54110 54107 403420 4 API calls 54109 4664f2 54107->54109 54111 467160 54108->54111 54124 467107 54108->54124 54109->53913 54109->53914 54181 477d10 36 API calls 54110->54181 54183 42ca34 CharNextA 54111->54183 54114 46716f 54115 467173 54114->54115 54120 46718c 54114->54120 54184 477d10 36 API calls 54115->54184 54117 467147 54182 477d10 36 API calls 54117->54182 54119 4671b0 54185 477d10 36 API calls 54119->54185 54120->54119 54160 462074 54120->54160 54124->54117 54124->54120 54127 4671c9 54128 403778 4 API calls 54127->54128 54129 4671df 54128->54129 54168 42c894 54129->54168 54132 4671f0 54186 462100 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54132->54186 54133 46721e 54134 42c7c4 5 API calls 54133->54134 54149 4670b7 54149->54107 54156 461f1e 54151->54156 54153 42caa4 6 API calls 54153->54156 54154 403450 4 API calls 54154->54156 54155 406b50 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54155->54156 54156->54153 54156->54154 54156->54155 54157 461f67 54156->54157 54189 42c9a4 54156->54189 54158 403420 4 API calls 54157->54158 54159 461f81 54158->54159 54159->54102 54161 46207e 54160->54161 54162 462095 CharNextA 54161->54162 54163 462091 54161->54163 54162->54161 54163->54119 54164 4620a4 54163->54164 54165 4620ae 54164->54165 54166 4620db 54165->54166 54167 4620df CharNextA 54165->54167 54166->54119 54166->54127 54167->54165 54169 42c8aa 54168->54169 54170 42c8ec 54168->54170 54169->54170 54171 42c8dd CharNextA 54169->54171 54170->54132 54170->54133 54171->54169 54180->54149 54181->54149 54182->54149 54183->54114 54184->54149 54185->54149 54190 403494 4 API calls 54189->54190 54191 42c9b4 54190->54191 54192 403744 4 API calls 54191->54192 54195 42c9ea 54191->54195 54198 42c3e8 IsDBCSLeadByte 54191->54198 54192->54191 54194 42ca2e 54194->54156 54195->54194 54197 4037b8 4 API calls 54195->54197 54199 42c3e8 IsDBCSLeadByte 54195->54199 54197->54195 54198->54191 54199->54195 54213 47bed4 54206->54213 54207 47bf67 54208 402b58 73EA5CF0 54207->54208 54209 47bf7c KiUserCallbackDispatcher 54208->54209 54209->53953 54213->54207 54222 42ed78 54213->54222 54238 476edc 54213->54238 54242 47291c 54213->54242 54245 47b3f0 54213->54245 54335 472948 127 API calls 54213->54335 54217 47b16f 54216->54217 54219 47b19d 54216->54219 54218 48cea0 127 API calls 54217->54218 54218->54219 54221 47a908 PostMessageA 54219->54221 54220->53954 54221->53963 54223 42ed84 54222->54223 54224 42eda7 GetActiveWindow GetFocus 54223->54224 54225 41ee4c 2 API calls 54224->54225 54226 42edbe 54225->54226 54227 42eddb 54226->54227 54228 42edcb RegisterClassA 54226->54228 54229 42ee6a SetFocus 54227->54229 54230 42ede9 CreateWindowExA 54227->54230 54228->54227 54231 403400 4 API calls 54229->54231 54230->54229 54232 42ee1c 54230->54232 54233 42ee86 54231->54233 54336 424224 54232->54336 54233->54213 54235 42ee44 54236 42ee4c CreateWindowExA 54235->54236 54236->54229 54237 42ee62 ShowWindow 54236->54237 54237->54229 54239 476f83 54238->54239 54240 476ef0 54238->54240 54239->54213 54240->54239 54342 4550d0 15 API calls 54240->54342 54343 472878 54242->54343 54246 455970 23 API calls 54245->54246 54247 47b435 54246->54247 54248 47b440 54247->54248 54249 47b44c 54247->54249 54250 455970 23 API calls 54248->54250 54251 455970 23 API calls 54249->54251 54252 47b44a 54250->54252 54251->54252 54253 47b45c 54252->54253 54254 47b468 54252->54254 54255 455970 23 API calls 54253->54255 54256 455970 23 API calls 54254->54256 54257 47b466 54255->54257 54256->54257 54258 475650 134 API calls 54257->54258 54259 47b47c 54258->54259 54260 403494 4 API calls 54259->54260 54261 47b489 54260->54261 54262 40357c 4 API calls 54261->54262 54263 47b494 54262->54263 54264 455970 23 API calls 54263->54264 54265 47b49c 54264->54265 54266 475650 134 API calls 54265->54266 54267 47b4a7 54266->54267 54268 47b4cd 54267->54268 54269 403494 4 API calls 54267->54269 54272 47b605 54268->54272 54273 47b4f2 54268->54273 54270 47b4ba 54269->54270 54335->54213 54337 424256 54336->54337 54338 424236 GetWindowTextA 54336->54338 54340 403494 4 API calls 54337->54340 54339 4034e0 4 API calls 54338->54339 54341 424254 54339->54341 54340->54341 54341->54235 54342->54239 54344 4728ac 54343->54344 54346 472884 54343->54346 54344->54213 54345 4728a5 54349 472738 54345->54349 54346->54345 54357 451ac0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54346->54357 54350 472773 54349->54350 54351 403450 4 API calls 54350->54351 54352 472791 54351->54352 54353 471538 127 API calls 54352->54353 54354 4727cb 54353->54354 54355 402b58 73EA5CF0 54354->54355 54356 4727e0 54355->54356 54356->54344 54357->54345 54510 46560f 54508->54510 54509 465a7b 54512 465a96 54509->54512 54513 465ac7 54509->54513 54510->54509 54511 4656ca 54510->54511 54516 403494 4 API calls 54510->54516 54515 4656e5 54511->54515 54521 465726 54511->54521 54517 403494 4 API calls 54512->54517 54514 403494 4 API calls 54513->54514 54520 465ad5 54514->54520 54522 403494 4 API calls 54515->54522 54518 46564e 54516->54518 54519 465aa4 54517->54519 54524 414a90 4 API calls 54518->54524 54610 4646e4 12 API calls 54519->54610 54611 4646e4 12 API calls 54520->54611 54526 403400 4 API calls 54521->54526 54523 4656f3 54522->54523 54528 414a90 4 API calls 54523->54528 54529 46566f 54524->54529 54530 465724 54526->54530 54532 465714 54528->54532 54533 403634 4 API calls 54529->54533 54551 46581b 54530->54551 54599 464df0 54530->54599 54531 465ab2 54534 403400 4 API calls 54531->54534 54535 403634 4 API calls 54532->54535 54536 46567f 54533->54536 54538 465af8 54534->54538 54535->54530 54540 414a90 4 API calls 54536->54540 54543 403400 4 API calls 54538->54543 54539 46588c 54541 403400 4 API calls 54539->54541 54544 465693 54540->54544 54555 46588a 54541->54555 54542 465746 54545 465784 54542->54545 54546 46574c 54542->54546 54547 465b00 54543->54547 54544->54511 54554 414a90 4 API calls 54544->54554 54548 403400 4 API calls 54545->54548 54549 403494 4 API calls 54546->54549 54550 403420 4 API calls 54547->54550 54553 465782 54548->54553 54556 46575a 54549->54556 54557 465b0d 54550->54557 54551->54539 54552 46584b 54551->54552 54558 403494 4 API calls 54552->54558 54568 4650e4 134 API calls 54553->54568 54559 4656ba 54554->54559 54605 46522c 134 API calls 54555->54605 54561 475650 134 API calls 54556->54561 54557->53969 54562 465859 54558->54562 54563 403634 4 API calls 54559->54563 54565 465772 54561->54565 54567 414a90 4 API calls 54562->54567 54563->54511 54564 4658b5 54571 465916 54564->54571 54572 4658c0 54564->54572 54566 403634 4 API calls 54565->54566 54566->54553 54569 46587a 54567->54569 54570 4657ab 54568->54570 54573 403634 4 API calls 54569->54573 54576 4657b6 54570->54576 54577 46580c 54570->54577 54575 403400 4 API calls 54571->54575 54574 403494 4 API calls 54572->54574 54573->54555 54587 4658ce 54574->54587 54578 46591e 54575->54578 54581 403494 4 API calls 54576->54581 54580 403400 4 API calls 54577->54580 54579 402b58 73EA5CF0 54578->54579 54582 465925 54579->54582 54583 46580a 54580->54583 54589 4657c4 54581->54589 54584 465932 54582->54584 54597 4659c7 54582->54597 54585 402b58 73EA5CF0 54583->54585 54606 48ce84 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54584->54606 54585->54551 54587->54578 54591 403634 4 API calls 54587->54591 54593 465914 54587->54593 54588 465941 54588->54597 54607 48d0ec 127 API calls 54588->54607 54589->54583 54592 403634 4 API calls 54589->54592 54591->54587 54592->54589 54593->54578 54595 465a68 54609 4290ec SendMessageA SendMessageA 54595->54609 54608 42909c SendMessageA 54597->54608 54598->53971 54612 429fe8 SendMessageA 54599->54612 54601 464dff 54602 464e1f 54601->54602 54613 429fe8 SendMessageA 54601->54613 54602->54542 54604 464e0f 54604->54542 54605->54564 54606->54588 54607->54597 54608->54595 54609->54509 54610->54531 54611->54531 54612->54601 54613->54604 54615 476d92 54614->54615 54628 476dc8 54614->54628 54633 454220 54615->54633 54616 403420 4 API calls 54617 476ec9 54616->54617 54617->53976 54619 476e92 54620 402b58 73EA5CF0 54619->54620 54621 476ea7 54620->54621 54621->53976 54622 472dc8 127 API calls 54623 476dbc 54622->54623 54623->54619 54623->54622 54625 475650 134 API calls 54623->54625 54623->54628 54629 476e40 54623->54629 54640 476924 31 API calls 54623->54640 54624 475650 134 API calls 54624->54629 54625->54623 54627 42c824 5 API calls 54627->54629 54628->54616 54629->54623 54629->54624 54629->54627 54630 42c84c 5 API calls 54629->54630 54632 476e7f 54629->54632 54641 476a70 140 API calls 54629->54641 54630->54629 54632->54628 54634 454231 54633->54634 54635 454235 54634->54635 54636 45423e 54634->54636 54642 453f24 54635->54642 54650 454004 30 API calls 54636->54650 54639 45423b 54639->54623 54640->54623 54641->54629 54643 42dc44 RegOpenKeyExA 54642->54643 54644 453f41 54643->54644 54645 453f8f 54644->54645 54651 453e58 54644->54651 54645->54639 54648 453e58 6 API calls 54649 453f70 RegCloseKey 54648->54649 54649->54639 54650->54639 54652 42db80 6 API calls 54651->54652 54653 453e80 54652->54653 54654 403420 4 API calls 54653->54654 54655 453f0a 54654->54655 54655->54648 54657 4672d5 54656->54657 54658 467322 54657->54658 54659 414a90 4 API calls 54657->54659 54661 403420 4 API calls 54658->54661 54660 4672eb 54659->54660 54870 461f90 6 API calls 54660->54870 54663 4673cc 54661->54663 54663->54004 54866 408b80 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54663->54866 54664 4672f3 54665 414ac0 4 API calls 54664->54665 54666 467301 54665->54666 54667 46730e 54666->54667 54669 467327 54666->54669 54871 477d10 36 API calls 54667->54871 54670 46733f 54669->54670 54671 462074 CharNextA 54669->54671 54872 477d10 36 API calls 54670->54872 54673 46733b 54671->54673 54673->54670 54674 467355 54673->54674 54675 467371 54674->54675 54676 46735b 54674->54676 54677 42c894 CharNextA 54675->54677 54873 477d10 36 API calls 54676->54873 54679 46737e 54677->54679 54679->54658 54874 462100 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54679->54874 54681 467395 54682 4506dc 4 API calls 54681->54682 54686 424195 SetActiveWindow 54685->54686 54691 4241cb 54685->54691 54687 4235f4 3 API calls 54686->54687 54688 4241ab 54687->54688 54876 423abc 54688->54876 54691->54016 54691->54017 54867->54012 54870->54664 54871->54658 54872->54658 54873->54658 54874->54681 56475 46a7e4 56476 42dc44 RegOpenKeyExA 56475->56476 56477 46a826 56476->56477 56478 46a82a 56477->56478 56479 46a869 56477->56479 56486 46a846 RegSetValueExA 56478->56486 56480 455970 23 API calls 56479->56480 56492 46a873 56480->56492 56481 46a8c6 56482 403420 4 API calls 56481->56482 56483 46a8e0 56482->56483 56484 46a87e AddFontResourceA 56485 46a888 SendNotifyMessageA 56484->56485 56484->56492 56485->56481 56488 46a854 56486->56488 56489 46a85e RegCloseKey 56486->56489 56487 4506dc 4 API calls 56487->56492 56490 455970 23 API calls 56488->56490 56489->56492 56490->56489 56492->56481 56492->56484 56492->56487 56494 42e4f8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue CharPrevA 56492->56494 56495 468cb4 36 API calls 56492->56495 56494->56492 56495->56492 56496 4135e4 SetWindowLongA GetWindowLongA 56497 413641 SetPropA SetPropA 56496->56497 56498 413623 GetWindowLongA 56496->56498 56502 41f344 KiUserCallbackDispatcher 56497->56502 56498->56497 56499 413632 SetWindowLongA 56498->56499 56499->56497 56500 413691 56502->56500 56503 487c60 56504 487ca2 56503->56504 56505 487ccd 56504->56505 56506 487ca4 56504->56506 56509 487d59 56505->56509 56510 487cdc 56505->56510 56507 4466d4 18 API calls 56506->56507 56508 487cb3 56507->56508 56511 4538e8 6 API calls 56508->56511 56519 487d68 56509->56519 56520 487da2 56509->56520 56513 44664c 18 API calls 56510->56513 56512 487cbb 56511->56512 56514 4467ac 5 API calls 56512->56514 56515 487ce8 56513->56515 56516 487cc8 56514->56516 56517 487d2c 56515->56517 56518 487cec 56515->56518 56527 403420 4 API calls 56516->56527 56521 4466d4 18 API calls 56517->56521 56522 487cff 56518->56522 56523 487cf5 56518->56523 56524 4466d4 18 API calls 56519->56524 56532 487db1 56520->56532 56533 487e15 56520->56533 56525 487d3d 56521->56525 56528 4466d4 18 API calls 56522->56528 56741 451ac0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56523->56741 56529 487d80 56524->56529 56743 452eac 30 API calls 56525->56743 56534 48858b 56527->56534 56535 487d10 56528->56535 56530 446678 18 API calls 56529->56530 56536 487d90 56530->56536 56538 44664c 18 API calls 56532->56538 56548 487e6d 56533->56548 56549 487e24 56533->56549 56539 403400 4 API calls 56534->56539 56742 452eac 30 API calls 56535->56742 56744 453b88 9 API calls 56536->56744 56537 487d47 56543 4467ac 5 API calls 56537->56543 56544 487dbf 56538->56544 56545 488593 56539->56545 56541 487d1a 56546 4467ac 5 API calls 56541->56546 56547 487d27 56543->56547 56550 44664c 18 API calls 56544->56550 56546->56547 56547->56516 56555 487e7c 56548->56555 56556 487e97 56548->56556 56551 4466d4 18 API calls 56549->56551 56552 487dce 56550->56552 56553 487e39 56551->56553 56554 4466d4 18 API calls 56552->56554 56557 4466d4 18 API calls 56553->56557 56558 487de4 56554->56558 56559 453a74 5 API calls 56555->56559 56567 487ee3 56556->56567 56568 487ea6 56556->56568 56560 487e4c 56557->56560 56561 44664c 18 API calls 56558->56561 56562 487e84 56559->56562 56563 451f2c 12 API calls 56560->56563 56564 487df6 56561->56564 56566 446a28 5 API calls 56562->56566 56569 487e5a 56563->56569 56565 452758 20 API calls 56564->56565 56570 487e03 56565->56570 56566->56516 56575 487f2a 56567->56575 56576 487ef2 56567->56576 56571 4466d4 18 API calls 56568->56571 56572 446a28 5 API calls 56569->56572 56573 4467ac 5 API calls 56570->56573 56574 487eb5 56571->56574 56572->56516 56573->56516 56745 453278 27 API calls 56574->56745 56583 487f3d 56575->56583 56584 488000 56575->56584 56578 4466d4 18 API calls 56576->56578 56581 487f01 56578->56581 56579 487ec5 56746 430efc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56579->56746 56747 430efc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56581->56747 56582 487ed0 56585 446a28 5 API calls 56582->56585 56586 4466d4 18 API calls 56583->56586 56589 48802a 56584->56589 56590 48800f 56584->56590 56585->56516 56587 487f50 56586->56587 56591 454320 14 API calls 56587->56591 56601 48803d 56589->56601 56605 4880bf 56589->56605 56593 453ab0 5 API calls 56590->56593 56594 487f60 56591->56594 56592 487f17 56595 446a28 5 API calls 56592->56595 56596 488017 56593->56596 56597 487f68 56594->56597 56598 487fee 56594->56598 56595->56516 56599 446a28 5 API calls 56596->56599 56600 44664c 18 API calls 56597->56600 56602 4467ac 5 API calls 56598->56602 56599->56516 56608 487f76 56600->56608 56603 44664c 18 API calls 56601->56603 56602->56516 56604 488048 56603->56604 56606 48804c 56604->56606 56607 48808f 56604->56607 56615 4880e1 56605->56615 56628 488209 56605->56628 56610 48805f 56606->56610 56750 451ac0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56606->56750 56609 4466d4 18 API calls 56607->56609 56748 446a8c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56608->56748 56612 48809e 56609->56612 56611 4466d4 18 API calls 56610->56611 56614 48806e 56611->56614 56617 44664c 18 API calls 56612->56617 56618 44664c 18 API calls 56614->56618 56616 488101 56615->56616 56751 484db0 19 API calls 56615->56751 56621 4466d4 18 API calls 56616->56621 56622 4880b0 56617->56622 56623 488080 56618->56623 56625 488110 56621->56625 56626 452b60 29 API calls 56622->56626 56627 452b60 29 API calls 56623->56627 56624 487fcb 56749 446a8c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56624->56749 56630 42c548 8 API calls 56625->56630 56626->56516 56627->56516 56637 488361 56628->56637 56639 48822b 56628->56639 56632 48811e 56630->56632 56631 487fdc 56633 4467ac 5 API calls 56631->56633 56634 4881e4 56632->56634 56635 488126 56632->56635 56633->56516 56636 4467ac 5 API calls 56634->56636 56640 42ed78 14 API calls 56635->56640 56643 4881f1 56636->56643 56650 48839e 56637->56650 56651 488370 56637->56651 56638 48824b 56641 4466d4 18 API calls 56638->56641 56639->56638 56753 484db0 19 API calls 56639->56753 56642 488132 56640->56642 56645 48825c 56641->56645 56646 4466d4 18 API calls 56642->56646 56752 446954 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56643->56752 56648 42c548 8 API calls 56645->56648 56649 488154 56646->56649 56653 48826a 56648->56653 56654 4466d4 18 API calls 56649->56654 56663 4883ad 56650->56663 56664 4883d3 56650->56664 56652 4466d4 18 API calls 56651->56652 56655 48837f 56652->56655 56656 48833c 56653->56656 56657 488272 56653->56657 56658 488169 56654->56658 56659 45333c 17 API calls 56655->56659 56662 4467ac 5 API calls 56656->56662 56660 42ed78 14 API calls 56657->56660 56661 446678 18 API calls 56658->56661 56665 48838c 56659->56665 56666 48827e 56660->56666 56667 48817b 56661->56667 56668 488349 56662->56668 56669 453bec 34 API calls 56663->56669 56675 48841d 56664->56675 56676 4883e2 56664->56676 56670 4467ac 5 API calls 56665->56670 56671 4466d4 18 API calls 56666->56671 56672 446678 18 API calls 56667->56672 56754 446954 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56668->56754 56674 4883b5 56669->56674 56670->56516 56677 4882a0 56671->56677 56678 48818a 56672->56678 56755 430efc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56674->56755 56691 488468 56675->56691 56692 48842c 56675->56692 56680 4466d4 18 API calls 56676->56680 56681 4466d4 18 API calls 56677->56681 56682 4718cc 44 API calls 56678->56682 56684 4883f1 56680->56684 56685 4882b5 56681->56685 56686 4881a4 56682->56686 56683 4883c0 56687 446a28 5 API calls 56683->56687 56688 44664c 18 API calls 56684->56688 56689 446678 18 API calls 56685->56689 56687->56516 56694 488403 56688->56694 56695 4882c7 56689->56695 56703 4884f2 56691->56703 56704 488477 56691->56704 56693 44664c 18 API calls 56692->56693 56697 48843a 56693->56697 56756 4539bc 27 API calls 56694->56756 56699 446678 18 API calls 56695->56699 56701 4466d4 18 API calls 56697->56701 56705 4882d6 56699->56705 56707 48844a 56701->56707 56702 48840b 56708 4467ac 5 API calls 56702->56708 56716 488501 56703->56716 56726 48852d 56703->56726 56709 44664c 18 API calls 56704->56709 56710 4466d4 18 API calls 56705->56710 56712 44664c 18 API calls 56707->56712 56708->56516 56713 488493 56709->56713 56715 488459 56712->56715 56717 4466d4 18 API calls 56713->56717 56719 45647c 70 API calls 56715->56719 56720 4466d4 18 API calls 56716->56720 56721 4884a5 56717->56721 56719->56516 56724 488510 56720->56724 56722 44664c 18 API calls 56721->56722 56725 4884b5 56722->56725 56728 4466d4 18 API calls 56724->56728 56729 45647c 70 API calls 56725->56729 56726->56516 56730 4466d4 18 API calls 56726->56730 56732 488522 56728->56732 56733 4884bf 56729->56733 56734 48854b 56730->56734 56757 4542b0 RegOpenKeyExA RegDeleteValueA RegCloseKey RemoveFontResourceA SendNotifyMessageA 56732->56757 56737 4467ac 5 API calls 56733->56737 56738 4466d4 18 API calls 56734->56738 56737->56516 56739 48855d 56738->56739 56758 452388 45 API calls 56739->56758 56741->56522 56742->56541 56743->56537 56744->56547 56745->56579 56746->56582 56747->56592 56748->56624 56749->56631 56750->56610 56751->56616 56752->56516 56753->56638 56754->56516 56755->56683 56756->56702 56757->56547 56758->56516 56759 404d2a 56767 404d3a 56759->56767 56760 404e07 ExitProcess 56761 404de0 56775 404cf0 56761->56775 56762 404e12 56765 404cf0 4 API calls 56766 404df4 56765->56766 56779 401a90 56766->56779 56767->56760 56767->56761 56767->56762 56769 404db7 MessageBoxA 56767->56769 56770 404dcc 56767->56770 56769->56761 56791 40500c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56770->56791 56772 404df9 56772->56760 56772->56762 56776 404cfe 56775->56776 56778 404d13 56776->56778 56792 402728 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56776->56792 56778->56765 56780 401aa1 56779->56780 56781 401b6f 56779->56781 56782 401ac2 LocalFree 56780->56782 56783 401ab8 RtlEnterCriticalSection 56780->56783 56781->56772 56784 401af5 56782->56784 56783->56782 56785 401ae3 VirtualFree 56784->56785 56786 401afd 56784->56786 56785->56784 56787 401b24 LocalFree 56786->56787 56788 401b3b 56786->56788 56787->56787 56787->56788 56789 401b53 RtlLeaveCriticalSection 56788->56789 56790 401b5d RtlDeleteCriticalSection 56788->56790 56789->56790 56790->56772 56792->56778 56793 416aea 56794 416b92 56793->56794 56795 416b02 56793->56795 56812 4152c4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56794->56812 56797 416b10 56795->56797 56798 416b1c SendMessageA 56795->56798 56799 416b36 56797->56799 56800 416b1a CallWindowProcA 56797->56800 56808 416b70 56798->56808 56809 41a000 GetSysColor 56799->56809 56800->56808 56803 416b41 SetTextColor 56804 416b56 56803->56804 56810 41a000 GetSysColor 56804->56810 56806 416b5b SetBkColor 56811 41a688 GetSysColor CreateBrushIndirect 56806->56811 56809->56803 56810->56806 56811->56808 56812->56808 56813 4165ec 56814 416653 56813->56814 56815 4165f9 56813->56815 56820 4164f8 CreateWindowExA 56815->56820 56816 416600 SetPropA SetPropA 56816->56814 56817 416633 56816->56817 56818 416646 SetWindowPos 56817->56818 56818->56814 56820->56816 56821 440a34 56822 440a3d 56821->56822 56824 406e20 CreateFileA 56822->56824 56823 440a57 56824->56823 56825 489c38 56826 489c72 56825->56826 56827 489c7e 56826->56827 56828 489c74 56826->56828 56830 489c8d 56827->56830 56831 489cb6 56827->56831 57019 409038 MessageBeep 56828->57019 56833 4466d4 18 API calls 56830->56833 56836 489cee 56831->56836 56837 489cc5 56831->56837 56832 403420 4 API calls 56834 48a2ca 56832->56834 56835 489c9a 56833->56835 56838 403400 4 API calls 56834->56838 56839 406b50 4 API calls 56835->56839 56846 489cfd 56836->56846 56847 489d26 56836->56847 56840 4466d4 18 API calls 56837->56840 56841 48a2d2 56838->56841 56842 489ca5 56839->56842 56844 489cd2 56840->56844 56843 446a28 5 API calls 56842->56843 56983 489c79 56843->56983 57020 406ba0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56844->57020 56848 4466d4 18 API calls 56846->56848 56853 489d4e 56847->56853 56854 489d35 56847->56854 56850 489d0a 56848->56850 56849 489cdd 56851 446a28 5 API calls 56849->56851 57021 406bd4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56850->57021 56851->56983 56859 489d5d 56853->56859 56860 489d82 56853->56860 57022 407220 LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetCurrentDirectoryA 56854->57022 56855 489d15 56857 446a28 5 API calls 56855->56857 56857->56983 56858 489d3d 56861 446a28 5 API calls 56858->56861 56862 4466d4 18 API calls 56859->56862 56865 489dba 56860->56865 56866 489d91 56860->56866 56861->56983 56863 489d6a 56862->56863 56864 407248 SetCurrentDirectoryA 56863->56864 56867 489d72 56864->56867 56871 489dc9 56865->56871 56872 489df2 56865->56872 56868 4466d4 18 API calls 56866->56868 56869 4467ac 5 API calls 56867->56869 56870 489d9e 56868->56870 56869->56983 56873 42c6fc 5 API calls 56870->56873 56874 4466d4 18 API calls 56871->56874 56879 489e3e 56872->56879 56880 489e01 56872->56880 56875 489da9 56873->56875 56877 489dd6 56874->56877 56876 446a28 5 API calls 56875->56876 56876->56983 57023 407198 8 API calls 56877->57023 56886 489e4d 56879->56886 56887 489e76 56879->56887 56881 4466d4 18 API calls 56880->56881 56883 489e10 56881->56883 56882 489de1 56884 446a28 5 API calls 56882->56884 56885 4466d4 18 API calls 56883->56885 56884->56983 56888 489e21 56885->56888 56889 4466d4 18 API calls 56886->56889 56893 489eae 56887->56893 56894 489e85 56887->56894 57024 48993c 9 API calls 56888->57024 56891 489e5a 56889->56891 56895 42c79c 5 API calls 56891->56895 56892 489e2d 56896 446a28 5 API calls 56892->56896 56902 489ebd 56893->56902 56903 489ee6 56893->56903 56897 4466d4 18 API calls 56894->56897 56898 489e65 56895->56898 56896->56983 56900 489e92 56897->56900 56899 446a28 5 API calls 56898->56899 56899->56983 56901 42c7c4 5 API calls 56900->56901 56905 489e9d 56901->56905 56904 4466d4 18 API calls 56902->56904 56909 489f1e 56903->56909 56910 489ef5 56903->56910 56906 489eca 56904->56906 56907 446a28 5 API calls 56905->56907 57025 42c7f4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue IsDBCSLeadByte 56906->57025 56907->56983 56915 489f2d 56909->56915 56916 489f56 56909->56916 56912 4466d4 18 API calls 56910->56912 56911 489ed5 56913 446a28 5 API calls 56911->56913 56914 489f02 56912->56914 56913->56983 56917 42c824 5 API calls 56914->56917 56918 4466d4 18 API calls 56915->56918 56923 489fa2 56916->56923 56924 489f65 56916->56924 56919 489f0d 56917->56919 56920 489f3a 56918->56920 56921 446a28 5 API calls 56919->56921 56922 42c84c 5 API calls 56920->56922 56921->56983 56925 489f45 56922->56925 56930 489fb1 56923->56930 56931 489ff4 56923->56931 56926 4466d4 18 API calls 56924->56926 56927 446a28 5 API calls 56925->56927 56928 489f74 56926->56928 56927->56983 56929 4466d4 18 API calls 56928->56929 56932 489f85 56929->56932 56933 4466d4 18 API calls 56930->56933 56937 48a003 56931->56937 56938 48a067 56931->56938 57026 42c448 LocalAlloc TlsSetValue TlsGetValue TlsGetValue IsDBCSLeadByte 56932->57026 56935 489fc4 56933->56935 56939 4466d4 18 API calls 56935->56939 56936 489f91 56940 446a28 5 API calls 56936->56940 56941 4466d4 18 API calls 56937->56941 56945 48a0a6 56938->56945 56946 48a076 56938->56946 56942 489fd5 56939->56942 56940->56983 56943 48a010 56941->56943 57027 489b34 12 API calls 56942->57027 56947 42c548 8 API calls 56943->56947 56955 48a0e5 56945->56955 56956 48a0b5 56945->56956 56950 4466d4 18 API calls 56946->56950 56951 48a01e 56947->56951 56948 489fe3 56949 446a28 5 API calls 56948->56949 56949->56983 56952 48a083 56950->56952 56953 48a022 56951->56953 56954 48a057 56951->56954 56958 451084 5 API calls 56952->56958 56959 4466d4 18 API calls 56953->56959 56957 4467ac 5 API calls 56954->56957 56967 48a124 56955->56967 56968 48a0f4 56955->56968 56960 4466d4 18 API calls 56956->56960 56957->56983 56961 48a090 56958->56961 56962 48a031 56959->56962 56963 48a0c2 56960->56963 56964 4467ac 5 API calls 56961->56964 57012 4513fc 56962->57012 56966 450eec 5 API calls 56963->56966 56964->56983 56970 48a0cf 56966->56970 56975 48a16c 56967->56975 56976 48a133 56967->56976 56971 4466d4 18 API calls 56968->56971 56969 48a041 56972 4467ac 5 API calls 56969->56972 56973 4467ac 5 API calls 56970->56973 56974 48a101 56971->56974 56972->56983 56973->56983 56977 45158c 5 API calls 56974->56977 56982 48a17b 56975->56982 56987 48a1b4 56975->56987 56978 4466d4 18 API calls 56976->56978 56979 48a10e 56977->56979 56981 48a142 56978->56981 56980 4467ac 5 API calls 56979->56980 56980->56983 56984 4466d4 18 API calls 56981->56984 56985 4466d4 18 API calls 56982->56985 56983->56832 56986 48a153 56984->56986 56988 48a18a 56985->56988 57028 446954 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56986->57028 56990 48a1c7 56987->56990 56996 48a27d 56987->56996 56989 4466d4 18 API calls 56988->56989 56991 48a19b 56989->56991 56993 4466d4 18 API calls 56990->56993 57029 446954 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56991->57029 56994 48a1f4 56993->56994 56995 4466d4 18 API calls 56994->56995 56997 48a20b 56995->56997 56996->56983 56998 446678 18 API calls 56996->56998 57030 407d7c 7 API calls 56997->57030 57000 48a296 56998->57000 57001 42e660 5 API calls 57000->57001 57002 48a29e 57001->57002 57004 446a28 5 API calls 57002->57004 57004->56983 57005 48a22d 57006 4466d4 18 API calls 57005->57006 57013 450ea0 2 API calls 57012->57013 57015 451415 57013->57015 57014 451419 57014->56969 57015->57014 57016 45143d MoveFileA GetLastError 57015->57016 57017 450edc Wow64RevertWow64FsRedirection 57016->57017 57018 451463 57017->57018 57018->56969 57019->56983 57020->56849 57021->56855 57022->56858 57023->56882 57024->56892 57025->56911 57026->56936 57027->56948 57028->56983 57029->56983 57030->57005 57032 402e70 57033 402eea 57032->57033 57036 402e81 57032->57036 57034 402ebe RtlUnwind 57035 4033bc 4 API calls 57034->57035 57035->57033 57036->57033 57036->57034 57039 402d90 RaiseException 57036->57039 57038 402eb5 57038->57034 57039->57038 57040 48b7b8 57041 48b800 57040->57041 57042 48b81b 57041->57042 57043 48b802 57041->57043 57047 48b86a 57042->57047 57048 48b82a 57042->57048 57288 4241e8 GetLastActivePopup IsWindowVisible IsWindowEnabled SetForegroundWindow 57043->57288 57045 48b80c 57046 424184 11 API calls 57045->57046 57180 48b816 57046->57180 57052 48b8b9 57047->57052 57053 48b879 57047->57053 57049 48b83b 57048->57049 57289 484db0 19 API calls 57048->57289 57290 484eb0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57049->57290 57064 48b8c8 57052->57064 57065 48b8f9 57052->57065 57056 48b88a 57053->57056 57291 484db0 19 API calls 57053->57291 57054 403420 4 API calls 57057 48bf83 57054->57057 57055 48b840 57058 414a90 4 API calls 57055->57058 57292 484eb0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57056->57292 57061 403400 4 API calls 57057->57061 57062 48b84e 57058->57062 57067 48bf8b 57061->57067 57063 42caa4 6 API calls 57062->57063 57068 48b859 57063->57068 57069 48b8d9 57064->57069 57293 484db0 19 API calls 57064->57293 57077 48b968 57065->57077 57078 48b908 57065->57078 57066 48b88f 57070 414a90 4 API calls 57066->57070 57071 403400 4 API calls 57067->57071 57072 446a28 5 API calls 57068->57072 57294 484eb0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57069->57294 57075 48b89d 57070->57075 57076 48bf93 57071->57076 57072->57180 57080 42caa4 6 API calls 57075->57080 57081 403400 4 API calls 57076->57081 57089 48b9f4 57077->57089 57090 48b977 57077->57090 57084 48b919 57078->57084 57295 484db0 19 API calls 57078->57295 57079 48b8de 57091 4467ac 5 API calls 57079->57091 57082 48b8a8 57080->57082 57083 48bf9b 57081->57083 57085 446a28 5 API calls 57082->57085 57296 484eb0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57084->57296 57085->57180 57088 48b91e 57092 464df0 SendMessageA 57088->57092 57098 48ba82 57089->57098 57099 48ba03 57089->57099 57093 48b988 57090->57093 57297 484db0 19 API calls 57090->57297 57091->57180 57094 48b923 57092->57094 57100 44664c 18 API calls 57093->57100 57096 48b958 57094->57096 57097 48b929 57094->57097 57102 446a28 5 API calls 57096->57102 57103 44664c 18 API calls 57097->57103 57108 48baba 57098->57108 57109 48ba91 57098->57109 57101 48ba14 57099->57101 57299 484db0 19 API calls 57099->57299 57104 48b9b1 57100->57104 57114 44664c 18 API calls 57101->57114 57102->57180 57106 48b933 57103->57106 57298 484eb0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57104->57298 57110 48b948 57106->57110 57111 48b937 57106->57111 57123 48bac9 57108->57123 57124 48badd 57108->57124 57115 48baa2 57109->57115 57302 484db0 19 API calls 57109->57302 57112 446a28 5 API calls 57110->57112 57116 446a28 5 API calls 57111->57116 57112->57180 57113 48b9b7 57117 4650e4 134 API calls 57113->57117 57118 48ba3f 57114->57118 57120 4467ac 5 API calls 57115->57120 57116->57180 57121 48b9c0 57117->57121 57300 484eb0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57118->57300 57120->57180 57125 472f9c 4 API calls 57121->57125 57127 4467ac 5 API calls 57123->57127 57130 48baec 57124->57130 57131 48bb11 57124->57131 57128 48b9cb 57125->57128 57126 48ba45 57301 46522c 134 API calls 57126->57301 57127->57180 57132 446a28 5 API calls 57128->57132 57134 48bafd 57130->57134 57303 484d1c 19 API calls 57130->57303 57142 48bb5d 57131->57142 57143 48bb20 57131->57143 57135 48b9d7 57132->57135 57133 48ba4e 57136 472f9c 4 API calls 57133->57136 57138 4467ac 5 API calls 57134->57138 57139 402b58 73EA5CF0 57135->57139 57140 48ba59 57136->57140 57138->57180 57141 48b9ec 57139->57141 57144 446a28 5 API calls 57140->57144 57154 48bb6c 57142->57154 57155 48bb91 57142->57155 57145 48bb31 57143->57145 57304 484db0 19 API calls 57143->57304 57146 48ba65 57144->57146 57147 48bb3a 57145->57147 57148 48bb4e 57145->57148 57150 402b58 73EA5CF0 57146->57150 57152 446a28 5 API calls 57147->57152 57305 451ac0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57148->57305 57151 48ba7a 57150->57151 57152->57180 57156 4466d4 18 API calls 57154->57156 57158 48bba0 57155->57158 57159 48bbc5 57155->57159 57157 48bb79 57156->57157 57306 446954 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 57157->57306 57160 446678 18 API calls 57158->57160 57163 48bbde 57159->57163 57164 48bbd4 57159->57164 57161 48bbaa 57160->57161 57166 446a28 5 API calls 57161->57166 57167 48bc08 57163->57167 57168 48bbed 57163->57168 57307 408b80 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 57164->57307 57166->57180 57172 48bc3c 57167->57172 57173 48bc17 57167->57173 57308 48b168 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57168->57308 57170 48bbf6 57171 446a28 5 API calls 57170->57171 57171->57180 57176 48bc4b 57172->57176 57177 48bc72 57172->57177 57174 4466d4 18 API calls 57173->57174 57175 48bc23 57174->57175 57178 408bac 4 API calls 57175->57178 57309 48b168 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57176->57309 57183 48bc81 57177->57183 57184 48bc97 57177->57184 57178->57180 57180->57054 57181 48bc54 57310 42e4f8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue CharPrevA 57181->57310 57185 4467ac 5 API calls 57183->57185 57188 48bcaa 57184->57188 57193 48bd46 57184->57193 57185->57180 57186 48bc60 57311 47b05c 37 API calls 57186->57311 57189 48bcb3 57188->57189 57190 48bcf6 57188->57190 57192 4466d4 18 API calls 57189->57192 57191 4466d4 18 API calls 57190->57191 57194 48bd09 57191->57194 57195 48bcc6 57192->57195 57196 48bd9c 57193->57196 57197 48bd55 57193->57197 57198 4466d4 18 API calls 57194->57198 57199 4466d4 18 API calls 57195->57199 57207 48bdab 57196->57207 57208 48bdf1 57196->57208 57200 4466d4 18 API calls 57197->57200 57201 48bd1a 57198->57201 57202 48bcd7 57199->57202 57203 48bd64 57200->57203 57205 475650 134 API calls 57201->57205 57312 48b200 24 API calls 57202->57312 57204 4466d4 18 API calls 57203->57204 57209 48bd77 57204->57209 57210 48bd2b 57205->57210 57212 4466d4 18 API calls 57207->57212 57219 48be3e 57208->57219 57230 48be00 57208->57230 57213 446678 18 API calls 57209->57213 57313 48b200 24 API calls 57210->57313 57211 48bce5 57215 446a28 5 API calls 57211->57215 57216 48bdba 57212->57216 57217 48bd85 57213->57217 57215->57180 57220 4466d4 18 API calls 57216->57220 57314 48b39c LocalAlloc TlsSetValue TlsGetValue TlsGetValue RegSetValueExA 57217->57314 57218 48bd35 57222 446a28 5 API calls 57218->57222 57228 48be4d 57219->57228 57229 48be96 57219->57229 57223 48bdc7 57220->57223 57222->57180 57267 48b448 57223->57267 57225 48bd8c 57227 4467ac 5 API calls 57225->57227 57227->57180 57232 4466d4 18 API calls 57228->57232 57237 48bef0 57229->57237 57246 48bea5 57229->57246 57235 4466d4 18 API calls 57230->57235 57234 48be5c 57232->57234 57238 4466d4 18 API calls 57234->57238 57239 48be23 57235->57239 57245 48beff 57237->57245 57254 48bf44 57237->57254 57241 48be6d 57238->57241 57315 48b4ec 27 API calls 57239->57315 57243 44664c 18 API calls 57241->57243 57242 48be2e 57244 4467ac 5 API calls 57242->57244 57247 48be7d 57243->57247 57244->57180 57248 4467ac 5 API calls 57245->57248 57251 4466d4 18 API calls 57246->57251 57278 48b5ec 57247->57278 57250 48bf11 57248->57250 57255 44664c 18 API calls 57250->57255 57256 48bec8 57251->57256 57254->57180 57318 484f18 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57254->57318 57258 48bf1b 57255->57258 57259 44664c 18 API calls 57256->57259 57258->57180 57317 451ac0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57258->57317 57261 48bed8 57259->57261 57260 48bf58 57319 4468f0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 57260->57319 57316 48b6a0 27 API calls 57261->57316 57265 48bee3 57268 4516f8 26 API calls 57267->57268 57269 48b478 57268->57269 57270 4038a4 4 API calls 57269->57270 57271 48b49c 57270->57271 57288->57045 57289->57049 57290->57055 57291->57056 57292->57066 57293->57069 57294->57079 57295->57084 57296->57088 57297->57093 57298->57113 57299->57101 57300->57126 57301->57133 57302->57115 57303->57134 57304->57145 57305->57180 57306->57180 57308->57170 57309->57181 57310->57186 57311->57180 57312->57211 57313->57218 57314->57225 57315->57242 57316->57265 57317->57180 57318->57260 57319->57180 57321 48883c 57322 488845 57321->57322 57323 48893e 57322->57323 57324 488883 57322->57324 57328 48894d 57323->57328 57334 488996 57323->57334 57325 4466d4 18 API calls 57324->57325 57326 488894 57325->57326 57327 4466d4 18 API calls 57326->57327 57329 4888a9 57327->57329 57330 44664c 18 API calls 57328->57330 57331 4466d4 18 API calls 57329->57331 57332 488958 57330->57332 57333 4888be 57331->57333 57335 48897a 57332->57335 57336 48895c 57332->57336 57337 446678 18 API calls 57333->57337 57338 44664c 18 API calls 57334->57338 57352 488939 57334->57352 57340 4466d4 18 API calls 57335->57340 57339 4466d4 18 API calls 57336->57339 57341 4888d0 57337->57341 57343 4889c3 57338->57343 57344 48896b 57339->57344 57345 488989 57340->57345 57347 446678 18 API calls 57341->57347 57342 403420 4 API calls 57348 488a4b 57342->57348 57349 4889e4 57343->57349 57350 4889c7 57343->57350 57387 45663c 52 API calls 57344->57387 57388 454a08 23 API calls 57345->57388 57353 4888df 57347->57353 57355 4466d4 18 API calls 57349->57355 57354 4466d4 18 API calls 57350->57354 57352->57342 57356 4466d4 18 API calls 57353->57356 57357 4889d8 57354->57357 57358 4889f5 57355->57358 57360 4888f9 57356->57360 57389 45663c 52 API calls 57357->57389 57371 454b2c GetModuleHandleA GetProcAddress 57358->57371 57363 4466d4 18 API calls 57360->57363 57362 4889e2 57364 4467ac 5 API calls 57362->57364 57365 48890e 57363->57365 57364->57352 57366 4466d4 18 API calls 57365->57366 57367 488921 57366->57367 57368 4547a4 26 API calls 57367->57368 57369 48892b 57368->57369 57370 446a28 5 API calls 57369->57370 57370->57352 57372 454b67 57371->57372 57373 454b71 57371->57373 57390 451c18 21 API calls 57372->57390 57375 42c6fc 5 API calls 57373->57375 57376 454b7b 57375->57376 57377 403ca4 5 API calls 57376->57377 57379 454b83 57377->57379 57378 454b91 LoadTypeLib 57380 454bb0 57378->57380 57381 454bbc 57378->57381 57379->57378 57382 451c2c 20 API calls 57380->57382 57383 454be7 57381->57383 57384 451c2c 20 API calls 57381->57384 57382->57381 57385 454c1d 57383->57385 57386 451c2c 20 API calls 57383->57386 57384->57383 57385->57362 57386->57385 57387->57352 57388->57352 57389->57362 57390->57373 57391 423bb4 57396 423bea 57391->57396 57394 423c94 57397 423c9b 57394->57397 57398 423ccf 57394->57398 57395 423c35 57399 423c3b 57395->57399 57400 423cf8 57395->57400 57418 423c0b 57396->57418 57485 423b10 57396->57485 57401 423ca1 57397->57401 57402 423f59 57397->57402 57405 424042 IsIconic 57398->57405 57406 423cda 57398->57406 57403 423c40 57399->57403 57404 423c6d 57399->57404 57407 423d13 57400->57407 57408 423d0a 57400->57408 57409 423ebb SendMessageA 57401->57409 57410 423caf 57401->57410 57402->57418 57457 423f7f IsWindowEnabled 57402->57457 57412 423c46 57403->57412 57413 423d9e 57403->57413 57404->57418 57436 423c86 57404->57436 57437 423de7 57404->57437 57411 424056 GetFocus 57405->57411 57405->57418 57414 423ce3 57406->57414 57415 42407e 57406->57415 57500 42413c 11 API calls 57407->57500 57416 423d20 57408->57416 57417 423d11 57408->57417 57409->57418 57410->57418 57422 423c68 57410->57422 57452 423efe 57410->57452 57411->57418 57424 424067 57411->57424 57425 423dc6 PostMessageA 57412->57425 57426 423c4f 57412->57426 57505 423b2c NtdllDefWindowProc_A 57413->57505 57421 424095 57414->57421 57414->57422 57510 4247f8 WinHelpA PostMessageA 57415->57510 57423 424184 11 API calls 57416->57423 57501 423b2c NtdllDefWindowProc_A 57417->57501 57434 4240b3 57421->57434 57435 42409e 57421->57435 57422->57418 57499 423b2c NtdllDefWindowProc_A 57422->57499 57423->57418 57429 41ef9c 2 API calls 57424->57429 57489 423b2c NtdllDefWindowProc_A 57425->57489 57431 423c58 57426->57431 57432 423e4d 57426->57432 57439 42406e 57429->57439 57440 423c61 57431->57440 57441 423d76 IsIconic 57431->57441 57442 423e56 57432->57442 57443 423e87 57432->57443 57433 424093 57433->57418 57511 4244d4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SendMessageA 57434->57511 57444 42447c 5 API calls 57435->57444 57436->57422 57445 423db3 57436->57445 57490 423b2c NtdllDefWindowProc_A 57437->57490 57439->57418 57454 424076 SetFocus 57439->57454 57440->57422 57455 423d39 57440->57455 57447 423d92 57441->57447 57448 423d86 57441->57448 57456 423abc 5 API calls 57442->57456 57498 423b2c NtdllDefWindowProc_A 57443->57498 57444->57418 57451 424120 12 API calls 57445->57451 57504 423b2c NtdllDefWindowProc_A 57447->57504 57503 423b68 15 API calls 57448->57503 57451->57418 57452->57418 57473 423f20 IsWindowEnabled 57452->57473 57453 423ded 57461 423e2b 57453->57461 57462 423e09 57453->57462 57454->57418 57455->57418 57502 422bf4 ShowWindow PostMessageA PostQuitMessage 57455->57502 57463 423e5e 57456->57463 57457->57418 57464 423f8d 57457->57464 57460 423e8d 57465 423ea5 57460->57465 57471 41ee4c 2 API calls 57460->57471 57491 423a2c 57461->57491 57466 423abc 5 API calls 57462->57466 57469 423e70 57463->57469 57476 41ef00 6 API calls 57463->57476 57477 423f94 IsWindowVisible 57464->57477 57472 423a2c 6 API calls 57465->57472 57474 423e11 PostMessageA 57466->57474 57506 423b2c NtdllDefWindowProc_A 57469->57506 57471->57465 57472->57418 57473->57418 57478 423f2e 57473->57478 57474->57418 57476->57469 57477->57418 57479 423fa2 GetFocus 57477->57479 57507 4122b8 7 API calls 57478->57507 57481 418188 57479->57481 57482 423fb7 SetFocus 57481->57482 57508 4151e8 57482->57508 57486 423b25 57485->57486 57487 423b1a 57485->57487 57486->57394 57486->57395 57487->57486 57488 4086c0 7 API calls 57487->57488 57488->57486 57489->57418 57490->57453 57492 423ab5 PostMessageA 57491->57492 57493 423a3c 57491->57493 57492->57418 57493->57492 57494 423a42 EnumWindows 57493->57494 57494->57492 57495 423a5e GetWindow GetWindowLongA 57494->57495 57512 4239c4 GetWindow 57494->57512 57496 423a7d 57495->57496 57496->57492 57497 423aa9 SetWindowPos 57496->57497 57497->57492 57497->57496 57498->57460 57499->57418 57500->57418 57501->57418 57502->57418 57503->57418 57504->57418 57505->57418 57506->57418 57507->57418 57509 415203 SetFocus 57508->57509 57509->57418 57510->57433 57511->57433 57513 4239e5 GetWindowLongA 57512->57513 57514 4239f1 57512->57514 57513->57514 57515 470830 57516 470853 73EA4690 CallWindowProcW 57515->57516 57517 47084b 57515->57517 57518 470864 73EA4690 57516->57518 57517->57516 57517->57518 57519 470873 57518->57519 57520 42e23b SetErrorMode 57521 42ed38 57522 42ed43 57521->57522 57523 42ed47 NtdllDefWindowProc_A 57521->57523 57523->57522 57524 40cdba 57527 406e84 ReadFile 57524->57527 57528 406ea1 57527->57528 57529 41edfc 57530 41ee41 57529->57530 57531 41ee0b IsWindowVisible 57529->57531 57531->57530 57532 41ee15 IsWindowEnabled 57531->57532 57532->57530 57533 41ee1f 57532->57533 57534 402648 4 API calls 57533->57534 57535 41ee29 EnableWindow 57534->57535 57535->57530

                                            Executed Functions

                                            Function 00485FE0 Relevance: 136.6, APIs: 22, Strings: 55, Instructions: 1871COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ADDBACKSLASH$ADDPERIOD$ADDQUOTES$CHARLENGTH$CONVERTPERCENTSTRING$DELETEINIENTRY$DELETEINISECTION$DIREXISTS$FILECOPY$FILEEXISTS$FILEORDIREXISTS$FONTEXISTS$GETCMDTAIL$GETENV$GETINIBOOL$GETINIINT$GETINISTRING$GETSHORTNAME$GETSYSTEMDIR$GETSYSWOW64DIR$GETTEMPDIR$GETUILANGUAGE$GETWINDIR$INIKEYEXISTS$ISADMINLOGGEDON$ISINISECTIONEMPTY$ISPOWERUSERLOGGEDON$PARAMCOUNT$PARAMSTR$REGDELETEKEYIFEMPTY$REGDELETEKEYINCLUDINGSUBKEYS$REGDELETEVALUE$REGGETSUBKEYNAMES$REGGETVALUENAMES$REGKEYEXISTS$REGQUERYBINARYVALUE$REGQUERYDWORDVALUE$REGQUERYMULTISTRINGVALUE$REGQUERYSTRINGVALUE$REGVALUEEXISTS$REGWRITEBINARYVALUE$REGWRITEDWORDVALUE$REGWRITEEXPANDSTRINGVALUE$REGWRITEMULTISTRINGVALUE$REGWRITESTRINGVALUE$REMOVEBACKSLASH$REMOVEBACKSLASHUNLESSROOT$REMOVEQUOTES$SETINIBOOL$SETINIINT$SETINISTRING$SETNTFSCOMPRESSION$STRINGCHANGE$STRINGCHANGEEX$USINGWINNT
                                            • API String ID: 0-3658119371
                                            • Opcode ID: d1b162f24f3de9366c279af0fb10497c5041c44e3992e037f85eec23b0bc3f00
                                            • Instruction ID: 1f533a3817926901e21f115ced2a71318d89b1f82f9318c6f77aeb51c9d307cf
                                            • Opcode Fuzzy Hash: d1b162f24f3de9366c279af0fb10497c5041c44e3992e037f85eec23b0bc3f00
                                            • Instruction Fuzzy Hash: E6D24174B042155BDB00FF79C8925AEB6A5AF99704F21883FF401AB346DE3CED068799
                                            Function 0046AC90 Relevance: 76.2, APIs: 4, Strings: 39, Instructions: 906timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LocalFileTimeToFileTime.KERNEL32(-00000034,?,00000000,0046BC78,?,00000000,0046BCC1,?,00000000,0046BDFA,?,00000000,?,00000000,?,0046C7BA), ref: 0046AEF6
                                              • Part of subcall function 00453230: FindClose.KERNEL32(00000000,000000FF,0046AF0D,00000000,0046BC78,?,00000000,0046BCC1,?,00000000,0046BDFA,?,00000000,?,00000000), ref: 00453246
                                              • Part of subcall function 00468DA4: FileTimeToLocalFileTime.KERNEL32(?), ref: 00468DAC
                                              • Part of subcall function 00468DA4: FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00468DBB
                                              • Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720
                                              • Part of subcall function 00452B60: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,00452D37,?,00000000,00452DFB), ref: 00452C87
                                            Strings
                                            • Existing file's MD5 sum matches our file. Skipping., xrefs: 0046B24D
                                            • Dest file is protected by Windows File Protection., xrefs: 0046AE8E
                                            • Same version. Skipping., xrefs: 0046B27D
                                            • Non-default bitness: 64-bit, xrefs: 0046AE50
                                            • Version of our file: (none), xrefs: 0046B09D
                                            • Existing file is protected by Windows File Protection. Skipping., xrefs: 0046B384
                                            • User opted not to strip the existing file's read-only attribute. Skipping., xrefs: 0046B42E
                                            • .tmp, xrefs: 0046B54F
                                            • InUn, xrefs: 0046B6DD
                                            • Version of our file: %u.%u.%u.%u, xrefs: 0046B091
                                            • Existing file is a newer version. Skipping., xrefs: 0046B1A3
                                            • User opted not to overwrite the existing file. Skipping., xrefs: 0046B3E5
                                            • Skipping due to "onlyifdestfileexists" flag., xrefs: 0046B492
                                            • Will register the file (a DLL/OCX) later., xrefs: 0046BA8E
                                            • Time stamp of existing file: (failed to read), xrefs: 0046AFD8
                                            • Failed to read existing file's MD5 sum. Proceeding., xrefs: 0046B268
                                            • @, xrefs: 0046AD90
                                            • , xrefs: 0046B170, 0046B338, 0046B3B6
                                            • Existing file has a later time stamp. Skipping., xrefs: 0046B367
                                            • Will register the file (a type library) later., xrefs: 0046BA82
                                            • Uninstaller requires administrator: %s, xrefs: 0046B70D
                                            • Existing file's MD5 sum is different from our file. Proceeding., xrefs: 0046B25C
                                            • Time stamp of our file: (failed to read), xrefs: 0046AF48
                                            • Time stamp of existing file: %s, xrefs: 0046AFCC
                                            • Stripped read-only attribute., xrefs: 0046B45F
                                            • Incrementing shared file count (32-bit)., xrefs: 0046BB14
                                            • Incrementing shared file count (64-bit)., xrefs: 0046BAFB
                                            • Non-default bitness: 32-bit, xrefs: 0046AE5C
                                            • Version of existing file: (none), xrefs: 0046B292
                                            • -- File entry --, xrefs: 0046ACE3
                                            • Skipping due to "onlyifdoesntexist" flag., xrefs: 0046AF6F
                                            • Installing the file., xrefs: 0046B4A1
                                            • Same time stamp. Skipping., xrefs: 0046B2ED
                                            • Time stamp of our file: %s, xrefs: 0046AF3C
                                            • Failed to strip read-only attribute., xrefs: 0046B46B
                                            • Dest filename: %s, xrefs: 0046AE35
                                            • Couldn't read time stamp. Skipping., xrefs: 0046B2CD
                                            • Version of existing file: %u.%u.%u.%u, xrefs: 0046B11D
                                            • Dest file exists., xrefs: 0046AF5C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Time$File$Local$CloseFindFullNamePathQuerySystemValue
                                            • String ID: $-- File entry --$.tmp$@$Couldn't read time stamp. Skipping.$Dest file exists.$Dest file is protected by Windows File Protection.$Dest filename: %s$Existing file has a later time stamp. Skipping.$Existing file is a newer version. Skipping.$Existing file is protected by Windows File Protection. Skipping.$Existing file's MD5 sum is different from our file. Proceeding.$Existing file's MD5 sum matches our file. Skipping.$Failed to read existing file's MD5 sum. Proceeding.$Failed to strip read-only attribute.$InUn$Incrementing shared file count (32-bit).$Incrementing shared file count (64-bit).$Installing the file.$Non-default bitness: 32-bit$Non-default bitness: 64-bit$Same time stamp. Skipping.$Same version. Skipping.$Skipping due to "onlyifdestfileexists" flag.$Skipping due to "onlyifdoesntexist" flag.$Stripped read-only attribute.$Time stamp of existing file: %s$Time stamp of existing file: (failed to read)$Time stamp of our file: %s$Time stamp of our file: (failed to read)$Uninstaller requires administrator: %s$User opted not to overwrite the existing file. Skipping.$User opted not to strip the existing file's read-only attribute. Skipping.$Version of existing file: %u.%u.%u.%u$Version of existing file: (none)$Version of our file: %u.%u.%u.%u$Version of our file: (none)$Will register the file (a DLL/OCX) later.$Will register the file (a type library) later.
                                            • API String ID: 2131814033-2943590984
                                            • Opcode ID: 5530e6d4467b50b4f223ea24597b5b0665291bf30ade8e4061a312a7ecb475fb
                                            • Instruction ID: f65b5c2ab3d31a984aea8a7ca3a316d928a56dcdaf1079f5525a9e75dbf3fe7a
                                            • Opcode Fuzzy Hash: 5530e6d4467b50b4f223ea24597b5b0665291bf30ade8e4061a312a7ecb475fb
                                            • Instruction Fuzzy Hash: F0926030A042489BDB11DFA5C495BDDBBB5EF05308F1440ABE844AB392E7789E85CF5A
                                            Function 00423BB4 Relevance: 21.4, APIs: 14, Instructions: 395COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3336 423bb4-423be8 3337 423bea-423beb 3336->3337 3338 423c1c-423c33 call 423b10 3336->3338 3340 423bed-423c09 call 40b3e4 3337->3340 3343 423c94-423c99 3338->3343 3344 423c35 3338->3344 3372 423c0b-423c13 3340->3372 3373 423c18-423c1a 3340->3373 3346 423c9b 3343->3346 3347 423ccf-423cd4 3343->3347 3348 423c3b-423c3e 3344->3348 3349 423cf8-423d08 3344->3349 3350 423ca1-423ca9 3346->3350 3351 423f59-423f61 3346->3351 3354 424042-424050 IsIconic 3347->3354 3355 423cda-423cdd 3347->3355 3352 423c40 3348->3352 3353 423c6d-423c70 3348->3353 3356 423d13-423d1b call 42413c 3349->3356 3357 423d0a-423d0f 3349->3357 3359 423ebb-423ee2 SendMessageA 3350->3359 3360 423caf-423cb4 3350->3360 3362 4240fa-424102 3351->3362 3367 423f67-423f72 call 418188 3351->3367 3363 423c46-423c49 3352->3363 3364 423d9e-423dae call 423b2c 3352->3364 3368 423d51-423d58 3353->3368 3369 423c76-423c77 3353->3369 3361 424056-424061 GetFocus 3354->3361 3354->3362 3365 423ce3-423ce4 3355->3365 3366 42407e-424093 call 4247f8 3355->3366 3356->3362 3370 423d20-423d28 call 424184 3357->3370 3371 423d11-423d34 call 423b2c 3357->3371 3359->3362 3375 423ff2-423ffd 3360->3375 3376 423cba-423cbb 3360->3376 3361->3362 3384 424067-424070 call 41ef9c 3361->3384 3377 424119-42411f 3362->3377 3385 423dc6-423ddc PostMessageA call 423b2c 3363->3385 3386 423c4f-423c52 3363->3386 3364->3362 3379 424095-42409c 3365->3379 3380 423cea-423ced 3365->3380 3366->3362 3367->3362 3428 423f78-423f87 call 418188 IsWindowEnabled 3367->3428 3368->3362 3389 423d5e-423d65 3368->3389 3390 423ee7-423eee 3369->3390 3391 423c7d-423c80 3369->3391 3370->3362 3371->3362 3372->3377 3373->3338 3373->3340 3375->3362 3395 424003-424015 3375->3395 3392 423cc1-423cc4 3376->3392 3393 42401a-424025 3376->3393 3406 4240b3-4240c6 call 4244d4 3379->3406 3407 42409e-4240b1 call 42447c 3379->3407 3396 423cf3 3380->3396 3397 4240c8-4240cf 3380->3397 3384->3362 3442 424076-42407c SetFocus 3384->3442 3418 423de1-423de2 3385->3418 3403 423c58-423c5b 3386->3403 3404 423e4d-423e54 3386->3404 3389->3362 3409 423d6b-423d71 3389->3409 3390->3362 3399 423ef4-423ef9 call 404e54 3390->3399 3410 423c86-423c89 3391->3410 3411 423de7-423e07 call 423b2c 3391->3411 3414 423cca 3392->3414 3415 423efe-423f06 3392->3415 3393->3362 3417 42402b-42403d 3393->3417 3395->3362 3416 4240f3-4240f4 call 423b2c 3396->3416 3412 4240e2-4240f1 3397->3412 3413 4240d1-4240e0 3397->3413 3399->3362 3423 423c61-423c62 3403->3423 3424 423d76-423d84 IsIconic 3403->3424 3425 423e56-423e69 call 423abc 3404->3425 3426 423e87-423e98 call 423b2c 3404->3426 3406->3362 3407->3362 3409->3362 3429 423db3-423dc1 call 424120 3410->3429 3430 423c8f 3410->3430 3457 423e2b-423e48 call 423a2c PostMessageA 3411->3457 3458 423e09-423e26 call 423abc PostMessageA 3411->3458 3412->3362 3413->3362 3414->3416 3415->3362 3440 423f0c-423f13 3415->3440 3453 4240f9 3416->3453 3417->3362 3418->3362 3443 423c68 3423->3443 3444 423d39-423d41 3423->3444 3433 423d92-423d99 call 423b2c 3424->3433 3434 423d86-423d8d call 423b68 3424->3434 3470 423e7b-423e82 call 423b2c 3425->3470 3471 423e6b-423e75 call 41ef00 3425->3471 3464 423e9a-423ea0 call 41ee4c 3426->3464 3465 423eae-423eb6 call 423a2c 3426->3465 3428->3362 3461 423f8d-423f9c call 418188 IsWindowVisible 3428->3461 3429->3362 3430->3416 3433->3362 3434->3362 3440->3362 3456 423f19-423f28 call 418188 IsWindowEnabled 3440->3456 3442->3362 3443->3416 3444->3362 3459 423d47-423d4c call 422bf4 3444->3459 3453->3362 3456->3362 3485 423f2e-423f44 call 4122b8 3456->3485 3457->3362 3458->3362 3459->3362 3461->3362 3487 423fa2-423fed GetFocus call 418188 SetFocus call 4151e8 SetFocus 3461->3487 3483 423ea5-423ea8 3464->3483 3465->3362 3470->3362 3471->3470 3483->3465 3485->3362 3492 423f4a-423f54 3485->3492 3487->3362 3492->3362
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7c619cfdb2417a1dd765c9684dc00ff7da98e4790b272c6bac34776b85a7bb18
                                            • Instruction ID: b3874c0ebfa8e5c98eb4c3a27b14194d81e346ea4a69c1a5551916dd99319231
                                            • Opcode Fuzzy Hash: 7c619cfdb2417a1dd765c9684dc00ff7da98e4790b272c6bac34776b85a7bb18
                                            • Instruction Fuzzy Hash: E4E1B134704125EFD710DF6AE585A5E77B0EB44304FA580A6E5069B362CB7CEE82DB18
                                            Function 00422804 Relevance: 18.3, APIs: 12, Instructions: 255windowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3652 422804-422815 3653 422817-422821 3652->3653 3654 422839-422858 3652->3654 3653->3654 3655 422823-422834 call 408c5c call 40311c 3653->3655 3656 422b4e-422b65 3654->3656 3657 42285e-422868 3654->3657 3655->3654 3659 422a49-422a8f call 402c00 3657->3659 3660 42286e-4228b3 call 402c00 3657->3660 3671 422a91-422a96 call 421dd4 3659->3671 3672 422a9b-422aa5 3659->3672 3669 422957-42296b 3660->3669 3670 4228b9-4228c3 3660->3670 3677 422971-42297b 3669->3677 3678 422a24-422a44 call 418188 ShowWindow 3669->3678 3675 4228c5-4228dc call 414664 3670->3675 3676 4228ff-422913 call 423150 3670->3676 3671->3672 3673 422aa7-422aaf call 416658 3672->3673 3674 422ab4-422abe 3672->3674 3673->3656 3682 422ac0-422add call 418188 SetWindowPos 3674->3682 3683 422adf-422af2 call 418188 GetActiveWindow 3674->3683 3697 4228e1-4228f8 call 4146a8 3675->3697 3698 4228de 3675->3698 3702 422915 3676->3702 3703 422918-42292c call 423148 3676->3703 3685 4229b3-4229fd call 418188 ShowWindow call 418188 CallWindowProcA call 414c6c 3677->3685 3686 42297d-4229b1 call 418188 SendMessageA call 418188 ShowWindow 3677->3686 3678->3656 3682->3656 3706 422af4-422b04 call 418188 IsIconic 3683->3706 3707 422b15-422b17 3683->3707 3724 422a02-422a1f SendMessageA 3685->3724 3686->3724 3717 422931-422933 3697->3717 3722 4228fa-4228fd 3697->3722 3698->3697 3702->3703 3703->3717 3718 42292e 3703->3718 3706->3707 3729 422b06-422b13 call 418188 call 41ef9c 3706->3729 3712 422b19-422b3c call 418188 SetWindowPos SetActiveWindow 3707->3712 3713 422b3e-422b49 call 418188 ShowWindow 3707->3713 3712->3656 3713->3656 3725 422937-422939 3717->3725 3726 422935 3717->3726 3718->3717 3722->3717 3724->3656 3730 42293b 3725->3730 3731 42293d-422952 3725->3731 3726->3725 3729->3707 3730->3731 3731->3669
                                            APIs
                                            • SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 0042299C
                                            • ShowWindow.USER32(00000000,00000003,00000000,00000223,00000000,00000000,00000000,00422B66), ref: 004229AC
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSendShowWindow
                                            • String ID:
                                            • API String ID: 1631623395-0
                                            • Opcode ID: 710b85e9e0d2b94c983cb3e0a4e0ece706801e1b802501e978e88977d4387c98
                                            • Instruction ID: 8c826587ba7af474f7b14690d684e7097f8878018e5f7bac2df75c57de2d2bfa
                                            • Opcode Fuzzy Hash: 710b85e9e0d2b94c983cb3e0a4e0ece706801e1b802501e978e88977d4387c98
                                            • Instruction Fuzzy Hash: 1791A471B00214FFD710EFA9DA86F9E77F4AB15304F5500B6F500AB2A2C7B8AE419B58
                                            Function 00462994 Relevance: 13.9, APIs: 4, Strings: 3, Instructions: 1620windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0048DA54: GetWindowRect.USER32(00000000), ref: 0048DA6A
                                            • LoadBitmapA.USER32(00400000,STOPIMAGE), ref: 00462D63
                                              • Part of subcall function 0041D658: GetObjectA.GDI32(?,00000018,00462D7D), ref: 0041D683
                                              • Part of subcall function 004627F0: SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 0046288D
                                              • Part of subcall function 004627F0: ExtractIconA.SHELL32(00400000,00000000,?), ref: 004628B3
                                              • Part of subcall function 004627F0: SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 0046290F
                                              • Part of subcall function 004627F0: ExtractIconA.SHELL32(00400000,00000000,?), ref: 00462935
                                              • Part of subcall function 004621AC: KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00462E18,00000000,00000000,00000000,0000000C,00000000), ref: 004621C4
                                              • Part of subcall function 0048DCB0: MulDiv.KERNEL32(0000000D,?,0000000D), ref: 0048DCBA
                                              • Part of subcall function 0048D9A4: 73E9A570.USER32(00000000,?,?,?), ref: 0048D9C6
                                              • Part of subcall function 0048D9A4: SelectObject.GDI32(?,00000000), ref: 0048D9EC
                                              • Part of subcall function 0048D9A4: 73E9A480.USER32(00000000,?,0048DA4A,0048DA43,?,00000000,?,?,?), ref: 0048DA3D
                                              • Part of subcall function 0048DCA0: MulDiv.KERNEL32(0000004B,?,00000006), ref: 0048DCAA
                                            • GetSystemMenu.USER32(00000000,00000000,0000000C,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,00000000,?), ref: 004639DB
                                            • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 004639EC
                                            • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 00463A04
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Menu$AppendExtractFileIconInfoObject$A480A570BitmapCallbackDispatcherLoadRectSelectSystemUserWindow
                                            • String ID: $(Default)$STOPIMAGE
                                            • API String ID: 798199749-770201673
                                            • Opcode ID: edd87f1fb70ff78689207597ef215f3f1d8daab5004934605c616b6dfe41ea42
                                            • Instruction ID: 0ce2a7c8654b4bda645b85becf187eb8cd9f620879433755a56cf3d7b5830d6a
                                            • Opcode Fuzzy Hash: edd87f1fb70ff78689207597ef215f3f1d8daab5004934605c616b6dfe41ea42
                                            • Instruction Fuzzy Hash: 97F2E4386005609FCB00EF59D9D9F9A73F1BF8A304F1542B6E5049B36AD774AC46CB8A
                                            Function 00454320 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA,00000000,00454454), ref: 00454350
                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00454356
                                            • GetDiskFreeSpaceExA.KERNEL32(00000000,?,?,00000000,00000000,00454432,?,00000000,kernel32.dll,GetDiskFreeSpaceExA,00000000,00454454), ref: 004543A1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressDiskFreeHandleModuleProcSpace
                                            • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                            • API String ID: 1197914913-3712701948
                                            • Opcode ID: b0b659b2d070814a0368f486c3293326616746fdd3269bbd203ed0c9b07b7e5a
                                            • Instruction ID: 308890e583471f7d729b9dc2fcd7aa40e9e9c611359b8057d7b1245ba4b987a9
                                            • Opcode Fuzzy Hash: b0b659b2d070814a0368f486c3293326616746fdd3269bbd203ed0c9b07b7e5a
                                            • Instruction Fuzzy Hash: E6318871A44259AFCF01DFA5C882AEEB7B8EF49704F508566F800F7252D63C5D49CB64
                                            Function 00478B6C Relevance: 9.1, APIs: 6, Instructions: 149fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileA.KERNEL32(00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000,?,?,00479E8F,?,?,00000000), ref: 00478BCC
                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000,?,?,00479E8F,?), ref: 00478C15
                                            • FindClose.KERNEL32(000000FF,000000FF,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000,?,?,00479E8F), ref: 00478C22
                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000,?,?,00479E8F,?), ref: 00478C6E
                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,00478D3B,?,00000000,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000), ref: 00478D17
                                            • FindClose.KERNEL32(000000FF,00478D42,00478D3B,?,00000000,?,00000000,?,?,00000000,?,00000000,00478D68,?,00000000,00000000), ref: 00478D35
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Find$File$CloseFirstNext
                                            • String ID:
                                            • API String ID: 3541575487-0
                                            • Opcode ID: a084e4e5c8f054e2080612fc2f017d72a6014d092eaae7f95311f756252c2dca
                                            • Instruction ID: 54e57abadac26bdf6b50859d29d6f630f81932fdc3dee25b4239eb6d38c32597
                                            • Opcode Fuzzy Hash: a084e4e5c8f054e2080612fc2f017d72a6014d092eaae7f95311f756252c2dca
                                            • Instruction Fuzzy Hash: 9C512171900658AFCB21EF65CC49ADEB7B8EB48315F1084BAA408E7391DA389F45CF58
                                            Function 0046F16C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,0046F2BE,?,?,00000001,0049307C), ref: 0046F1C5
                                            • FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,0046F2BE,?,?,00000001,0049307C), ref: 0046F28A
                                            • FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,0046F2BE,?,?,00000001,0049307C), ref: 0046F298
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Find$File$CloseFirstNext
                                            • String ID: unins$unins???.*
                                            • API String ID: 3541575487-1009660736
                                            • Opcode ID: c33e9ed9a5c64a779be56cc970f5b851d3c24f2eac79a6b11c153832b8d2d33a
                                            • Instruction ID: 3c9c22acd9639b612fd9d01020641e4b72dcc3c09d6e577180f12476a66c67e0
                                            • Opcode Fuzzy Hash: c33e9ed9a5c64a779be56cc970f5b851d3c24f2eac79a6b11c153832b8d2d33a
                                            • Instruction Fuzzy Hash: 2831D474600108AFDB50EB69D891ADEB7BCEF05308F5044F6E848E72A2E7399F458F19
                                            Function 004511DC Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,0045123F,?,?,-00000001,00000000), ref: 00451219
                                            • GetLastError.KERNEL32(00000000,?,00000000,0045123F,?,?,-00000001,00000000), ref: 00451221
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorFileFindFirstLast
                                            • String ID:
                                            • API String ID: 873889042-0
                                            • Opcode ID: a602d2efdf960d6167be496792d274a39b8ae1fe5526e10b942367c2e78b3dad
                                            • Instruction ID: 48b66b5ea5a2bd036d7052275c493811c4e0670e4fb7de4650a4648509248124
                                            • Opcode Fuzzy Hash: a602d2efdf960d6167be496792d274a39b8ae1fe5526e10b942367c2e78b3dad
                                            • Instruction Fuzzy Hash: B0F0F971A04604AB8B10DB6AAC4249EB7ECDB45725B6046BBFC14F3292DA784E048559
                                            Function 00408508 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,004924C0,00000001,?,004085D3,?,00000000,004086B2), ref: 00408526
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: e78cb18e13a677ec314dcfb13bf641d8481e9719d632e97f187bed88d7cfff22
                                            • Instruction ID: fb41a53da0808811ac7d324c7af8f56b416e217676924749333d5f26c846bbbb
                                            • Opcode Fuzzy Hash: e78cb18e13a677ec314dcfb13bf641d8481e9719d632e97f187bed88d7cfff22
                                            • Instruction Fuzzy Hash: 84E0927170022466D711A95A9C86AF6B35C9758314F00427FB948EB3C2EDB89E8046A9
                                            Function 00423B2C Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtdllDefWindowProc_A.USER32(?,?,?,?,?,004240F9,?,00000000,00424104), ref: 00423B56
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: NtdllProc_Window
                                            • String ID:
                                            • API String ID: 4255912815-0
                                            • Opcode ID: c9ca02dc5c13b0bcd4898fe3f6bac102fe768f9dff7234e6a92afc66219a27c4
                                            • Instruction ID: 62037174fb3a4e63d39f4d80a9d1e591ad15120c94b51c82d4663250cb3dbf53
                                            • Opcode Fuzzy Hash: c9ca02dc5c13b0bcd4898fe3f6bac102fe768f9dff7234e6a92afc66219a27c4
                                            • Instruction Fuzzy Hash: A0F0C579205608AFCB40DF9DC588D4AFBE8FB4C260B158295B988CB321C234FE808F94
                                            Function 00453AB0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: NameUser
                                            • String ID:
                                            • API String ID: 2645101109-0
                                            • Opcode ID: 5296a1f906bcaa54e59ae334d9b19b6ea28d15cb2d3d13e924c6b19246622dfc
                                            • Instruction ID: 059ce6dee4a85458501d0894a56d11df68a23133cc4b2401fd590ab7d757c589
                                            • Opcode Fuzzy Hash: 5296a1f906bcaa54e59ae334d9b19b6ea28d15cb2d3d13e924c6b19246622dfc
                                            • Instruction Fuzzy Hash: 5AD0C2B120420053C701AE68DC8269B358C8B84316F10483E7CC6DA2C3E67DDF48A75A
                                            Function 0042ED38 Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0042ED54
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: NtdllProc_Window
                                            • String ID:
                                            • API String ID: 4255912815-0
                                            • Opcode ID: 91b0dd6747560fde216d2f50548a1967917e8f2ec5623530882f2ca8682825d1
                                            • Instruction ID: 530d004986d911579cf02e8422d66cb1dcb863e7172150f09f51376a0a0a5638
                                            • Opcode Fuzzy Hash: 91b0dd6747560fde216d2f50548a1967917e8f2ec5623530882f2ca8682825d1
                                            • Instruction Fuzzy Hash: 64D0A77121010DAFCB00DE9AE840D6F33ACEB88700BA0C806F518C7201C234EC108BB4
                                            Function 004696B4 Relevance: 65.1, APIs: 1, Strings: 36, Instructions: 391registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1293 4696b4-4696e4 1294 4696e6-4696ed 1293->1294 1295 4696ef 1293->1295 1296 4696f6-46972e call 403634 call 403738 call 42dce8 1294->1296 1295->1296 1303 469730-469744 call 403738 call 42dce8 1296->1303 1304 469749-469772 call 403738 call 42dc0c 1296->1304 1303->1304 1312 469774-46977d call 469490 1304->1312 1313 469782-4697ab call 4695ac 1304->1313 1312->1313 1317 4697bd-4697c0 call 403400 1313->1317 1318 4697ad-4697bb call 403494 1313->1318 1322 4697c5-469810 call 4695ac call 42c3a4 call 4695f4 call 4695ac 1317->1322 1318->1322 1331 469826-469847 call 453ab0 call 4695ac 1322->1331 1332 469812-469825 call 46961c 1322->1332 1339 46989d-4698a4 1331->1339 1340 469849-46989c call 4695ac call 472f9c call 4695ac call 472f9c call 4695ac 1331->1340 1332->1331 1341 4698a6-4698de call 472f9c call 4695ac call 472f9c call 4695ac 1339->1341 1342 4698e4-4698eb 1339->1342 1340->1339 1375 4698e3 1341->1375 1346 46992c-469930 1342->1346 1347 4698ed-46992b call 4695ac * 3 1342->1347 1349 469932-46993d call 475650 1346->1349 1350 46993f-469948 call 403494 1346->1350 1347->1346 1360 46994d-469b1a call 403778 call 4695ac call 475650 call 4695f4 call 403494 call 40357c * 2 call 4695ac call 403494 call 40357c * 2 call 4695ac call 475650 call 4695f4 call 475650 call 4695f4 call 475650 call 4695f4 call 475650 call 4695f4 call 475650 call 4695f4 call 475650 call 4695f4 call 475650 call 4695f4 call 475650 call 4695f4 call 475650 call 4695f4 call 475650 1349->1360 1350->1360 1437 469b30-469b3e call 46961c 1360->1437 1438 469b1c-469b2e call 4695ac 1360->1438 1375->1342 1442 469b43 1437->1442 1443 469b44-469b6c call 46961c call 469650 call 4695ac 1438->1443 1442->1443 1449 469b71-469b79 1443->1449 1450 469bd3-469be9 RegCloseKey 1449->1450 1451 469b7b-469bb1 call 48cea0 1449->1451 1451->1450
                                            APIs
                                              • Part of subcall function 004695AC: RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,?,?,0049307C,?,004697A3,?,00000000,00469BEA,?,_is1), ref: 004695CF
                                            • RegCloseKey.ADVAPI32(?,00469BF1,?,_is1,?,Software\Microsoft\Windows\CurrentVersion\Uninstall\,00000000,00469C39,?,?,00000001,0049307C), ref: 00469BE4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseValue
                                            • String ID: " /SILENT$5.2.3$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$HelpLink$HelpTelephone$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: Setup Version$Inno Setup: User$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$InstallDate$InstallLocation$ModifyPath$NoModify$NoRepair$Publisher$QuietUninstallString$Readme$RegisterPreviousData$Software\Microsoft\Windows\CurrentVersion\Uninstall\$URLInfoAbout$URLUpdateInfo$UninstallString$_is1
                                            • API String ID: 3132538880-1148470211
                                            • Opcode ID: a41e474bd26d991b690e2bdd59ca94df7e82456866c32f98a6d0909107c4c692
                                            • Instruction ID: b10ae86822701baf94b0909050c6c73479acdbc000c85b0031fe9b3e7e797c5a
                                            • Opcode Fuzzy Hash: a41e474bd26d991b690e2bdd59ca94df7e82456866c32f98a6d0909107c4c692
                                            • Instruction Fuzzy Hash: BEE13475A00109ABCB04EF55D98199F73BDEB44304F60847BE4056B395EBB9BE01CB6E
                                            Function 0047C39C Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 68libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3061 47c39c-47c3c1 GetModuleHandleA GetProcAddress 3062 47c3c3-47c3d9 GetNativeSystemInfo GetProcAddress 3061->3062 3063 47c428-47c42d GetSystemInfo 3061->3063 3064 47c432-47c43b 3062->3064 3065 47c3db-47c3e6 GetCurrentProcess 3062->3065 3063->3064 3066 47c43d-47c441 3064->3066 3067 47c44b-47c452 3064->3067 3065->3064 3072 47c3e8-47c3ec 3065->3072 3069 47c454-47c45b 3066->3069 3070 47c443-47c447 3066->3070 3071 47c46d-47c472 3067->3071 3069->3071 3073 47c45d-47c464 3070->3073 3074 47c449-47c466 3070->3074 3072->3064 3075 47c3ee-47c3f5 call 450e98 3072->3075 3073->3071 3074->3071 3075->3064 3079 47c3f7-47c404 GetProcAddress 3075->3079 3079->3064 3080 47c406-47c41d GetModuleHandleA GetProcAddress 3079->3080 3080->3064 3081 47c41f-47c426 3080->3081 3081->3064
                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0047C3AD
                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0047C3BA
                                            • GetNativeSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 0047C3C8
                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0047C3D0
                                            • GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 0047C3DC
                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 0047C3FD
                                            • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 0047C410
                                            • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0047C416
                                            • GetSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 0047C42D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc$HandleInfoModuleSystem$CurrentNativeProcess
                                            • String ID: GetNativeSystemInfo$GetSystemWow64DirectoryA$IsWow64Process$RegDeleteKeyExA$advapi32.dll$kernel32.dll
                                            • API String ID: 2230631259-2623177817
                                            • Opcode ID: 88536f7c12e65bd0d8273b1485407be1152ee2236569315de8ce4967890ede1f
                                            • Instruction ID: 06dcc6403529f5206617775aef830b133aa19bd788f334af9eebe881936bbdd9
                                            • Opcode Fuzzy Hash: 88536f7c12e65bd0d8273b1485407be1152ee2236569315de8ce4967890ede1f
                                            • Instruction Fuzzy Hash: 0511E255044341A8CB20B3B55DE6BFB26488B51B18F68C43F688C762D3D67CCC888AAF
                                            Function 00464310 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 155registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3082 464310-464348 call 475650 3085 46434e-46435e call 472618 3082->3085 3086 46452a-464544 call 403420 3082->3086 3091 464363-4643a8 call 407894 call 403738 call 42dc44 3085->3091 3097 4643ad-4643af 3091->3097 3098 4643b5-4643ca 3097->3098 3099 464520-464524 3097->3099 3100 4643df-4643e6 3098->3100 3101 4643cc-4643da call 42db74 3098->3101 3099->3086 3099->3091 3103 464413-46441a 3100->3103 3104 4643e8-46440a call 42db74 call 42db8c 3100->3104 3101->3100 3105 464473-46447a 3103->3105 3106 46441c-464441 call 42db74 * 2 3103->3106 3104->3103 3121 46440c 3104->3121 3109 4644c0-4644c7 3105->3109 3110 46447c-46448e call 42db74 3105->3110 3129 464443-46444c call 473090 3106->3129 3130 464451-464463 call 42db74 3106->3130 3115 464502-464518 RegCloseKey 3109->3115 3116 4644c9-4644fd call 42db74 * 3 3109->3116 3122 464490-464499 call 473090 3110->3122 3123 46449e-4644b0 call 42db74 3110->3123 3116->3115 3121->3103 3122->3123 3123->3109 3136 4644b2-4644bb call 473090 3123->3136 3129->3130 3130->3105 3139 464465-46446e call 473090 3130->3139 3136->3109 3139->3105
                                            APIs
                                              • Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60
                                            • RegCloseKey.ADVAPI32(?,0046452A,?,?,00000001,00000000,00000000,00464545,?,00000000,00000000,?), ref: 00464513
                                            Strings
                                            • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0046436F
                                            • Inno Setup: Deselected Tasks, xrefs: 004644A1
                                            • Inno Setup: User Info: Name, xrefs: 004644CF
                                            • Inno Setup: Selected Tasks, xrefs: 0046447F
                                            • Inno Setup: Setup Type, xrefs: 00464422
                                            • Inno Setup: User Info: Organization, xrefs: 004644E2
                                            • Inno Setup: No Icons, xrefs: 004643FB
                                            • %s\%s_is1, xrefs: 0046438D
                                            • Inno Setup: Deselected Components, xrefs: 00464454
                                            • Inno Setup: App Path, xrefs: 004643D2
                                            • Inno Setup: Selected Components, xrefs: 00464432
                                            • Inno Setup: User Info: Serial, xrefs: 004644F5
                                            • Inno Setup: Icon Group, xrefs: 004643EE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseOpen
                                            • String ID: %s\%s_is1$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                            • API String ID: 47109696-1093091907
                                            • Opcode ID: 656d49b256d882bfac0158612abae772bdb9cd827ef99868eb5ead17b80590e5
                                            • Instruction ID: fc5077364d37a5906c2ffbe53c2f2339136cb7e8b2833831ee8049aef900e6f6
                                            • Opcode Fuzzy Hash: 656d49b256d882bfac0158612abae772bdb9cd827ef99868eb5ead17b80590e5
                                            • Instruction Fuzzy Hash: 1D51D070A00244ABDF11DB64C552BDEBBF4EF85304F6080ABE941A7391E738AF01CB59
                                            Function 0046DA44 Relevance: 23.3, APIs: 8, Strings: 5, Instructions: 554registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3141 46da44-46da77 3142 46e0e0-46e114 call 468c58 call 403400 * 2 call 403420 3141->3142 3143 46da7d-46da81 3141->3143 3145 46da88-46dac5 call 40b3e4 call 472c88 3143->3145 3155 46e0d4-46e0da 3145->3155 3156 46dacb-46db0a call 476edc call 47291c call 475650 * 2 3145->3156 3155->3142 3155->3145 3167 46db10-46db17 3156->3167 3168 46db0c 3156->3168 3169 46db30-46db49 3167->3169 3170 46db19-46db20 3167->3170 3168->3167 3173 46db6f-46db76 3169->3173 3174 46db4b-46db55 call 46d874 3169->3174 3171 46db22-46db27 call 451ac0 3170->3171 3172 46db2c 3170->3172 3171->3172 3172->3169 3175 46db85-46db8c 3173->3175 3176 46db78-46db7f 3173->3176 3174->3173 3186 46db57-46db6a call 403738 call 42dce8 3174->3186 3180 46db8e-46db95 3175->3180 3181 46dbdf-46dbff call 46d898 3175->3181 3176->3175 3179 46dfb1-46dfe7 3176->3179 3179->3169 3190 46dfed-46dff4 3179->3190 3180->3181 3184 46db97-46dbb9 call 403738 call 42dc44 3180->3184 3192 46dc72-46dc79 3181->3192 3193 46dc01-46dc26 call 403738 call 42dc0c 3181->3193 3184->3179 3220 46dbbf-46dbda call 403738 RegDeleteValueA RegCloseKey 3184->3220 3186->3173 3195 46dff6-46e000 call 46d874 3190->3195 3196 46e027-46e02e 3190->3196 3197 46dcc2 3192->3197 3198 46dc7b-46dc9f call 403738 call 42dc44 3192->3198 3224 46dc2b-46dc2f 3193->3224 3195->3196 3221 46e002-46e022 call 457ce4 3195->3221 3199 46e030-46e03a call 46d874 3196->3199 3200 46e061-46e068 3196->3200 3210 46dcc7-46dcc9 3197->3210 3198->3210 3241 46dca1-46dca4 3198->3241 3199->3200 3223 46e03c-46e05c call 457ce4 3199->3223 3208 46e095-46e09c 3200->3208 3209 46e06a-46e090 call 457ce4 3200->3209 3217 46e09e-46e0c4 call 457ce4 3208->3217 3218 46e0c9-46e0cf call 472948 3208->3218 3209->3208 3210->3179 3219 46dccf-46dce4 3210->3219 3217->3218 3218->3155 3227 46dce6-46dcf3 call 403738 RegDeleteValueA 3219->3227 3228 46dcf8-46dcff 3219->3228 3220->3179 3221->3196 3223->3200 3235 46dc56-46dc5d 3224->3235 3236 46dc31-46dc35 3224->3236 3227->3228 3231 46dd05-46dd0c 3228->3231 3232 46df93-46dfa9 RegCloseKey 3228->3232 3239 46dd0e-46dd22 call 403738 call 42db8c 3231->3239 3240 46dd28-46dd34 3231->3240 3235->3210 3243 46dc5f-46dc70 call 469490 3235->3243 3236->3210 3242 46dc3b-46dc54 call 46d898 3236->3242 3239->3232 3239->3240 3247 46dd36 3240->3247 3248 46dd4c-46dd56 3240->3248 3241->3210 3246 46dca6-46dcad 3241->3246 3242->3210 3243->3210 3246->3210 3252 46dcaf-46dcc0 call 469490 3246->3252 3253 46deee-46df27 call 475650 call 406d38 call 403738 RegSetValueExA 3247->3253 3254 46dd3c-46dd3e 3247->3254 3256 46dd5f-46dd64 3248->3256 3257 46dd58-46dd5b 3248->3257 3252->3210 3253->3232 3295 46df29-46df30 3253->3295 3262 46dd44-46dd46 3254->3262 3263 46df45-46df77 call 403574 call 403738 * 2 RegSetValueExA 3254->3263 3266 46dd6b-46dd6d 3256->3266 3264 46dd66 3257->3264 3265 46dd5d 3257->3265 3262->3232 3262->3248 3263->3232 3300 46df79-46df80 3263->3300 3264->3266 3265->3266 3267 46dd73-46dd85 call 40385c 3266->3267 3268 46de0a-46de1c call 40385c 3266->3268 3282 46dd87-46dd9e call 403738 call 42db74 3267->3282 3283 46dda0-46dda3 call 403400 3267->3283 3285 46de37-46de3a call 403400 3268->3285 3286 46de1e-46de35 call 403738 call 42db80 3268->3286 3282->3283 3297 46dda8-46ddaf 3282->3297 3283->3297 3298 46de3f-46de78 call 475670 3285->3298 3286->3285 3286->3298 3295->3232 3302 46df32-46df43 call 469490 3295->3302 3304 46dde0-46de05 call 475670 3297->3304 3305 46ddb1-46ddcf call 403738 RegQueryValueExA 3297->3305 3313 46de7a-46de8a call 403574 3298->3313 3314 46de99-46dec5 call 403574 call 403738 * 2 RegSetValueExA 3298->3314 3300->3232 3308 46df82-46df8e call 469490 3300->3308 3302->3232 3304->3314 3305->3304 3321 46ddd1-46ddd5 3305->3321 3308->3232 3313->3314 3326 46de8c-46de94 call 40357c 3313->3326 3314->3232 3332 46decb-46ded2 3314->3332 3322 46ddd7-46dddb 3321->3322 3323 46dddd 3321->3323 3322->3304 3322->3323 3323->3304 3326->3314 3332->3232 3333 46ded8-46dee9 call 469490 3332->3333 3333->3232
                                            APIs
                                            • RegDeleteValueA.ADVAPI32(?,00000000,?,00000002,00000000,00000000,0046DFBB,?,?,?,?,00000000,0046E115,?,?,00000001), ref: 0046DBCC
                                            • RegCloseKey.ADVAPI32(?,?,00000000,?,00000002,00000000,00000000,0046DFBB,?,?,?,?,00000000,0046E115,?,?), ref: 0046DBD5
                                              • Part of subcall function 0046D898: GetLastError.KERNEL32(00000000,00000000,00000000,0046D96C,?,?,00000001,0049307C), ref: 0046D925
                                            • RegDeleteValueA.ADVAPI32(?,00000000,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?,?,00000000,0046E115,?,?), ref: 0046DCF3
                                              • Part of subcall function 0042DC0C: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DC38
                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?,?), ref: 0046DDC8
                                            • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000002,00000000,00000001,?,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?), ref: 0046DEBC
                                            • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000004,?,00000004,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?,?), ref: 0046DF1E
                                              • Part of subcall function 0046D898: GetLastError.KERNEL32(00000000,00000000,00000000,0046D96C,?,?,00000001,0049307C), ref: 0046D93B
                                            • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000003,00000000,00000000,00000000,0046DFAA,?,?,00000000,0046DFBB,?,?,?,?), ref: 0046DF6E
                                            • RegCloseKey.ADVAPI32(?,0046DFB1,?,00000000,0046DFBB,?,?,?,?,00000000,0046E115,?,?,00000001,0049307C), ref: 0046DFA4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Value$CloseDeleteErrorLast$CreateQuery
                                            • String ID: Cannot access 64-bit registry keys on this version of Windows$break$olddata${olddata}$|0I
                                            • API String ID: 2797102135-3741232538
                                            • Opcode ID: 9fb4967892ac9ba3464161e53599085ce1b61556022f070b016eba1bae379ff3
                                            • Instruction ID: e94ff9ff62352b89d827cbe010cb1ec31ebc1fc567b363989c2fb2b4bcf8395d
                                            • Opcode Fuzzy Hash: 9fb4967892ac9ba3464161e53599085ce1b61556022f070b016eba1bae379ff3
                                            • Instruction Fuzzy Hash: 90222974F01248AFDB10DF99D981B9EBBF9AF08304F504066F904AB392D778AE05CB19
                                            Function 0046CE64 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 317COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3495 46ce64-46cf52 call 403728 call 403778 call 403684 call 475650 call 403494 * 2 call 40357c call 42c6fc call 403494 call 40357c call 42c6fc call 403494 call 40357c call 42c6fc 3524 46cf54-46cf57 3495->3524 3525 46cf59-46cf5d 3495->3525 3526 46cf62-46cf70 call 46ccb8 3524->3526 3525->3526 3527 46cf5f 3525->3527 3530 46cf72-46cf7d call 403494 3526->3530 3531 46cf7f-46cf85 call 403494 3526->3531 3527->3526 3535 46cf8a-46cfe6 call 455b70 call 468a6c call 42c79c call 469f80 call 406ef0 * 2 call 42cc08 3530->3535 3531->3535 3550 46cffc-46d008 call 406ef0 3535->3550 3551 46cfe8-46cff7 call 403738 WritePrivateProfileStringA 3535->3551 3556 46d00e-46d034 call 4547a4 3550->3556 3557 46d0af-46d0ca call 46cd20 call 403494 3550->3557 3551->3550 3560 46d039-46d03d 3556->3560 3569 46d0ce-46d0d9 3557->3569 3562 46d03f-46d049 call 42cc2c 3560->3562 3563 46d04b-46d04d 3560->3563 3562->3563 3571 46d04f 3562->3571 3567 46d051-46d058 3563->3567 3567->3569 3570 46d05a-46d05e 3567->3570 3572 46d0f1-46d100 call 403738 SHChangeNotify 3569->3572 3573 46d0db-46d0ef call 403738 SHChangeNotify 3569->3573 3570->3569 3574 46d060-46d07a call 42c7f4 call 406a2c 3570->3574 3571->3567 3582 46d105-46d12e call 42c79c call 403738 SHChangeNotify 3572->3582 3573->3582 3574->3569 3585 46d07c-46d0a1 call 4539bc 3574->3585 3591 46d134-46d138 3582->3591 3592 46d232-46d266 call 468c58 call 403400 call 403420 call 403400 3582->3592 3585->3569 3593 46d13e-46d1cb call 457b54 call 42c3a4 call 40357c call 457b54 call 42c3a4 call 40357c call 457b54 3591->3593 3594 46d1cd-46d1d1 3591->3594 3593->3592 3597 46d1f4-46d22d call 457b54 * 2 3594->3597 3598 46d1d3-46d1f2 call 457b54 3594->3598 3597->3592 3598->3592
                                            APIs
                                              • Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720
                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0046CFF7
                                            • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046D0EA
                                            • SHChangeNotify.SHELL32(00000002,00000001,00000000,00000000), ref: 0046D100
                                            • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046D125
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ChangeNotify$FullNamePathPrivateProfileStringWrite
                                            • String ID: .lnk$.pif$.url$Desktop.ini$Filename: %s$target.lnk${group}\
                                            • API String ID: 971782779-3668018701
                                            • Opcode ID: f1617ab6b71b35178ead2c9d1e8d3e2785dbb240c4cc6a8745c954e4cd1abf1d
                                            • Instruction ID: 7241237f7b2753aa4bad096b30eb67052993fe11f1c9b15bd1d8ff4051f223ab
                                            • Opcode Fuzzy Hash: f1617ab6b71b35178ead2c9d1e8d3e2785dbb240c4cc6a8745c954e4cd1abf1d
                                            • Instruction Fuzzy Hash: E5D10174E002499FDB01EF99D885BDDBBF5AF08318F14406AF804B7392D678AE45CB69
                                            Function 0042381C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98windowregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3624 42381c-423826 3625 42394f-423953 3624->3625 3626 42382c-42384e call 41f36c GetClassInfoA 3624->3626 3629 423850-423867 RegisterClassA 3626->3629 3630 42387f-423888 GetSystemMetrics 3626->3630 3629->3630 3631 423869-42387a call 408c5c call 40311c 3629->3631 3632 42388a 3630->3632 3633 42388d-423897 GetSystemMetrics 3630->3633 3631->3630 3632->3633 3635 423899 3633->3635 3636 42389c-4238f8 call 403738 call 406300 call 403400 call 4235f4 SetWindowLongA 3633->3636 3635->3636 3647 423912-423940 GetSystemMenu DeleteMenu * 2 3636->3647 3648 4238fa-42390d call 424120 SendMessageA 3636->3648 3647->3625 3650 423942-42394a DeleteMenu 3647->3650 3648->3647 3650->3625
                                            APIs
                                              • Part of subcall function 0041F36C: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041ED4C,?,00423837,00423BB4,0041ED4C), ref: 0041F38A
                                            • GetClassInfoA.USER32(00400000,00423624), ref: 00423847
                                            • RegisterClassA.USER32(00491630), ref: 0042385F
                                            • GetSystemMetrics.USER32(00000000), ref: 00423881
                                            • GetSystemMetrics.USER32(00000001), ref: 00423890
                                            • SetWindowLongA.USER32(004105F8,000000FC,00423634), ref: 004238EC
                                            • SendMessageA.USER32(004105F8,00000080,00000001,00000000), ref: 0042390D
                                            • GetSystemMenu.USER32(004105F8,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4,0041ED4C), ref: 00423918
                                            • DeleteMenu.USER32(00000000,0000F030,00000000,004105F8,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4,0041ED4C), ref: 00423927
                                            • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,004105F8,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 00423934
                                            • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,004105F8,00000000,00000000,00400000,00000000,00000000,00000000), ref: 0042394A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Menu$DeleteSystem$ClassMetrics$AllocInfoLongMessageRegisterSendVirtualWindow
                                            • String ID: $6B
                                            • API String ID: 183575631-3519776487
                                            • Opcode ID: eab6e0685d628ddd3517e4b89744e6d6f082af808eb82acc3524c7e5c678176b
                                            • Instruction ID: 44122239756f869d7af1fdba3570d6082de878778f6117c7260872992629901f
                                            • Opcode Fuzzy Hash: eab6e0685d628ddd3517e4b89744e6d6f082af808eb82acc3524c7e5c678176b
                                            • Instruction Fuzzy Hash: 2B31A1B17402107AEB10BF659C82F663698AB14708F10007BFA41EF2E7DABDED04876C
                                            Function 00452B60 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 228registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3847 452b60-452bb2 call 42dc0c 3850 452c4f-452c8e call 403738 RegQueryValueExA 3847->3850 3851 452bb8-452c4a call 451d2c call 4506ac call 40357c call 406d08 call 42e660 call 4506ac call 40357c call 408bac call 40311c 3847->3851 3857 452c94-452c98 3850->3857 3858 452d2d-452d4a 3850->3858 3851->3850 3859 452ca7-452cb7 call 42db74 3857->3859 3860 452c9a-452c9d 3857->3860 3866 452d51-452d5b 3858->3866 3867 452d4c-452d4e 3858->3867 3859->3858 3878 452cb9-452ccb call 406d38 3859->3878 3863 452ccd-452cd1 3860->3863 3864 452c9f-452ca0 3860->3864 3863->3858 3875 452cd3-452cd7 3863->3875 3870 452d04-452d26 RegQueryValueExA 3864->3870 3871 452ca2 3864->3871 3873 452d60-452d67 3866->3873 3874 452d5d 3866->3874 3867->3866 3870->3858 3876 452d28 call 408b80 3870->3876 3871->3858 3879 452d73-452da4 call 406d08 call 403574 call 403738 RegSetValueExA 3873->3879 3880 452d69-452d6f 3873->3880 3874->3873 3875->3858 3881 452cd9-452cf4 RegQueryValueExA 3875->3881 3876->3858 3878->3858 3890 452dbf-452dfa RegCloseKey call 403420 call 403400 * 3 3879->3890 3885 452da6-452dba RegSetValueExA 3880->3885 3886 452d71 3880->3886 3888 452cf6 call 408b80 3881->3888 3889 452cfb-452d02 3881->3889 3885->3890 3886->3890 3888->3889 3889->3858
                                            APIs
                                              • Part of subcall function 0042DC0C: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DC38
                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,00452D37,?,00000000,00452DFB), ref: 00452C87
                                            • RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,00000001,?,00000000,?,00000000,00452D37,?,00000000,00452DFB), ref: 00452DC3
                                              • Part of subcall function 0042E660: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004519EF,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E67F
                                            Strings
                                            • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00452B9F
                                            • RegCreateKeyEx, xrefs: 00452BFB
                                            • , xrefs: 00452BE9
                                            • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00452BCF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseCreateFormatMessageQueryValue
                                            • String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                            • API String ID: 2481121983-1280779767
                                            • Opcode ID: 9018253a385123efa2ecc4f6c82eb1ef7f04a9082a2b065ab612a7f6425c4dcd
                                            • Instruction ID: 541388b9b65ddcc629600b839954f269b6f8816a0d78520760673cf251dcd2db
                                            • Opcode Fuzzy Hash: 9018253a385123efa2ecc4f6c82eb1ef7f04a9082a2b065ab612a7f6425c4dcd
                                            • Instruction Fuzzy Hash: A381ED75A00209ABDB01DFD5D941BEEB7B9EF49305F50442BF900F7282D778AA09CB69
                                            Function 00454B2C Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 99libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3915 454b2c-454b65 GetModuleHandleA GetProcAddress 3916 454b67-454b6c call 451c18 3915->3916 3917 454b71-454b8a call 42c6fc call 403ca4 3915->3917 3916->3917 3923 454b91-454bae LoadTypeLib 3917->3923 3924 454b8c call 408ba0 3917->3924 3926 454bb0-454bb7 call 451c2c 3923->3926 3927 454bbc-454bd9 3923->3927 3924->3923 3926->3927 3930 454be7-454c0f 3927->3930 3931 454bdb-454be2 call 451c2c 3927->3931 3934 454c11-454c18 call 451c2c 3930->3934 3935 454c1d-454c37 3930->3935 3931->3930 3934->3935
                                            APIs
                                            • GetModuleHandleA.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,00454C91,?,?,00000031,?), ref: 00454B54
                                            • GetProcAddress.KERNEL32(00000000,OLEAUT32.DLL), ref: 00454B5A
                                            • LoadTypeLib.OLEAUT32(00000000,?), ref: 00454BA7
                                              • Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressErrorHandleLastLoadModuleProcType
                                            • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                            • API String ID: 1914119943-2711329623
                                            • Opcode ID: d210851b84ee8ed0cf0bc6dd3e4e08ac884d2ad416f4a8fce7e1b1334e581b7f
                                            • Instruction ID: e4400bf96c166b5c8e97fc258379556c86f091726ab19f10260670aaeab998db
                                            • Opcode Fuzzy Hash: d210851b84ee8ed0cf0bc6dd3e4e08ac884d2ad416f4a8fce7e1b1334e581b7f
                                            • Instruction Fuzzy Hash: 3831B475600604AFDB12EFAACC01E5BB7B9EBC870971144AAF814DB752DA38D984C628
                                            Function 004760F0 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 95libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetProcAddress.KERNEL32(00000000,SHGetFolderPathA), ref: 004761F2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc
                                            • String ID: Failed to get address of SHGetFolderPathA function$Failed to get version numbers of _shfoldr.dll$Failed to load DLL "%s"$SHFOLDERDLL$SHGetFolderPathA$_isetup\_shfoldr.dll$shell32.dll$shfolder.dll
                                            • API String ID: 190572456-1072092678
                                            • Opcode ID: a2d535c16ed515cbd8098ffcc1ef3c8eebb3befa93ef48f17ab6feb59f006cbe
                                            • Instruction ID: 226347d15c1c5d11692c613386f90c3546301fb27c77df9f9534ec7b1eb9fe62
                                            • Opcode Fuzzy Hash: a2d535c16ed515cbd8098ffcc1ef3c8eebb3befa93ef48f17ab6feb59f006cbe
                                            • Instruction Fuzzy Hash: 68312130A009499FCB50EF95D9819DEB7B6EB45304F91C4B7E808E7252D738AE09CB59
                                            Function 0042ED78 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 90windowregistryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetActiveWindow.USER32 ref: 0042EDA7
                                            • GetFocus.USER32 ref: 0042EDAF
                                            • RegisterClassA.USER32(004917AC), ref: 0042EDD0
                                            • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,0042EEA4,88000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0042EE0E
                                            • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000), ref: 0042EE54
                                            • ShowWindow.USER32(00000000,00000008,00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000,00000000,TWindowDisabler-Window), ref: 0042EE65
                                            • SetFocus.USER32(00000000,00000000,0042EE87,?,?,?,00000001,00000000,?,004564AE,00000000,00492628), ref: 0042EE6C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$CreateFocus$ActiveClassRegisterShow
                                            • String ID: (&I$TWindowDisabler-Window
                                            • API String ID: 3167913817-491212620
                                            • Opcode ID: 510e926be6cddd0211adbfb4469153b5284f3bcdfc9007fb221ede7ccf605718
                                            • Instruction ID: 82027174cfd9f418450fe8ca69ab33f3320fea0b1784bdf35dac21ea3b2746f1
                                            • Opcode Fuzzy Hash: 510e926be6cddd0211adbfb4469153b5284f3bcdfc9007fb221ede7ccf605718
                                            • Instruction Fuzzy Hash: E0218171740710BAE710EB62ED02F1B76A8EB04B04F62453BF604AB6D1D7B86D50C6ED
                                            Function 00401A90 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 59COMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlEnterCriticalSection.KERNEL32(00492420,00000000,00401B68), ref: 00401ABD
                                            • LocalFree.KERNEL32(00000000,00000000,00401B68), ref: 00401ACF
                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401B68), ref: 00401AEE
                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401B68), ref: 00401B2D
                                            • RtlLeaveCriticalSection.KERNEL32(00492420,00401B6F), ref: 00401B58
                                            • RtlDeleteCriticalSection.KERNEL32(00492420,00401B6F), ref: 00401B62
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                            • String ID: @$I$P$I$|$I
                                            • API String ID: 3782394904-2452420409
                                            • Opcode ID: 13d60d6258edcbf522f01d7291c019f1f170a7a552ba6335bbe69aef08fb1927
                                            • Instruction ID: fb38efb60124e33bd0d6d544a4e8ce278d04d8a52801059130394851150c0a80
                                            • Opcode Fuzzy Hash: 13d60d6258edcbf522f01d7291c019f1f170a7a552ba6335bbe69aef08fb1927
                                            • Instruction Fuzzy Hash: C611BF30A017407AEB15AB659E82F263BE8A76170CF44007BF40067AF2D7FC9840C7AE
                                            Function 0047A510 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 167windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNEL32(00000000), ref: 0047A6B8
                                            • FreeLibrary.KERNEL32(00000000), ref: 0047A6CC
                                            • SendNotifyMessageA.USER32(000203EE,00000496,00002710,00000000), ref: 0047A731
                                            Strings
                                            • Deinitializing Setup., xrefs: 0047A52E
                                            • GetCustomSetupExitCode, xrefs: 0047A56D
                                            • Restarting Windows., xrefs: 0047A70C
                                            • Not restarting Windows because Setup is being run from the debugger., xrefs: 0047A6ED
                                            • DeinitializeSetup, xrefs: 0047A5C9
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FreeLibrary$MessageNotifySend
                                            • String ID: DeinitializeSetup$Deinitializing Setup.$GetCustomSetupExitCode$Not restarting Windows because Setup is being run from the debugger.$Restarting Windows.
                                            • API String ID: 3817813901-1884538726
                                            • Opcode ID: fdb1c29b155759c15730f307f48292e95d6d363ec47dbd13bc0fccd5f4656a65
                                            • Instruction ID: f287f9a6f42f295c8f4485c9d1258599c6f04b79e283e83c7e33560143f14427
                                            • Opcode Fuzzy Hash: fdb1c29b155759c15730f307f48292e95d6d363ec47dbd13bc0fccd5f4656a65
                                            • Instruction Fuzzy Hash: 8C51D034600200AFD315DF65D885B9EBBA4FB9A315F61C4BBE808C73A1CB389D55CB5A
                                            Function 0045196C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00451A05,?,?,?,?,00000000,?,00490B53), ref: 0045198C
                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00451992
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00451A05,?,?,?,?,00000000,?,00490B53), ref: 004519A6
                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004519AC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                            • API String ID: 1646373207-2130885113
                                            • Opcode ID: 3bf36bcfd98ce10bad23e2f9ae0128a2780410d433234e43a73a8982a17feb5d
                                            • Instruction ID: bc30ab95aa3e68d9a300d6e2b8d7baffeb65242bdbb5e2da560ca488e233ca82
                                            • Opcode Fuzzy Hash: 3bf36bcfd98ce10bad23e2f9ae0128a2780410d433234e43a73a8982a17feb5d
                                            • Instruction Fuzzy Hash: AF0184B0241744FEDB12EB729C56B5A3A98D711B19F60487BF840A51A3D7FC4D08CA6D
                                            Function 00455D18 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 126COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042D7A8: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D7BB
                                            • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00455ECC,?, /s ",?,regsvr32.exe",?,00455ECC), ref: 00455E3E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseDirectoryHandleSystem
                                            • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                            • API String ID: 2051275411-1862435767
                                            • Opcode ID: 9895f8d2695afc35d5eee75a5cecc7043b8b6e38e8a55d7032a8c44fe786c0ce
                                            • Instruction ID: 20fae124b9662d37c7335df2d5232179d222b48998ad5ae4538026d20c86275f
                                            • Opcode Fuzzy Hash: 9895f8d2695afc35d5eee75a5cecc7043b8b6e38e8a55d7032a8c44fe786c0ce
                                            • Instruction Fuzzy Hash: 71413771E007086BDB11EFD5C852BDDB7F9AF48305F50803BA808BB296D7789A09CB58
                                            Function 00475DC4 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 108COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00475F37,?,?,00000000,00492628,00000000,00000000,?,00490529,00000000,004906D2,?,00000000), ref: 00475E57
                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00475F37,?,?,00000000,00492628,00000000,00000000,?,00490529,00000000,004906D2,?,00000000), ref: 00475E60
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateDirectoryErrorLast
                                            • String ID: Created temporary directory: $REGDLL_EXE$\_RegDLL.tmp$\_setup64.tmp$_isetup
                                            • API String ID: 1375471231-1421604804
                                            • Opcode ID: b9dcf4fe210562e16b0a165c5ae5bbd24117d69c59a3972fb011de7f315a7533
                                            • Instruction ID: 2992479d9a41277d4ba3c51ea03d54e21519c43d7d484cf0d062ff4dd53bb91c
                                            • Opcode Fuzzy Hash: b9dcf4fe210562e16b0a165c5ae5bbd24117d69c59a3972fb011de7f315a7533
                                            • Instruction Fuzzy Hash: 0E415674A105099BDB00EF91D881ADEB7B9FF44305F50843BE815BB396DB78AE058B58
                                            Function 0046A7E4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registrywindowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60
                                            • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,0046A8E1,?,?,?,?,00000000), ref: 0046A84B
                                            • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,0046A8E1), ref: 0046A862
                                            • AddFontResourceA.GDI32(00000000), ref: 0046A87F
                                            • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 0046A893
                                            Strings
                                            • Failed to set value in Fonts registry key., xrefs: 0046A854
                                            • AddFontResource, xrefs: 0046A89D
                                            • Failed to open Fonts registry key., xrefs: 0046A869
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseFontMessageNotifyOpenResourceSendValue
                                            • String ID: AddFontResource$Failed to open Fonts registry key.$Failed to set value in Fonts registry key.
                                            • API String ID: 955540645-649663873
                                            • Opcode ID: afb92685cc0684eda19e6b461398660ffde672e51a749aa9726386961fbe74c5
                                            • Instruction ID: 1afd192ee4ee27fe0430144d256ae41832f88f75df52154e79e2d4afe470c12e
                                            • Opcode Fuzzy Hash: afb92685cc0684eda19e6b461398660ffde672e51a749aa9726386961fbe74c5
                                            • Instruction Fuzzy Hash: 2D2191707406047AE710BB668C42B6E679CDB45704F604437B900FB2C2E67CDE169A6F
                                            Function 00430158 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23registryclipboardthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegisterClipboardFormatA.USER32(commdlg_help), ref: 00430160
                                            • RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 0043016F
                                            • GetCurrentThreadId.KERNEL32 ref: 00430189
                                            • GlobalAddAtomA.KERNEL32(00000000), ref: 004301AA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ClipboardFormatRegister$AtomCurrentGlobalThread
                                            • String ID: WndProcPtr%.8X%.8X$commdlg_FindReplace$commdlg_help
                                            • API String ID: 4130936913-2943970505
                                            • Opcode ID: 28029589c3db21dee67d6af112ea14edfd7444fd649c35e836976e13e9a64ada
                                            • Instruction ID: 59c811c4a41a2c0c62e5dc841fd9799240dd828c67306f5793c7ecde0d0b434c
                                            • Opcode Fuzzy Hash: 28029589c3db21dee67d6af112ea14edfd7444fd649c35e836976e13e9a64ada
                                            • Instruction Fuzzy Hash: F0F0A7705483409AD700EB35C902B1A7BE4AB58708F004A3FF458A63E1D77A9900CB1F
                                            Function 00422DF8 Relevance: 12.1, APIs: 8, Instructions: 119windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCapture.USER32 ref: 00422E4C
                                            • GetCapture.USER32 ref: 00422E5B
                                            • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00422E61
                                            • ReleaseCapture.USER32 ref: 00422E66
                                            • GetActiveWindow.USER32 ref: 00422E75
                                            • SendMessageA.USER32(00000000,0000B000,00000000,00000000), ref: 00422EF4
                                            • SendMessageA.USER32(00000000,0000B001,00000000,00000000), ref: 00422F58
                                            • GetActiveWindow.USER32 ref: 00422F67
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CaptureMessageSend$ActiveWindow$Release
                                            • String ID:
                                            • API String ID: 862346643-0
                                            • Opcode ID: 012733ef7194a0601a30e2aaf4921adca3fd4c354704c67f10981b7e4db7f7e9
                                            • Instruction ID: 0cb4f9409eeca59ffb975aedecb23b840502150724600c34407ecb599f309318
                                            • Opcode Fuzzy Hash: 012733ef7194a0601a30e2aaf4921adca3fd4c354704c67f10981b7e4db7f7e9
                                            • Instruction Fuzzy Hash: BA416270B00254BFDB10EB69DA42B9EB7F1EB44304F5540BAF444AB292D7B89E40DB1C
                                            Function 004547A4 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 178COMMON
                                            Download Yara Rule
                                            APIs
                                            • 7715E550.OLE32(00491A3C,00000000,00000001,00491774,?,00000000,0045499A), ref: 004547E0
                                              • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                              • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                            • 7715E550.OLE32(00491764,00000000,00000001,00491774,?,00000000,0045499A), ref: 00454804
                                            • SysFreeString.OLEAUT32(00000000), ref: 0045495F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: 7715E550String$AllocByteCharFreeMultiWide
                                            • String ID: CoCreateInstance$IPersistFile::Save$IShellLink::QueryInterface
                                            • API String ID: 21690954-615220198
                                            • Opcode ID: 560b42fcfb9388f2cb28177c9c8ec7da5d62ead1fbd29cc86e78b8c7a98ba630
                                            • Instruction ID: 20b93dc07a47b2b5ead177be154b0c5a355cf91e616f5ebb89302d411650f3f2
                                            • Opcode Fuzzy Hash: 560b42fcfb9388f2cb28177c9c8ec7da5d62ead1fbd29cc86e78b8c7a98ba630
                                            • Instruction Fuzzy Hash: F15120B5A00105AFDB50EFA9C885F9F77F8AF49309F044066B904EB262D778DD88CB19
                                            Function 00453578 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 155COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,D:"G,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,00453794,00453794,?,00453794,00000000), ref: 00453720
                                            • CloseHandle.KERNEL32(?,?,D:"G,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,00453794,00453794,?,00453794), ref: 0045372D
                                              • Part of subcall function 004534E4: WaitForInputIdle.USER32(?,00000032), ref: 00453510
                                              • Part of subcall function 004534E4: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00453532
                                              • Part of subcall function 004534E4: GetExitCodeProcess.KERNEL32(?,?), ref: 00453541
                                              • Part of subcall function 004534E4: CloseHandle.KERNEL32(?,0045356E,00453567,?,?,?,00000000,?,?,00453741,?,?,?,D:"G,00000000,00000000), ref: 00453561
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                            • String ID: .bat$.cmd$COMMAND.COM" /C $D:"G$cmd.exe" /C "
                                            • API String ID: 854858120-4270494884
                                            • Opcode ID: bccf3e7cba150ee1aae3b47e09a506dfff9cf5ab091d589901dc61c2f7b9f919
                                            • Instruction ID: e48de0c09470f56e814a1eaeb461330263aa011ed8558adaef5bf8b5374a4d6d
                                            • Opcode Fuzzy Hash: bccf3e7cba150ee1aae3b47e09a506dfff9cf5ab091d589901dc61c2f7b9f919
                                            • Instruction Fuzzy Hash: AD517874A0034DABCB11EF95C881B9DBBB9AF48746F50403BBC04B7382D7789B198B58
                                            Function 00423634 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadIconA.USER32(00400000,MAINICON), ref: 004236C4
                                            • GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418F8E,00000000,?,?,?,00000001), ref: 004236F1
                                            • OemToCharA.USER32(?,?), ref: 00423704
                                            • CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418F8E,00000000,?,?,?,00000001), ref: 00423744
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Char$FileIconLoadLowerModuleName
                                            • String ID: 2$MAINICON
                                            • API String ID: 3935243913-3181700818
                                            • Opcode ID: 224cf75db4ea10a89a7eebe0d84fc4cc31f478398fb3606dfc63747a48c8d72c
                                            • Instruction ID: 65266eba4a5d446380783eb4ad5427bb3c2b6e1eaca800c785880fb46d02af3b
                                            • Opcode Fuzzy Hash: 224cf75db4ea10a89a7eebe0d84fc4cc31f478398fb3606dfc63747a48c8d72c
                                            • Instruction Fuzzy Hash: E53193B0A042559ADB10EF29C8C57C67BE89F14308F4441BAE944DB393D7BED988CB59
                                            Function 00418EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcessId.KERNEL32(00000000), ref: 00418EE5
                                            • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F06
                                            • GetCurrentThreadId.KERNEL32 ref: 00418F21
                                            • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F42
                                              • Part of subcall function 00423070: 73E9A570.USER32(00000000,?,?,00000000,?,00418F7B,00000000,?,?,?,00000001), ref: 004230C6
                                              • Part of subcall function 00423070: EnumFontsA.GDI32(00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000,?,?,?,00000001), ref: 004230D9
                                              • Part of subcall function 00423070: 73EA4620.GDI32(00000000,0000005A,00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000), ref: 004230E1
                                              • Part of subcall function 00423070: 73E9A480.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000), ref: 004230EC
                                              • Part of subcall function 00423634: LoadIconA.USER32(00400000,MAINICON), ref: 004236C4
                                              • Part of subcall function 00423634: GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418F8E,00000000,?,?,?,00000001), ref: 004236F1
                                              • Part of subcall function 00423634: OemToCharA.USER32(?,?), ref: 00423704
                                              • Part of subcall function 00423634: CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418F8E,00000000,?,?,?,00000001), ref: 00423744
                                              • Part of subcall function 0041F0C0: GetVersion.KERNEL32(?,00418F98,00000000,?,?,?,00000001), ref: 0041F0CE
                                              • Part of subcall function 0041F0C0: SetErrorMode.KERNEL32(00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F0EA
                                              • Part of subcall function 0041F0C0: LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F0F6
                                              • Part of subcall function 0041F0C0: SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F104
                                              • Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F134
                                              • Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F15D
                                              • Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F172
                                              • Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F187
                                              • Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F19C
                                              • Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F1B1
                                              • Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F1C6
                                              • Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F1DB
                                              • Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F1F0
                                              • Part of subcall function 0041F0C0: GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F205
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc$AtomCharCurrentErrorGlobalLoadMode$A4620A480A570EnumFileFontsIconLibraryLowerModuleNameProcessThreadVersion
                                            • String ID: ControlOfs%.8X%.8X$Delphi%.8X
                                            • API String ID: 1580766901-2767913252
                                            • Opcode ID: ef7e27ba16645ad8f4c699e646a7607366e766e332a0da38ca4bd420b63be1db
                                            • Instruction ID: b182b06b3bcb1b2e8c3ba80a322d5fe38ad1e868bfed4ce1d31fb71d0c0c557e
                                            • Opcode Fuzzy Hash: ef7e27ba16645ad8f4c699e646a7607366e766e332a0da38ca4bd420b63be1db
                                            • Instruction Fuzzy Hash: 051142B06142406AC740FF36998274A76E1EBA4308F40853FF448EB3E1DB7D9945CB6E
                                            Function 004135E4 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetWindowLongA.USER32(?,000000FC,?), ref: 0041360C
                                            • GetWindowLongA.USER32(?,000000F0), ref: 00413617
                                            • GetWindowLongA.USER32(?,000000F4), ref: 00413629
                                            • SetWindowLongA.USER32(?,000000F4,?), ref: 0041363C
                                            • SetPropA.USER32(?,00000000,00000000), ref: 00413653
                                            • SetPropA.USER32(?,00000000,00000000), ref: 0041366A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: LongWindow$Prop
                                            • String ID:
                                            • API String ID: 3887896539-0
                                            • Opcode ID: 0a6263d03eac2d2bce2c4b1186c1d291e8e55930424baaf96426919c90c6d239
                                            • Instruction ID: f31fb67a9e11a3f95cb2897c8c98fc4a52a333ae5d38a5fa38f8a355adb326ca
                                            • Opcode Fuzzy Hash: 0a6263d03eac2d2bce2c4b1186c1d291e8e55930424baaf96426919c90c6d239
                                            • Instruction Fuzzy Hash: C911CC75500245BFDB00EF99DC84E9A37E8AB19364F104266F918DB2A1D738D9908B64
                                            Function 0047087C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClassInfoW.USER32(00000000,COMBOBOX,?), ref: 004708D2
                                            • 73EA59E0.USER32(00000000,000000FC,00470830,00000000,00470A62,?,00000000,00470A87), ref: 004708F9
                                            • GetACP.KERNEL32(00000000,00470A62,?,00000000,00470A87), ref: 00470936
                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0047097C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ClassInfoMessageSend
                                            • String ID: COMBOBOX
                                            • API String ID: 1455646776-1136563877
                                            • Opcode ID: 4db748e39614629576759290719755d4f62f5ff744c25c03a842ef39f5d171c9
                                            • Instruction ID: ada8455a1527fb003519a52fc9fb8cd1e3de5cb64bb436e33c8ec601d2d438b3
                                            • Opcode Fuzzy Hash: 4db748e39614629576759290719755d4f62f5ff744c25c03a842ef39f5d171c9
                                            • Instruction Fuzzy Hash: 63514D74A01205EFDB10DF69D885A9EB7B5EB49304F1481BAE808DB762C778AD41CB98
                                            Function 004627F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 0046288D
                                            • ExtractIconA.SHELL32(00400000,00000000,?), ref: 004628B3
                                              • Part of subcall function 00462730: DrawIconEx.USER32(00000000,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000003), ref: 004627C8
                                              • Part of subcall function 00462730: DestroyCursor.USER32(00000000), ref: 004627DE
                                            • SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 0046290F
                                            • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00462935
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Icon$ExtractFileInfo$CursorDestroyDraw
                                            • String ID: c:\directory
                                            • API String ID: 2926980410-3984940477
                                            • Opcode ID: 29e0c85cb7bbc84e991fe9b864147cbcc3941f6a1fa61eb28117cfda4f6013bc
                                            • Instruction ID: 427904fd0b382b2f05c77991b1ac4ddebc586400d5837c21677a4a344efa396e
                                            • Opcode Fuzzy Hash: 29e0c85cb7bbc84e991fe9b864147cbcc3941f6a1fa61eb28117cfda4f6013bc
                                            • Instruction Fuzzy Hash: CD418D70700644BFDB10DB55CD8AFDBBBE8AB49304F1040A6F90497291D6B8AE84CA59
                                            Function 00455C4C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                            Download Yara Rule
                                            APIs
                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00455C7C
                                            • GetExitCodeProcess.KERNEL32(?,00490736), ref: 00455C9D
                                            • CloseHandle.KERNEL32(?,00455CD0,?,?,dE,00000000,00000000), ref: 00455CC3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                            • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                            • API String ID: 2573145106-3235461205
                                            • Opcode ID: bb15eb2d202201f45358253f8be246735ac0c7ca0382cf4378f9f11bf6c10fb6
                                            • Instruction ID: e42cd4710a2bc55cfeee88e204bbff949c6156d41efd27b396eab6340a6db490
                                            • Opcode Fuzzy Hash: bb15eb2d202201f45358253f8be246735ac0c7ca0382cf4378f9f11bf6c10fb6
                                            • Instruction Fuzzy Hash: 2001DB30644B04AFDB12DB99CD51F3A73A8EB45714F604477F910E73D3D679AD048658
                                            Function 0047BB48 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 213COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetActiveWindow.USER32(?,?,00000000,0047BE5D,?,?,00000001,?), ref: 0047BC59
                                            • SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 0047BCCE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ActiveChangeNotifyWindow
                                            • String ID: $Need to restart Windows? %s
                                            • API String ID: 1160245247-4200181552
                                            • Opcode ID: c6b7e151218f9a3e81b02511d21a3cfdf4c44bdaad14f60efa502530b76d30ff
                                            • Instruction ID: f4c1e1fff3503470ea18fdaabc6d14c851de77ee15ab21044676623dc6a244ae
                                            • Opcode Fuzzy Hash: c6b7e151218f9a3e81b02511d21a3cfdf4c44bdaad14f60efa502530b76d30ff
                                            • Instruction Fuzzy Hash: 0F9170346042449FCB01EF69D886B9A77F5EF56308F1080BBE8049B366DB78AD45CB99
                                            Function 00469F80 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720
                                              • Part of subcall function 0042CAA4: CharPrevA.USER32(?,00000000,?,00000001,?,?,0042CBD2,00000000,0042CBF8,?,00000001,?,?,00000000,?,0042CC4A), ref: 0042CACC
                                            • GetLastError.KERNEL32(00000000,0046A17D,?,?,00000001,0049307C), ref: 0046A05A
                                            • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046A0D4
                                            • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046A0F9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ChangeNotify$CharErrorFullLastNamePathPrev
                                            • String ID: Creating directory: %s
                                            • API String ID: 2168629741-483064649
                                            • Opcode ID: d73c80cd69c99ff39f294bc550f87c813adda74b552a1bcda88e9c5e0cdc246d
                                            • Instruction ID: 39b67aeb1d7855c22aabfe2f82cf891ef9e94af442bcdac43ae26702b455444b
                                            • Opcode Fuzzy Hash: d73c80cd69c99ff39f294bc550f87c813adda74b552a1bcda88e9c5e0cdc246d
                                            • Instruction Fuzzy Hash: 8A512374E00248ABDB01DFA9C982BDEB7F5AF49304F50846AE851B7382D7785E04CF5A
                                            Function 0044C69C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetRectEmpty.USER32(?), ref: 0044C72A
                                            • DrawTextA.USER32(00000000,00000000,00000000,?,00000D20), ref: 0044C755
                                            • DrawTextA.USER32(00000000,00000000), ref: 0044C7EE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: DrawText$EmptyRect
                                            • String ID:
                                            • API String ID: 182455014-2867612384
                                            • Opcode ID: fa96daf559928d20d47c6893bf994b878699ea029caeefaf4bcf9c1e6d8a4864
                                            • Instruction ID: 4bcae54fe600c87244e68b3e4b857699d32a5b02b35774ead0fedabfa34a998c
                                            • Opcode Fuzzy Hash: fa96daf559928d20d47c6893bf994b878699ea029caeefaf4bcf9c1e6d8a4864
                                            • Instruction Fuzzy Hash: 14514C70A00249AFDB51DFA5C885BDEBBF4EF49304F18807AE845EB252D738A945CF64
                                            Function 0045333C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 004533EA
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,004534B0), ref: 00453454
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressByteCharMultiProcWide
                                            • String ID: SfcIsFileProtected$sfc.dll
                                            • API String ID: 2508298434-591603554
                                            • Opcode ID: 4b50ca8e1327cf77ffaefa782f18a20e389156e08d40e3b6f393e5ded95c096a
                                            • Instruction ID: 1adb4bde248a8b19f2f304064bd770535e454300abe4aaf5ea9dda1ac3de6c9a
                                            • Opcode Fuzzy Hash: 4b50ca8e1327cf77ffaefa782f18a20e389156e08d40e3b6f393e5ded95c096a
                                            • Instruction Fuzzy Hash: C741B470A00218ABEB21DF55DD85B9DB7B8AB0534AF5040BBF808A3292D7785F48DA5C
                                            Function 00450C8C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                            Download Yara Rule
                                            APIs
                                            • 751C1520.VERSION(00000000,?,?,?,0048F996), ref: 00450CAC
                                            • 751C1500.VERSION(00000000,?,00000000,?,00000000,00450D27,?,00000000,?,?,?,0048F996), ref: 00450CD9
                                            • 751C1540.VERSION(?,00450D50,?,?,00000000,?,00000000,?,00000000,00450D27,?,00000000,?,?,?,0048F996), ref: 00450CF3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: C1500C1520C1540
                                            • String ID: aE
                                            • API String ID: 1315064709-88912727
                                            • Opcode ID: 5f4df345e488c05fd5bd4e33c36db4a7a4bcf57642fa48d89191aa24049eff36
                                            • Instruction ID: fa6cca6fee997d329f140acf62b9c68117f89c9724db0c09afd566eb7417e920
                                            • Opcode Fuzzy Hash: 5f4df345e488c05fd5bd4e33c36db4a7a4bcf57642fa48d89191aa24049eff36
                                            • Instruction Fuzzy Hash: 66215379A00649AFDB01DAE98C41DBFB7FCEB49301F55407AFD04E3242D679AE088769
                                            Function 00404D2A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404DC5
                                            • ExitProcess.KERNEL32 ref: 00404E0D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ExitMessageProcess
                                            • String ID: Error$Runtime error at 00000000
                                            • API String ID: 1220098344-2970929446
                                            • Opcode ID: cb3f50221c7fc4a280dd17ceecd31964af7b7a4f5716c995046d60236483f2a1
                                            • Instruction ID: 54305f10cd77fd258ec0cbb2b3b89b3afa079266c0d37f3845e7031a68d66c88
                                            • Opcode Fuzzy Hash: cb3f50221c7fc4a280dd17ceecd31964af7b7a4f5716c995046d60236483f2a1
                                            • Instruction Fuzzy Hash: 1E21C560A44281AAEB16A775EE817163B9197E5348F048177E700B73F3C6FC8C84C7AE
                                            Function 00453F24 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60
                                            • RegCloseKey.ADVAPI32(?,00453F8F,?,00000001,00000000), ref: 00453F82
                                            Strings
                                            • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00453F30
                                            • PendingFileRenameOperations, xrefs: 00453F54
                                            • PendingFileRenameOperations2, xrefs: 00453F63
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseOpen
                                            • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
                                            • API String ID: 47109696-2115312317
                                            • Opcode ID: 8887d5b4f20296edaa66a30b1a1e35ddd04d954ae8affb5f4cd3c8055415a53a
                                            • Instruction ID: 2fe5d9dd412f96f0258c427e8e9e7532a7d77a38f3856869fbc3dabfb8f5c388
                                            • Opcode Fuzzy Hash: 8887d5b4f20296edaa66a30b1a1e35ddd04d954ae8affb5f4cd3c8055415a53a
                                            • Instruction Fuzzy Hash: 1DF0C233B443087FDB09DA62AC07A1AB3ECD744B56FA0446BF80086582DA79AE04922C
                                            Function 0046C624 Relevance: 6.3, APIs: 4, Instructions: 263fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,0046C7F5,?,00000000,?,00000001,00000000,0046C9C3,?,00000000,?,00000000,?,0046CB7E), ref: 0046C7D1
                                            • FindClose.KERNEL32(000000FF,0046C7FC,0046C7F5,?,00000000,?,00000001,00000000,0046C9C3,?,00000000,?,00000000,?,0046CB7E,?), ref: 0046C7EF
                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,0046C917,?,00000000,?,00000001,00000000,0046C9C3,?,00000000,?,00000000,?,0046CB7E), ref: 0046C8F3
                                            • FindClose.KERNEL32(000000FF,0046C91E,0046C917,?,00000000,?,00000001,00000000,0046C9C3,?,00000000,?,00000000,?,0046CB7E,?), ref: 0046C911
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Find$CloseFileNext
                                            • String ID:
                                            • API String ID: 2066263336-0
                                            • Opcode ID: f7e06fb7b52dbd29acea3ba7f6c3f0cef2f575a7995ebfd0a6c3e967ea8d6e65
                                            • Instruction ID: 1dd2fae92c3a96226fdad02eb244197cfc035410fb76892232ec07de3388933a
                                            • Opcode Fuzzy Hash: f7e06fb7b52dbd29acea3ba7f6c3f0cef2f575a7995ebfd0a6c3e967ea8d6e65
                                            • Instruction Fuzzy Hash: 21B12D7490424D9FCF11DFA5C881ADEBBB9BF4C304F5081AAE848B3251E7389A45CF59
                                            Function 0042121C Relevance: 6.1, APIs: 4, Instructions: 127windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenu.USER32(00000000), ref: 00421309
                                            • SetMenu.USER32(00000000,00000000), ref: 00421326
                                            • SetMenu.USER32(00000000,00000000), ref: 0042135B
                                            • SetMenu.USER32(00000000,00000000), ref: 00421377
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Menu
                                            • String ID:
                                            • API String ID: 3711407533-0
                                            • Opcode ID: 24c72219d1ed236cc87f18469bb85995cd872628cb64a5684e0522c3963fa213
                                            • Instruction ID: 0f81d55959a1cf47e4f4fbe1fb89748b5e36cc62268cbc8ca2fac5ad34181ecf
                                            • Opcode Fuzzy Hash: 24c72219d1ed236cc87f18469bb85995cd872628cb64a5684e0522c3963fa213
                                            • Instruction Fuzzy Hash: 1341C37070025557EB20BB3AA88579A76924F65308F4901BFBC44DF3A7CA7DCC4683AC
                                            Function 004171C3 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCursorPos.USER32 ref: 00417208
                                            • SetCursor.USER32(00000000), ref: 0041724B
                                            • GetLastActivePopup.USER32(?), ref: 00417275
                                            • GetForegroundWindow.USER32(?), ref: 0041727C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Cursor$ActiveForegroundLastPopupWindow
                                            • String ID:
                                            • API String ID: 1959210111-0
                                            • Opcode ID: 31a9e7ed65d1c6a10f15c6d0b6e52d74fbafc79933164b7f4b16210c0427c26c
                                            • Instruction ID: c6d496dfd2e179b176722755b72bbf9acc304802cb498c635dadf3855441ee16
                                            • Opcode Fuzzy Hash: 31a9e7ed65d1c6a10f15c6d0b6e52d74fbafc79933164b7f4b16210c0427c26c
                                            • Instruction Fuzzy Hash: AF21B0302042108ACB10EB6AD9446D733B1AB58724B5649BFF8449B392D77CCCC2CB89
                                            Function 00416AEA Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageA.USER32(?,?,?,?), ref: 00416B2C
                                            • SetTextColor.GDI32(?,00000000), ref: 00416B46
                                            • SetBkColor.GDI32(?,00000000), ref: 00416B60
                                            • CallWindowProcA.USER32(?,?,?,?,?), ref: 00416B88
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Color$CallMessageProcSendTextWindow
                                            • String ID:
                                            • API String ID: 601730667-0
                                            • Opcode ID: 94d5e14a106f4ce483550bedbdeace2163082f32d69035d86e8ad094192f6645
                                            • Instruction ID: b033cece6509217f2327ce801b750aa6be190e92d4bc00e16b2453bc82832c42
                                            • Opcode Fuzzy Hash: 94d5e14a106f4ce483550bedbdeace2163082f32d69035d86e8ad094192f6645
                                            • Instruction Fuzzy Hash: DA112EB2204610AFC710EE6ECDC5E9777ECEF49314715882AB59ADB612D638F8418B29
                                            Function 00423A2C Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                            Download Yara Rule
                                            APIs
                                            • EnumWindows.USER32(004239C4), ref: 00423A50
                                            • GetWindow.USER32(?,00000003), ref: 00423A65
                                            • GetWindowLongA.USER32(?,000000EC), ref: 00423A74
                                            • SetWindowPos.USER32(00000000,00424104,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,00424153,?,?,00423D1B), ref: 00423AAA
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$EnumLongWindows
                                            • String ID:
                                            • API String ID: 4191631535-0
                                            • Opcode ID: 2ac3058ad058fb58bc43d272a33111b98432a4fbb6a4c2e0798833925aa94dac
                                            • Instruction ID: 2aa942e0144c2f66fd74dad5558343876cb1daa91c8e5ea9adb7241dccc7aa7f
                                            • Opcode Fuzzy Hash: 2ac3058ad058fb58bc43d272a33111b98432a4fbb6a4c2e0798833925aa94dac
                                            • Instruction Fuzzy Hash: C9112E70704610ABDB10DF68DD85F5A77E4EB08725F11066AF994AB2E2C3789D41CB58
                                            Function 00423070 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                            Download Yara Rule
                                            APIs
                                            • 73E9A570.USER32(00000000,?,?,00000000,?,00418F7B,00000000,?,?,?,00000001), ref: 004230C6
                                            • EnumFontsA.GDI32(00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000,?,?,?,00000001), ref: 004230D9
                                            • 73EA4620.GDI32(00000000,0000005A,00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000), ref: 004230E1
                                            • 73E9A480.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,00423010,004105F8,00000000,?,?,00000000,?,00418F7B,00000000), ref: 004230EC
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: A4620A480A570EnumFonts
                                            • String ID:
                                            • API String ID: 178811091-0
                                            • Opcode ID: 541138733ee3697c01f8c81797123c03923b2bd4d964166bd9626717c6dd975c
                                            • Instruction ID: afad048246e6630919bdfa9f1eb422a1972ed3af21ea5203bed7575143a0f70f
                                            • Opcode Fuzzy Hash: 541138733ee3697c01f8c81797123c03923b2bd4d964166bd9626717c6dd975c
                                            • Instruction Fuzzy Hash: 9D01D2717043002AE700BF7A5C82B9B3A549F05319F44023BF804AF2C2D6BE9905876E
                                            Function 004534E4 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                            Download Yara Rule
                                            APIs
                                            • WaitForInputIdle.USER32(?,00000032), ref: 00453510
                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00453532
                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 00453541
                                            • CloseHandle.KERNEL32(?,0045356E,00453567,?,?,?,00000000,?,?,00453741,?,?,?,D:"G,00000000,00000000), ref: 00453561
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                            • String ID:
                                            • API String ID: 4071923889-0
                                            • Opcode ID: cb2ec6e2e327cbe717a960b84219f2604a12aee98f16707f6853b19b6914ee48
                                            • Instruction ID: 976b375f78923eada3d8d1f25cef2af6e5c381faa9b0e8b7c45c7f6a29b52fc4
                                            • Opcode Fuzzy Hash: cb2ec6e2e327cbe717a960b84219f2604a12aee98f16707f6853b19b6914ee48
                                            • Instruction Fuzzy Hash: 48019670A4060C7AEB209BA98C06E6B7AACDB057A1F610167B904D72C2E5789E008A68
                                            Function 00475FC4 Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast$CountSleepTick
                                            • String ID:
                                            • API String ID: 2227064392-0
                                            • Opcode ID: b796fe5f53d0769da1b2c1c8767c35bb53f96b8e1d1d28104fafa042414bd30e
                                            • Instruction ID: ac2bc92c64288a8ae8ad87d3879801b84766de851918f2f303a3950bd66c2a85
                                            • Opcode Fuzzy Hash: b796fe5f53d0769da1b2c1c8767c35bb53f96b8e1d1d28104fafa042414bd30e
                                            • Instruction Fuzzy Hash: E8E02B31309D8045CE2879BE18827FF458AEB85324B35493FF0CED6282CC1C4C05A92E
                                            Function 004598F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0044FC44: SetEndOfFile.KERNEL32(?,?,004599C5,00000000,00459B68,?,00000000,00000002,00000002), ref: 0044FC4B
                                            • FlushFileBuffers.KERNEL32(?), ref: 00459B34
                                            Strings
                                            • EndOffset range exceeded, xrefs: 00459A56
                                            • NumRecs range exceeded, xrefs: 00459A1F
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: File$BuffersFlush
                                            • String ID: EndOffset range exceeded$NumRecs range exceeded
                                            • API String ID: 3593489403-659731555
                                            • Opcode ID: a8f40f2496dbdfd80a559d866d0687f7aa712a1bd766686b3741167cef308870
                                            • Instruction ID: 995539901c97ad68f5746cda8c194ef6f3d3db8d93705507f5965892a0295e18
                                            • Opcode Fuzzy Hash: a8f40f2496dbdfd80a559d866d0687f7aa712a1bd766686b3741167cef308870
                                            • Instruction Fuzzy Hash: D2613E34A00258CBDB25DF15C881ADAB3B5EB49305F0081EAED49AB352D778AEC9CF54
                                            Function 00490B04 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00403344: GetModuleHandleA.KERNEL32(00000000,00490B12), ref: 0040334B
                                              • Part of subcall function 00403344: GetCommandLineA.KERNEL32(00000000,00490B12), ref: 00403356
                                              • Part of subcall function 00409B20: 6F9E1CD0.COMCTL32(00490B21), ref: 00409B20
                                              • Part of subcall function 004108FC: GetCurrentThreadId.KERNEL32 ref: 0041094A
                                              • Part of subcall function 00418FE8: GetVersion.KERNEL32(00490B35), ref: 00418FE8
                                              • Part of subcall function 0044EE30: GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00490B49), ref: 0044EE6B
                                              • Part of subcall function 0044EE30: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044EE71
                                              • Part of subcall function 0045196C: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00451A05,?,?,?,?,00000000,?,00490B53), ref: 0045198C
                                              • Part of subcall function 0045196C: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00451992
                                              • Part of subcall function 0045196C: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00451A05,?,?,?,?,00000000,?,00490B53), ref: 004519A6
                                              • Part of subcall function 0045196C: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004519AC
                                              • Part of subcall function 0045FCBC: LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,00490B67), ref: 0045FCCB
                                              • Part of subcall function 0045FCBC: GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 0045FCD1
                                              • Part of subcall function 004678D8: GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 004678ED
                                              • Part of subcall function 00472434: GetModuleHandleA.KERNEL32(kernel32.dll,?,00490B71), ref: 0047243A
                                              • Part of subcall function 00472434: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00472447
                                              • Part of subcall function 00472434: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00472457
                                              • Part of subcall function 0048DD14: RegisterClipboardFormatA.USER32(QueryCancelAutoPlay), ref: 0048DD2D
                                            • SetErrorMode.KERNEL32(00000001,00000000,00490BB9), ref: 00490B8B
                                              • Part of subcall function 00490914: GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00490B95,00000001,00000000,00490BB9), ref: 0049091E
                                              • Part of subcall function 00490914: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00490924
                                              • Part of subcall function 0042447C: SendMessageA.USER32(?,0000B020,00000000,?), ref: 0042449B
                                              • Part of subcall function 0042426C: SetWindowTextA.USER32(?,00000000), ref: 00424284
                                            • ShowWindow.USER32(?,00000005,00000000,00490BB9), ref: 00490BFC
                                              • Part of subcall function 0047B260: SetActiveWindow.USER32(?), ref: 0047B304
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc$HandleModule$Window$ActiveClipboardCommandCurrentErrorFormatLibraryLineLoadMessageModeRegisterSendShowTextThreadVersion
                                            • String ID: Setup
                                            • API String ID: 1040181325-3839654196
                                            • Opcode ID: 3561114a63be54c54d2a43fb7e17f87302581483f476b44515a49fd14d45fc66
                                            • Instruction ID: 93c4262b2fd0981b4a3bf9bbc89b82d5fe8812d296d35f6d6b268422da34e6e8
                                            • Opcode Fuzzy Hash: 3561114a63be54c54d2a43fb7e17f87302581483f476b44515a49fd14d45fc66
                                            • Instruction Fuzzy Hash: CC31C635204204AED605BBB7ED1391E3BA4EB8971CB61447FF404929A3DE7C5C518A7E
                                            Function 0042DA40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegQueryValueExA.ADVAPI32(?,ProductType,00000000,?,00000000,?,00000000,0042DB61), ref: 0042DA78
                                            • RegQueryValueExA.ADVAPI32(?,ProductType,00000000,?,00000000,00000000,?,ProductType,00000000,?,00000000,?,00000000,0042DB61), ref: 0042DAD0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID: ProductType
                                            • API String ID: 3660427363-120863269
                                            • Opcode ID: 8c6d5992717354f1742f6db3e008b622ea29168f52289f9bc266ec88e5d19502
                                            • Instruction ID: 22425fb9ba400e549f89719797a15a519fe31236383ac1a1c9c2ba634efda0a6
                                            • Opcode Fuzzy Hash: 8c6d5992717354f1742f6db3e008b622ea29168f52289f9bc266ec88e5d19502
                                            • Instruction Fuzzy Hash: 67416934E04128EFDF21DF95D890BEFBBB8EB45304F9185A7E510A7280D778AA44CB58
                                            Function 004521A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0045228F,?,?,00000000,00492628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004521E6
                                            • GetLastError.KERNEL32(00000000,00000000,?,00000000,0045228F,?,?,00000000,00492628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004521EF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateDirectoryErrorLast
                                            • String ID: .tmp
                                            • API String ID: 1375471231-2986845003
                                            • Opcode ID: b0fe10ff7a88c628ca37ddb7a9a6ae458ad9b284c5e3713e18b5b82b834d8f49
                                            • Instruction ID: 1cc7738378c32de01c08681629a8df9cd6432d6ac9a10e78220417a5cd0dd7bd
                                            • Opcode Fuzzy Hash: b0fe10ff7a88c628ca37ddb7a9a6ae458ad9b284c5e3713e18b5b82b834d8f49
                                            • Instruction Fuzzy Hash: 68213579A002089BDB01EFA1C9529DFB7B9EF49305F50457BF801B7342DA7C9E058A65
                                            Function 004537F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                            Download Yara Rule
                                            APIs
                                            • ShellExecuteEx.SHELL32(0000003C), ref: 0045388C
                                            • GetLastError.KERNEL32(0000003C,00000000,004538D5,?,?,?), ref: 0045389D
                                              • Part of subcall function 004534E4: WaitForInputIdle.USER32(?,00000032), ref: 00453510
                                              • Part of subcall function 004534E4: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00453532
                                              • Part of subcall function 004534E4: GetExitCodeProcess.KERNEL32(?,?), ref: 00453541
                                              • Part of subcall function 004534E4: CloseHandle.KERNEL32(?,0045356E,00453567,?,?,?,00000000,?,?,00453741,?,?,?,D:"G,00000000,00000000), ref: 00453561
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Wait$CloseCodeErrorExecuteExitHandleIdleInputLastMultipleObjectsProcessShell
                                            • String ID: <
                                            • API String ID: 35504260-4251816714
                                            • Opcode ID: c2e03b5e4e67f27838c983cd3523d5033eb2743868d95f269161821d711f8d89
                                            • Instruction ID: a48743936d6917b30e90ea1336603dc98d5f36d007a8bf71f63bee0ab98bf73b
                                            • Opcode Fuzzy Hash: c2e03b5e4e67f27838c983cd3523d5033eb2743868d95f269161821d711f8d89
                                            • Instruction Fuzzy Hash: 95218670A00209AFDB14EF65D88269E7BF8EF04356F50443AF844E7381D7789E49CB98
                                            Function 0042DB8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegQueryValueExA.ADVAPI32(?,Inno Setup: No Icons,00000000,00000000,00000000,00000000), ref: 0042DBA0
                                            • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,Inno Setup: No Icons,00000000,00000000,00000000), ref: 0042DBE0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Value$EnumQuery
                                            • String ID: Inno Setup: No Icons
                                            • API String ID: 1576479698-2016326496
                                            • Opcode ID: e9fb7db7dcf6cda393c86093116ee764db1e6ac8556277773d8aad4419d6b52b
                                            • Instruction ID: 963321e0e52aed92ccfb8a2f54d21a93e2c319f999d6bed2d0c39c2fe313cf58
                                            • Opcode Fuzzy Hash: e9fb7db7dcf6cda393c86093116ee764db1e6ac8556277773d8aad4419d6b52b
                                            • Instruction Fuzzy Hash: 7201F731B4536069F73085166D11B7BA9889B41B64F65003BF940EA3C0D2D9AC04E36E
                                            Function 004758D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,00475B5A,00000000,00475B70,?,?,?,?,00000000), ref: 00475936
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Close
                                            • String ID: RegisteredOrganization$RegisteredOwner
                                            • API String ID: 3535843008-1113070880
                                            • Opcode ID: a673071c8463a59bddc0d482598e1e32dbfa1ec485af57615c8375354e02c050
                                            • Instruction ID: 48b656342ec2bd2b5ab7dbcfa9b326a46bbbd2cb26f9bcc12124a5356ca6e139
                                            • Opcode Fuzzy Hash: a673071c8463a59bddc0d482598e1e32dbfa1ec485af57615c8375354e02c050
                                            • Instruction Fuzzy Hash: 63F0F6B0B04144EBEB00DA72AC9279B3759D742304F60807BA2058F251D6B9AF01D74C
                                            Function 0046F3F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,0046F62F), ref: 0046F41D
                                            • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,0046F62F), ref: 0046F434
                                              • Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseCreateErrorFileHandleLast
                                            • String ID: CreateFile
                                            • API String ID: 2528220319-823142352
                                            • Opcode ID: 3ce17224c3612957bb3ea8d08732bab1b9a40189034164cbbb7ae18b77d7767e
                                            • Instruction ID: 8566c0baceda2c5727a8425b1213297a8e6c3c46ac1f7708f5e95aedaf673be2
                                            • Opcode Fuzzy Hash: 3ce17224c3612957bb3ea8d08732bab1b9a40189034164cbbb7ae18b77d7767e
                                            • Instruction Fuzzy Hash: EDE065342843047FDA10E669DCC6F0677989B14728F108161F6446F3E2C5B5EC448659
                                            Function 0046961C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,|0I,00000004,00000001,?,00469B43,?,?,00000000,00469BEA,?,_is1,?), ref: 0046962F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID: NoModify$|0I
                                            • API String ID: 3702945584-1260956942
                                            • Opcode ID: 8c5a95fc8c6e5aab4e4b0707fd51a14095f86d7630f9fc1027fd97fc893ef99b
                                            • Instruction ID: 2bef48f429356fc4da1bc079aaf13935e8d13ae686911c9cef0d84ca04fc1d48
                                            • Opcode Fuzzy Hash: 8c5a95fc8c6e5aab4e4b0707fd51a14095f86d7630f9fc1027fd97fc893ef99b
                                            • Instruction Fuzzy Hash: 59E04FB0604304BFEB04DB95CD4AF6B77ACDB48714F108059BA049B381EAB4EE00C668
                                            Function 004678D8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042E1E0: SetErrorMode.KERNEL32(00008000), ref: 0042E1EA
                                              • Part of subcall function 0042E1E0: LoadLibraryA.KERNEL32(00000000,00000000,0042E234,?,00000000,0042E252,?,00008000), ref: 0042E219
                                            • GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 004678ED
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressErrorLibraryLoadModeProc
                                            • String ID: SHPathPrepareForWriteA$shell32.dll
                                            • API String ID: 2492108670-2683653824
                                            • Opcode ID: c944a9074854445ab3124fdf5b50c6e0e0c2ff548dc294e090d25f8eecb682ac
                                            • Instruction ID: fa085d398d84bf6bdc376de8b0adffa78d8cd9c0cd14655664e75f653ebd6975
                                            • Opcode Fuzzy Hash: c944a9074854445ab3124fdf5b50c6e0e0c2ff548dc294e090d25f8eecb682ac
                                            • Instruction Fuzzy Hash: 90B092E0B0474092EF0077BA584AB1A1454D78079CB64883BB040AB289EE7C8A18EB9E
                                            Function 00485E2C Relevance: 4.6, APIs: 3, Instructions: 142registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60
                                            • RegEnumKeyExA.ADVAPI32(?,00000001,00000000,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00485EDD
                                            • RegEnumValueA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00485FA7,?,?,?,00000000,00000000,00485FCD), ref: 00485EFE
                                            • RegCloseKey.ADVAPI32(?,00485FAE,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00485FA1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Enum$CloseOpenValue
                                            • String ID:
                                            • API String ID: 167947723-0
                                            • Opcode ID: 13207be1b90530add2a5137353e1668e1fdacf9f12ce63fa7b50bb1586daad71
                                            • Instruction ID: 9daad1761f1e283d4217273ad70bf6c4399887ee59538191eb732a55a8fee4c0
                                            • Opcode Fuzzy Hash: 13207be1b90530add2a5137353e1668e1fdacf9f12ce63fa7b50bb1586daad71
                                            • Instruction Fuzzy Hash: D941A870A045059FDB01EFA6CC82BAFB7FDEB48304F50483BB610E72D1DA78AA018759
                                            Function 0047A918 Relevance: 4.6, APIs: 3, Instructions: 98windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemMenu.USER32(00000000,00000000,00000000,0047AA50), ref: 0047A9E8
                                            • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 0047A9F9
                                            • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 0047AA11
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Menu$Append$System
                                            • String ID:
                                            • API String ID: 1489644407-0
                                            • Opcode ID: f080a53e69ae36a7c53ecc201a6def57175b7aa651597f400192a04eb8f0c766
                                            • Instruction ID: 9416a2e69f94d1bacdcd5589100605e7a17a6fee69d6532038c11be2b18ca1fe
                                            • Opcode Fuzzy Hash: f080a53e69ae36a7c53ecc201a6def57175b7aa651597f400192a04eb8f0c766
                                            • Instruction Fuzzy Hash: BB31E5B07043442AE711EB359C82BAE3B945B91308F40843FB940AB2E3C67C9D18879E
                                            Function 0044AA68 Relevance: 4.6, APIs: 3, Instructions: 74COMMON
                                            Download Yara Rule
                                            APIs
                                            • 73E9A570.USER32(00000000,?,00000000,00000000,0044AB69,?,0047B27B,?,?), ref: 0044AADD
                                            • SelectObject.GDI32(?,00000000), ref: 0044AB00
                                            • 73E9A480.USER32(00000000,?,0044AB40,00000000,0044AB39,?,00000000,?,00000000,00000000,0044AB69,?,0047B27B,?,?), ref: 0044AB33
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: A480A570ObjectSelect
                                            • String ID:
                                            • API String ID: 1230475511-0
                                            • Opcode ID: 6206e762a1325ba623ac8cb259efe5e16e8ff7365d7f6aa6f873279f897fc210
                                            • Instruction ID: 5ebdf1d2f2544012dfa55b31c85aaba12dd464d1382fd60bb62d336af458de0c
                                            • Opcode Fuzzy Hash: 6206e762a1325ba623ac8cb259efe5e16e8ff7365d7f6aa6f873279f897fc210
                                            • Instruction Fuzzy Hash: 6E21C170E44248AFEB11DFA5C841B9EBBB9EB48304F4180BAF500A7281C77C9950CB2A
                                            Function 0044A79C Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0044A828,?,0047B27B,?,?), ref: 0044A7FA
                                            • DrawTextW.USER32(?,?,00000000,?,?), ref: 0044A80D
                                            • DrawTextA.USER32(?,00000000,00000000,?,?), ref: 0044A841
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: DrawText$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 65125430-0
                                            • Opcode ID: 86c1c3c1b73a348804a8438b274189cef034975366d200857cdcd0688595a161
                                            • Instruction ID: 547ddd58e113f665f2c4bd30cca118ef6da0f4e8a03e0e68a63751e0d3c3e5d9
                                            • Opcode Fuzzy Hash: 86c1c3c1b73a348804a8438b274189cef034975366d200857cdcd0688595a161
                                            • Instruction Fuzzy Hash: 2F1108B27406047FEB00EBAA8C82D6FB7ECDB48724F10813BF504E72C0D5389E018A69
                                            Function 004243A4 Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 004243BA
                                            • TranslateMessage.USER32(?), ref: 00424437
                                            • DispatchMessageA.USER32(?), ref: 00424441
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Message$DispatchPeekTranslate
                                            • String ID:
                                            • API String ID: 4217535847-0
                                            • Opcode ID: 5ba890f0d626e851ae5eb072c17b98b7617e900c1ccbace483623866fa51125f
                                            • Instruction ID: 29ec6bb2c2fe33ce96073087ef8f049612c87f0656b6e82933878d2f51458537
                                            • Opcode Fuzzy Hash: 5ba890f0d626e851ae5eb072c17b98b7617e900c1ccbace483623866fa51125f
                                            • Instruction Fuzzy Hash: 1F11C43030435056DA20E6A4B94179B73D4CFC1708F85485EF9C957382D7BD9E4487AB
                                            Function 004165EC Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetPropA.USER32(00000000,00000000), ref: 00416612
                                            • SetPropA.USER32(00000000,00000000), ref: 00416627
                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,00000000,00000000,?,00000000,00000000), ref: 0041664E
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Prop$Window
                                            • String ID:
                                            • API String ID: 3363284559-0
                                            • Opcode ID: b31ba192d97bc2a8128d85a50ffa45febb98a78fe245b4b5ec301087639eabad
                                            • Instruction ID: 675018db8e1bdf4ebffe2da0d9b09b3c9fe28390eae3e6cfa7bb9a74213a9f8e
                                            • Opcode Fuzzy Hash: b31ba192d97bc2a8128d85a50ffa45febb98a78fe245b4b5ec301087639eabad
                                            • Instruction Fuzzy Hash: 9DF0B271701210BFDB109B599C85FA632DCBB19B15F160176BE08EF286D6B8DD40C7A8
                                            Function 004014E4 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 37memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004017ED), ref: 00401513
                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004017ED), ref: 0040153A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID: @$I
                                            • API String ID: 2087232378-1899187264
                                            • Opcode ID: 08da3f0d1e78bfe9c634c9aa4f5f35e672582809eb99289594877bc0e4020af2
                                            • Instruction ID: 725a70dfb87e22c3967cff80d89a5dac4b2b1bb1b28326949d670fe9fc14322f
                                            • Opcode Fuzzy Hash: 08da3f0d1e78bfe9c634c9aa4f5f35e672582809eb99289594877bc0e4020af2
                                            • Instruction Fuzzy Hash: 82F0A772B0073067EB60596A4C81F5359C49FC5794F154076FD0DFF3E9D6B58C0142A9
                                            Function 0041EDFC Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsWindowVisible.USER32(?), ref: 0041EE0C
                                            • IsWindowEnabled.USER32(?), ref: 0041EE16
                                            • EnableWindow.USER32(?,00000000), ref: 0041EE3C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$EnableEnabledVisible
                                            • String ID:
                                            • API String ID: 3234591441-0
                                            • Opcode ID: 26f15855b103a5989d821e845a8b5a76b466f6557515be23c42bc0ec7e566d17
                                            • Instruction ID: 96e98aa39eb8546384e417ef666d490cadeddd778781aa4cd60f09ebcc6840ac
                                            • Opcode Fuzzy Hash: 26f15855b103a5989d821e845a8b5a76b466f6557515be23c42bc0ec7e566d17
                                            • Instruction Fuzzy Hash: 65E0EDB42003016AEB11AB27DCC1B5B769CBB54354F468477AD169B2A3DA3DD8408A78
                                            Function 004062A0 Relevance: 4.5, APIs: 3, Instructions: 7COMMON
                                            Download Yara Rule
                                            APIs
                                            • GlobalHandle.KERNEL32 ref: 004062A1
                                            • GlobalUnWire.KERNEL32(00000000), ref: 004062A8
                                            • GlobalFree.KERNEL32(00000000), ref: 004062AD
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Global$FreeHandleWire
                                            • String ID:
                                            • API String ID: 318822183-0
                                            • Opcode ID: 811b5650058efd060b0480522622cea17f29fa46ba8acc2a698c355084a7e242
                                            • Instruction ID: 232b5a29dca1329e6ee8fbf729e049d74cb9239d0bdd557acda0a77be920d3a5
                                            • Opcode Fuzzy Hash: 811b5650058efd060b0480522622cea17f29fa46ba8acc2a698c355084a7e242
                                            • Instruction Fuzzy Hash: 73A001C4804A04A9D80072B2080BA2F244CD8413283D0496B7440B2183883C8C40593A
                                            Function 0047B260 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetActiveWindow.USER32(?), ref: 0047B304
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ActiveWindow
                                            • String ID: InitializeWizard
                                            • API String ID: 2558294473-2356795471
                                            • Opcode ID: 8b312c41f2940f2f3a5a5ebcccc02a9e100daae9f3be4a3165d4f891c4d140ea
                                            • Instruction ID: 4e25cab65ed988d36d771276a92aef87a17e854c81311b79447974de30300cc1
                                            • Opcode Fuzzy Hash: 8b312c41f2940f2f3a5a5ebcccc02a9e100daae9f3be4a3165d4f891c4d140ea
                                            • Instruction Fuzzy Hash: CA11A330204204AFD701EB69FD45B5A77E4E755324F2084BBF40A877A1D7796C41DB5D
                                            Function 00476018 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • Failed to remove temporary directory: , xrefs: 00476079
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CountTick
                                            • String ID: Failed to remove temporary directory:
                                            • API String ID: 536389180-3544197614
                                            • Opcode ID: 8eaa77d6da94d3eb7a991c9334ea7c1cfd0c78d7d0c6d11cc61aa5cf67c36756
                                            • Instruction ID: 6ffa0d28bc3bfc953a6b8bbcd879379d441b58bb6ad8f3d837193fbc1ee90d1a
                                            • Opcode Fuzzy Hash: 8eaa77d6da94d3eb7a991c9334ea7c1cfd0c78d7d0c6d11cc61aa5cf67c36756
                                            • Instruction Fuzzy Hash: B301F530610B44AADB11EB72CC46BDF77A9DB05709FA1843BF804A7192D6BDAE08890C
                                            Function 00402E70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlUnwind.KERNEL32(?,?,Function_00002E70,00000000,?,?,Function_00002E70,?), ref: 00402EDC
                                              • Part of subcall function 00402D90: RaiseException.KERNEL32(0EEDFAD4,00000000,00000002), ref: 00402DA6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ExceptionRaiseUnwind
                                            • String ID: /@
                                            • API String ID: 478881706-2472096700
                                            • Opcode ID: ce0c57217f1f88cfefb99c6a056471c18bb1f4aa94c236d0a0fe8feffa296953
                                            • Instruction ID: 5c20ca0d660fc1177ed7d48fb6ffd970784faa1b3a99d759d1c18c638cb26d65
                                            • Opcode Fuzzy Hash: ce0c57217f1f88cfefb99c6a056471c18bb1f4aa94c236d0a0fe8feffa296953
                                            • Instruction Fuzzy Hash: 470109B0200201AFD710DB55CA89F27B7F9EF88754F15C5B9B508672E1C774EC44DA65
                                            Function 004757F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60
                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,?,?,00475A36,00000000,00475B70), ref: 00475835
                                            Strings
                                            • Software\Microsoft\Windows\CurrentVersion, xrefs: 00475805
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseOpen
                                            • String ID: Software\Microsoft\Windows\CurrentVersion
                                            • API String ID: 47109696-1019749484
                                            • Opcode ID: 624b0b4a54040a7892ae93ac597d3eea2aede776931a95b16378c7608928749d
                                            • Instruction ID: 6f23ae70e013487785b82a96322c3c90f2bad5c8cb9ef8bfae3d8b83ecadceb2
                                            • Opcode Fuzzy Hash: 624b0b4a54040a7892ae93ac597d3eea2aede776931a95b16378c7608928749d
                                            • Instruction Fuzzy Hash: A1F08231B0451467EA04B69A9C42B9EA79D9B84758F21407BF908DF342D9F99E0242AD
                                            Function 004695AC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,?,?,0049307C,?,004697A3,?,00000000,00469BEA,?,_is1), ref: 004695CF
                                            Strings
                                            • Inno Setup: Setup Version, xrefs: 004695CD
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID: Inno Setup: Setup Version
                                            • API String ID: 3702945584-4166306022
                                            • Opcode ID: f6d4cc5eb782b562f43c4092d5e7c04ca05372e8bfb1ae5fcb716854d543f903
                                            • Instruction ID: bcb48f81889c44c2f620efda9402a5d0bb1fb61369e9a11a86b2db072df5fa83
                                            • Opcode Fuzzy Hash: f6d4cc5eb782b562f43c4092d5e7c04ca05372e8bfb1ae5fcb716854d543f903
                                            • Instruction Fuzzy Hash: 5CE06D713012043FD710EA2A9C85F5BBBDCDF88365F10403AB908DB392D978DD0185A8
                                            Function 0042DC44 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60
                                            Strings
                                            • System\CurrentControlSet\Control\Windows, xrefs: 0042DC5E
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID: System\CurrentControlSet\Control\Windows
                                            • API String ID: 71445658-1109719901
                                            • Opcode ID: 22e0c054078c54348808a8319995cc634a026ba4b678fe1ea34de8a5361bc097
                                            • Instruction ID: 29d81e93da8360ba13d0a113dd5009aeb6b598c84d67836305bbff2bc9e8969e
                                            • Opcode Fuzzy Hash: 22e0c054078c54348808a8319995cc634a026ba4b678fe1ea34de8a5361bc097
                                            • Instruction Fuzzy Hash: B7D09E72910128BB9B109A89DC41DF7775DDB19760F44401AF904A7141C1B4AC519BE4
                                            Function 00452758 Relevance: 3.2, APIs: 2, Instructions: 190fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,0045298B,?,00000000,004529F5,?,?,-00000001,00000000,?,00476075,00000000,00475FC4,00000000), ref: 00452967
                                            • FindClose.KERNEL32(000000FF,00452992,0045298B,?,00000000,004529F5,?,?,-00000001,00000000,?,00476075,00000000,00475FC4,00000000,00000001), ref: 00452985
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Find$CloseFileNext
                                            • String ID:
                                            • API String ID: 2066263336-0
                                            • Opcode ID: 7aa303c31b69377596db69b5784372d2b213f90afaf7537e5bd8167b5ecefc51
                                            • Instruction ID: a46e81b432fa17c8035645edee6d72e6358aab5d3d8117a0f5ee062976db862c
                                            • Opcode Fuzzy Hash: 7aa303c31b69377596db69b5784372d2b213f90afaf7537e5bd8167b5ecefc51
                                            • Instruction Fuzzy Hash: 48819074A0024D9FCF11DFA5C941BEFBBB4AF4A305F1480A7D85463392D3789A4ACB98
                                            Function 00450F64 Relevance: 3.1, APIs: 2, Instructions: 60processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessA.KERNEL32(00000000,00000000,?,?,00455ECC,00000000,00455EB4,?,?,?,00000000,00450FDE,?,?,?,00000001), ref: 00450FB8
                                            • GetLastError.KERNEL32(00000000,00000000,?,?,00455ECC,00000000,00455EB4,?,?,?,00000000,00450FDE,?,?,?,00000001), ref: 00450FC0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateErrorLastProcess
                                            • String ID:
                                            • API String ID: 2919029540-0
                                            • Opcode ID: f3603e2291ac4d2bff5630acf20c922798bf03bd121a7c5ca53d5b2f3657e726
                                            • Instruction ID: 90ec035facff387a728fa34ee480b9bdab906da10ba2c5f97b54275381758835
                                            • Opcode Fuzzy Hash: f3603e2291ac4d2bff5630acf20c922798bf03bd121a7c5ca53d5b2f3657e726
                                            • Instruction Fuzzy Hash: 6E115E76604208AF8B50DEADDC41DDFB7ECEB4D310B51456AFD08E3241D674EE158B64
                                            Function 0040AF70 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                            • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0040AF8A
                                            • FreeResource.KERNEL32(00000000,00400000,00000000,0000000A,F0E80040,00000000,?,?,0040B0E7,00000000,0040B0FF,?,?,?,00000000), ref: 0040AF9B
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Resource$FindFree
                                            • String ID:
                                            • API String ID: 4097029671-0
                                            • Opcode ID: 8c30dec602ece8ae2a8e71100469382659f92ae3bfb2da213009fea87c39b6d5
                                            • Instruction ID: 1221a5199f13f7129315330983e0874b2bf41397b47310acc6f6b643a0b38e17
                                            • Opcode Fuzzy Hash: 8c30dec602ece8ae2a8e71100469382659f92ae3bfb2da213009fea87c39b6d5
                                            • Instruction Fuzzy Hash: FB012FB1300300AFDB00EF69DC82E1A33A9EB493087108077F500BB2D0DA799C11962A
                                            Function 0041EE4C Relevance: 3.0, APIs: 2, Instructions: 49threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentThreadId.KERNEL32 ref: 0041EE9B
                                            • 73EA5940.USER32(00000000,0041EDFC,00000000,00000000,0041EEB8,?,00000000,0041EEEF,?,0042E7E8,?,00000001), ref: 0041EEA1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: A5940CurrentThread
                                            • String ID:
                                            • API String ID: 2589350566-0
                                            • Opcode ID: 10cd4d059b02f226dcedeab6d983f116a71722e0e95fe1aa277000ca600bc38b
                                            • Instruction ID: ca42cadf64aab9fc9bda363da699102df16a4657dc233dc8dc005950a55e731a
                                            • Opcode Fuzzy Hash: 10cd4d059b02f226dcedeab6d983f116a71722e0e95fe1aa277000ca600bc38b
                                            • Instruction Fuzzy Hash: 8A015B79A04705AFD705CF66DC11996BBF8E789720B2388B7E804D36A0F6345810DE18
                                            Function 004513FC Relevance: 3.0, APIs: 2, Instructions: 48fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MoveFileA.KERNEL32(00000000,00000000), ref: 0045143E
                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00451464), ref: 00451446
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorFileLastMove
                                            • String ID:
                                            • API String ID: 55378915-0
                                            • Opcode ID: fc062a3957a1edb5bf0d59c77c23fa964479a41f7c559747da197f0b7ccab451
                                            • Instruction ID: 85188aecbac2644b80406732be01adbb240331f4a8ceeac9c47b7ffc740a9c29
                                            • Opcode Fuzzy Hash: fc062a3957a1edb5bf0d59c77c23fa964479a41f7c559747da197f0b7ccab451
                                            • Instruction Fuzzy Hash: 6D01D671B04604AB8B01DB799C425AEB7ECDB49725760457BFC08E3252EA3C4E048959
                                            Function 0040170C Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualFree.KERNEL32(00000000,00000000,00004000,?,?,?,?,?,00401973), ref: 00401766
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FreeVirtual
                                            • String ID: @$I
                                            • API String ID: 1263568516-1899187264
                                            • Opcode ID: b62b8f1c307d4adcebf6fa1a253ea1af05d3ba4dba9aec1dff74914ddceb4cab
                                            • Instruction ID: 8116451f728c5aa32ea3c360de9e7882c02e29ec9bc76b399c7381bc7e3fefdc
                                            • Opcode Fuzzy Hash: b62b8f1c307d4adcebf6fa1a253ea1af05d3ba4dba9aec1dff74914ddceb4cab
                                            • Instruction Fuzzy Hash: F40170766057109FC3109F29DCC0E2677E8D780378F05413EDA84673A1D37A6C0187D8
                                            Function 00450EEC Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00450F4B), ref: 00450F25
                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00450F4B), ref: 00450F2D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateDirectoryErrorLast
                                            • String ID:
                                            • API String ID: 1375471231-0
                                            • Opcode ID: 082057bd9afaa096a0e4b8126ab3c4003cc3e6ea7bf304598bc7be587df6c026
                                            • Instruction ID: 364ad505462443d826447c2aa905436d5e11e331cb720e50727da1269184da6e
                                            • Opcode Fuzzy Hash: 082057bd9afaa096a0e4b8126ab3c4003cc3e6ea7bf304598bc7be587df6c026
                                            • Instruction Fuzzy Hash: 27F02876A04604AFCB10DF759C4299EB7E8DB09311B6049BBFC08E3242E6794E048598
                                            Function 00451084 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DeleteFileA.KERNEL32(00000000,00000000,004510E1,?,-00000001,?), ref: 004510BB
                                            • GetLastError.KERNEL32(00000000,00000000,004510E1,?,-00000001,?), ref: 004510C3
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: DeleteErrorFileLast
                                            • String ID:
                                            • API String ID: 2018770650-0
                                            • Opcode ID: 1e6d19b18d0b7f1f4b814b2fe5639d31bbd572e79ae8d41c2ab74e80d74ea6ed
                                            • Instruction ID: 5ed2bb2a065b1eb56cf610b2c64d6d851a3618404264b5220afa4eae7dc9580f
                                            • Opcode Fuzzy Hash: 1e6d19b18d0b7f1f4b814b2fe5639d31bbd572e79ae8d41c2ab74e80d74ea6ed
                                            • Instruction Fuzzy Hash: F9F02871A04244AFCF00DFB59C4259EB7E8DB0871176089BBFC04E3692EB384E048558
                                            Function 0045158C Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                            Download Yara Rule
                                            APIs
                                            • RemoveDirectoryA.KERNEL32(00000000,00000000,004515E9,?,-00000001,00000000), ref: 004515C3
                                            • GetLastError.KERNEL32(00000000,00000000,004515E9,?,-00000001,00000000), ref: 004515CB
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: DirectoryErrorLastRemove
                                            • String ID:
                                            • API String ID: 377330604-0
                                            • Opcode ID: 3de0d6eef76c1e463ac159392944c7fd45740d6beb844e58639b2c615591adf4
                                            • Instruction ID: 4a7b75eba7857019093cf0bd5fd6fc682383d33b89e08eccdc707f1e9448c37c
                                            • Opcode Fuzzy Hash: 3de0d6eef76c1e463ac159392944c7fd45740d6beb844e58639b2c615591adf4
                                            • Instruction Fuzzy Hash: F0F0F475A00608BB8B01DBB5AC4259EB3ECDB4831176049BBFC04E3242F6384E048598
                                            Function 004231E4 Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadCursorA.USER32(00000000,00007F00), ref: 004231F1
                                            • LoadCursorA.USER32(00000000,00000000), ref: 0042321B
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CursorLoad
                                            • String ID:
                                            • API String ID: 3238433803-0
                                            • Opcode ID: 97721f6b4bea7dfcfee2643c439e1d77a1de27f79bc3f669c874631e657f12ca
                                            • Instruction ID: 43eb0a081647544f07c75950a444ff3626244229c91a8f980807230630bdce3f
                                            • Opcode Fuzzy Hash: 97721f6b4bea7dfcfee2643c439e1d77a1de27f79bc3f669c874631e657f12ca
                                            • Instruction Fuzzy Hash: 56F05C11740110A6D6105D7E6CC0E2A7268DBC1735B7103BBFB7BD32D2C62E5C01417D
                                            Function 0042E1E0 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(00008000), ref: 0042E1EA
                                            • LoadLibraryA.KERNEL32(00000000,00000000,0042E234,?,00000000,0042E252,?,00008000), ref: 0042E219
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLibraryLoadMode
                                            • String ID:
                                            • API String ID: 2987862817-0
                                            • Opcode ID: df3f20b22e32febbdad40190a0324c62e8b0ac07168a33a3d01648edd1efc6b6
                                            • Instruction ID: a5bf76ec7fc0037a961c30f1a8367ec2ab03dc69631e0c622de06244be8b127b
                                            • Opcode Fuzzy Hash: df3f20b22e32febbdad40190a0324c62e8b0ac07168a33a3d01648edd1efc6b6
                                            • Instruction Fuzzy Hash: 6CF08270B14744BEDB019F779C6282BBBECEB4DB1479248B6F800A2691E63C4C10CD39
                                            Function 00470830 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            • 73EA4690.USER32(6F9A27E0,?,?,?,?), ref: 0047085D
                                            • 73EA4690.USER32(FFFF042D,?,?,?,?), ref: 0047086E
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: A4690
                                            • String ID:
                                            • API String ID: 3561213222-0
                                            • Opcode ID: d78ec1971c872e1c2a759eff0b10a1fb793b86a13f31b5903e54a79ee442c384
                                            • Instruction ID: 05871f25954d4f0ccf7064202b5622f870af3b0557784982f60e543ab3818496
                                            • Opcode Fuzzy Hash: d78ec1971c872e1c2a759eff0b10a1fb793b86a13f31b5903e54a79ee442c384
                                            • Instruction Fuzzy Hash: 00F0A0B2201205BBDB00DEAADD88CA7776CEF49320704822BBC0893295D1B8AC0086B9
                                            Function 0044FC10 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointer.KERNEL32(?,00000000,?,00000002,?,00000080,0046A731,?,00000000), ref: 0044FC26
                                            • GetLastError.KERNEL32(?,00000000,?,00000002,?,00000080,0046A731,?,00000000), ref: 0044FC2E
                                              • Part of subcall function 0044F9CC: GetLastError.KERNEL32(0044F7E8,0044FA8E,?,00000000,?,0048FEBC,00000001,00000000,00000002,00000000,0049001D,?,?,00000005,00000000,00490051), ref: 0044F9CF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast$FilePointer
                                            • String ID:
                                            • API String ID: 1156039329-0
                                            • Opcode ID: de65f18f36f37b9ca1324c3eeca2df0f722fadb4b50d26d1bad635fee496284b
                                            • Instruction ID: 0bfc23328500fe2646c690ed3ecabb54a6fbe8d678c9a11fa1a44a4ad9cb7e95
                                            • Opcode Fuzzy Hash: de65f18f36f37b9ca1324c3eeca2df0f722fadb4b50d26d1bad635fee496284b
                                            • Instruction Fuzzy Hash: 59E012B1304205ABFB10EA7599C1F3B22D8EB44354F00447AB944CF287E674CC0A8B25
                                            Function 0041EF9C Relevance: 3.0, APIs: 2, Instructions: 16threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentThreadId.KERNEL32 ref: 0041EFB6
                                            • 73EA5940.USER32(00000000,0041EF38,00000000,0042406E,?,00000000,00424104), ref: 0041EFBC
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: A5940CurrentThread
                                            • String ID:
                                            • API String ID: 2589350566-0
                                            • Opcode ID: a87d5c09129fb5e8e72c64e8d2232d69f3356c6d2f88ba67e28c815336eb5a51
                                            • Instruction ID: 49cc1c4b832f6c01255466c052ada857fa4bf5b082c39c1888a59bd33b0c0cac
                                            • Opcode Fuzzy Hash: a87d5c09129fb5e8e72c64e8d2232d69f3356c6d2f88ba67e28c815336eb5a51
                                            • Instruction Fuzzy Hash: BCE04C71610201BFDF11DF39DD4575637E1E7A0314F1348B7A806D61B1E3785840DA0D
                                            Function 00406274 Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Global$Alloc
                                            • String ID:
                                            • API String ID: 2558781224-0
                                            • Opcode ID: 3aab631d28e9500c64151c0aeb9b91af43aad549cba5a5fa87d1f146672bdb4f
                                            • Instruction ID: 0263706b80ae8aebac4b2aeda69df254121a1764ed820e2db5cbcbfbef09bb73
                                            • Opcode Fuzzy Hash: 3aab631d28e9500c64151c0aeb9b91af43aad549cba5a5fa87d1f146672bdb4f
                                            • Instruction Fuzzy Hash: 3D9002C4C10B01A4DC0432B24C0BC3F0C2CD8C072C3C0486F7018B6183883C8800083C
                                            Function 00477198 Relevance: 1.6, APIs: 1, Instructions: 128windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendNotifyMessageA.USER32(000203EE,00000496,00002711,00000000), ref: 00477350
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageNotifySend
                                            • String ID:
                                            • API String ID: 3556456075-0
                                            • Opcode ID: 252e5136d57f140269efebacecac5dd0592624cb6a566e5f719c9ce0fa9de95c
                                            • Instruction ID: 16409b2b564c283e2081e6b17d670531f43b9e979188f2c8fa02a8160c9bfcf5
                                            • Opcode Fuzzy Hash: 252e5136d57f140269efebacecac5dd0592624cb6a566e5f719c9ce0fa9de95c
                                            • Instruction Fuzzy Hash: 8B4186343040009BC710FF66EC8255A77A9AB55309790C5B7B8049F3ABCA78EE06DB9D
                                            Function 0040857C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemDefaultLCID.KERNEL32(00000000,004086B2), ref: 0040859B
                                              • Part of subcall function 00406D8C: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00406DA9
                                              • Part of subcall function 00408508: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,004924C0,00000001,?,004085D3,?,00000000,004086B2), ref: 00408526
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: DefaultInfoLoadLocaleStringSystem
                                            • String ID:
                                            • API String ID: 1658689577-0
                                            • Opcode ID: 80ecc8c9aace017e09db60a449651f58f9edaaa4523f5ba9ad143ce156ad8401
                                            • Instruction ID: 8b9545330178279bc2ddac5e6fa168bd58cc03261140f3a6a95c7e376186b839
                                            • Opcode Fuzzy Hash: 80ecc8c9aace017e09db60a449651f58f9edaaa4523f5ba9ad143ce156ad8401
                                            • Instruction Fuzzy Hash: 86315035E00109ABCB00EF95CC819EEB779FF84314F518577E815BB285E738AE018B98
                                            Function 0041FB44 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetScrollInfo.USER32(00000000,?,?,00000001), ref: 0041FBE1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: InfoScroll
                                            • String ID:
                                            • API String ID: 629608716-0
                                            • Opcode ID: de4704f2c710e71cab7264c2153380fdf922c8bbe904c6d895339fb26e0428f4
                                            • Instruction ID: 2699cc02af870d89e6a5ad5e313ee30afbb4c435a81dca5bff53af4edc800ccf
                                            • Opcode Fuzzy Hash: de4704f2c710e71cab7264c2153380fdf922c8bbe904c6d895339fb26e0428f4
                                            • Instruction Fuzzy Hash: E22142B16087456FC340DF39D440696BBE4BB88314F04493EE498C3741D774E996CBD6
                                            Function 00466FE4 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0041EE4C: GetCurrentThreadId.KERNEL32 ref: 0041EE9B
                                              • Part of subcall function 0041EE4C: 73EA5940.USER32(00000000,0041EDFC,00000000,00000000,0041EEB8,?,00000000,0041EEEF,?,0042E7E8,?,00000001), ref: 0041EEA1
                                            • SHPathPrepareForWriteA.SHELL32(00000000,00000000,00000000,00000000,00000000,00467042,?,00000000,?,?,00467247,?,00000000,00467286), ref: 00467026
                                              • Part of subcall function 0041EF00: IsWindow.USER32(?), ref: 0041EF0E
                                              • Part of subcall function 0041EF00: EnableWindow.USER32(?,00000001), ref: 0041EF1D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$A5940CurrentEnablePathPrepareThreadWrite
                                            • String ID:
                                            • API String ID: 3104224314-0
                                            • Opcode ID: 369f86e8a7e3fc3249e22cf5b4f477e6a4efde8ea112a63605dc209f0644bffd
                                            • Instruction ID: cfd77c3cf2038ba034cdb19c096b63f1e12f26539d14daa02010a8575a632133
                                            • Opcode Fuzzy Hash: 369f86e8a7e3fc3249e22cf5b4f477e6a4efde8ea112a63605dc209f0644bffd
                                            • Instruction Fuzzy Hash: 15F02E70288300FFE3049B62ED1AB2577E8E308718F60083BF40082181E6BD4C40D52D
                                            Function 004164F8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,00000000,00400000,?), ref: 0041652D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateWindow
                                            • String ID:
                                            • API String ID: 716092398-0
                                            • Opcode ID: a90cc2cdc4384ce14c959999bf908b8a2b5a488b97049405d08f79aee015cd0a
                                            • Instruction ID: a820f4678b9f5f8a39c028f8276f7672b34f9079ce199e45b6728efe25cce622
                                            • Opcode Fuzzy Hash: a90cc2cdc4384ce14c959999bf908b8a2b5a488b97049405d08f79aee015cd0a
                                            • Instruction Fuzzy Hash: D5F019B2200510AFDB84CF9CD9C0F9373ECEB0C210B0481A6FA08CF24AD260EC108BB0
                                            Function 0041495C Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                            Download Yara Rule
                                            APIs
                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00414997
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CallbackDispatcherUser
                                            • String ID:
                                            • API String ID: 2492992576-0
                                            • Opcode ID: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                            • Instruction ID: 59ac3629b8f45f7a6bca1b57e2bf54285868c68ba6336e642f1ef9b7bb8d2b05
                                            • Opcode Fuzzy Hash: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                            • Instruction Fuzzy Hash: B2F0DA762042019FC740DF6CC8C488A77E5FF89255B5546A9F989CB356C731EC54CB91
                                            Function 0042CBB0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042CAA4: CharPrevA.USER32(?,00000000,?,00000001,?,?,0042CBD2,00000000,0042CBF8,?,00000001,?,?,00000000,?,0042CC4A), ref: 0042CACC
                                            • GetFileAttributesA.KERNEL32(00000000,00000000,0042CBF8,?,00000001,?,?,00000000,?,0042CC4A,00000000,004511A1,00000000,004511C2,?,00000000), ref: 0042CBDB
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AttributesCharFilePrev
                                            • String ID:
                                            • API String ID: 4082512850-0
                                            • Opcode ID: 22241e4889f104e7f41f6a8233d5b92d6a893f3137f18e20c265477f4e7dcce1
                                            • Instruction ID: bcc2a10ba17e46f4a9e3aa80fd67cbe88bd74874a982435321d161081e45760d
                                            • Opcode Fuzzy Hash: 22241e4889f104e7f41f6a8233d5b92d6a893f3137f18e20c265477f4e7dcce1
                                            • Instruction Fuzzy Hash: 96E09B71304308BFD701EF62EC93E5EBBECDB85714BA14476F400E7641D5B9AE008418
                                            Function 0044FADC Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 0044FB1C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 78a311e2a95407c1f2bce677d10703788472382bb1767ec56bee7a5dd97471b0
                                            • Instruction ID: b9ff2f1e843887c32db999b8e56f693fcf835da1e8ac5748e56ca63b18eefbc2
                                            • Opcode Fuzzy Hash: 78a311e2a95407c1f2bce677d10703788472382bb1767ec56bee7a5dd97471b0
                                            • Instruction Fuzzy Hash: 64E092A53501083ED340EEACAC52FA337CC9319754F048033B988C7351D4619D11CBA8
                                            Function 0042E660 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004519EF,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E67F
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FormatMessage
                                            • String ID:
                                            • API String ID: 1306739567-0
                                            • Opcode ID: 5cdf8f27468f89c1e221846afb926f353a68fd9131fa2110eec1806da2fbbfdd
                                            • Instruction ID: e1450acef62d714b472a60d6f425ebfa2555b1e5ba62ff61a1a92b84590c1f2f
                                            • Opcode Fuzzy Hash: 5cdf8f27468f89c1e221846afb926f353a68fd9131fa2110eec1806da2fbbfdd
                                            • Instruction Fuzzy Hash: 2EE020723843111AF23550676C47B7F170D4790704F9580263B10DE3D2D9AEDD0F02AD
                                            Function 00406300 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateWindowExA.USER32(00000000,00423624,00000000,94CA0000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4), ref: 00406329
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateWindow
                                            • String ID:
                                            • API String ID: 716092398-0
                                            • Opcode ID: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                            • Instruction ID: 1d12608fc0467a25e6c73015cc4d191371d7057fe5102c86e19c90aa3d4ae925
                                            • Opcode Fuzzy Hash: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                            • Instruction Fuzzy Hash: 4CE002B2204309BFDB00DE8ADDC1DABB7ACFB4C654F844105BB1C972428275AD608BB1
                                            Function 0042DC0C Relevance: 1.5, APIs: 1, Instructions: 26registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DC38
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: 4b7bbc01810c708f4eaeb9f3bdda72a1e52bfbbcd703bba3a005b41c2dde64c7
                                            • Instruction ID: 95aeb9dab0603b99a781f8c682cffbd0ba2012b3d2683d11ab3130478c649cf3
                                            • Opcode Fuzzy Hash: 4b7bbc01810c708f4eaeb9f3bdda72a1e52bfbbcd703bba3a005b41c2dde64c7
                                            • Instruction Fuzzy Hash: C3E07EB2600129AF9B40DE8DDC81EEB37ADAB1D350F408016FA08D7200C2B4EC519BB4
                                            Function 00453230 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • FindClose.KERNEL32(00000000,000000FF,0046AF0D,00000000,0046BC78,?,00000000,0046BCC1,?,00000000,0046BDFA,?,00000000,?,00000000), ref: 00453246
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseFind
                                            • String ID:
                                            • API String ID: 1863332320-0
                                            • Opcode ID: 15c20ed8949bce4e0717e7564957b6ac880824dbd77f88015e5955f017df5fa2
                                            • Instruction ID: f302fe2a993c29ff2beb40c6401580d32031e9c3f18c83ad647966ccae7ffc8f
                                            • Opcode Fuzzy Hash: 15c20ed8949bce4e0717e7564957b6ac880824dbd77f88015e5955f017df5fa2
                                            • Instruction Fuzzy Hash: 85E01B70508B008BCB14DF3E848135676D15F89321F04C9AABC58CB3D7DA3C85559A67
                                            Function 00414624 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            • KiUserCallbackDispatcher.NTDLL(0048DB6E,?,0048DB90,?,?,00000000,0048DB6E,?,?), ref: 00414643
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CallbackDispatcherUser
                                            • String ID:
                                            • API String ID: 2492992576-0
                                            • Opcode ID: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                            • Instruction ID: 3a83c41fa5c3d176b15f2666d2672a78f9af76d4247255e2ff0bda4df6ea0631
                                            • Opcode Fuzzy Hash: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                            • Instruction Fuzzy Hash: 59E012723001199F8250CE5EDC88C57FBEDEBC966130983A6F508C7306DA31EC44C7A0
                                            Function 00406AE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            • CompareStringA.KERNEL32(00000400,00000000,00000000,00000000,00000000,00000000,00000000,?,0042C585,00000000,0042C5A2,?,?,00000000,?,00000000), ref: 00406B0D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CompareString
                                            • String ID:
                                            • API String ID: 1825529933-0
                                            • Opcode ID: f42634be0faa333b05a4ae354d565eb4a013819038b6e29f1d9658e93d9dcb4d
                                            • Instruction ID: f6665c11947ada4625099ec4a58cd3d7eb013588aad78fe549ce1534c5c33ddb
                                            • Opcode Fuzzy Hash: f42634be0faa333b05a4ae354d565eb4a013819038b6e29f1d9658e93d9dcb4d
                                            • Instruction Fuzzy Hash: DAD092D17416203BD250BA7E1C82F5B48CC8B1861FF00413AB208FB2D2C97C8F0512AE
                                            Function 00406E20 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileA.KERNEL32(00000000,00000001,00000001,00000000,00000003,00000080,00000000,?,0040A86C,0040CE50,?,00000000,?), ref: 00406E56
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 284a5784ece0525ee4309a29e0934b708280147b24c8860807565b0dcdf733f2
                                            • Instruction ID: 2d5c0aa36cdab2c02aa70c59908dd8a7432c1ea2770125d051a0aa19acad35b9
                                            • Opcode Fuzzy Hash: 284a5784ece0525ee4309a29e0934b708280147b24c8860807565b0dcdf733f2
                                            • Instruction Fuzzy Hash: 61E05BE23D065537F510A9DDACC3F56118CC714749F048032F600EF3E1D5AD9E5087A8
                                            Function 00406E84 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00406E98
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 8201ee84f3f9e58ef3dd8e0238a87415c2e3dc620ee442071c6c4e1cd7855385
                                            • Instruction ID: a10c0b3fd935aa4feb9cc83ad1cbd2e9700523618da793d8de9a5efa8f2f85b3
                                            • Opcode Fuzzy Hash: 8201ee84f3f9e58ef3dd8e0238a87415c2e3dc620ee442071c6c4e1cd7855385
                                            • Instruction Fuzzy Hash: 63D012763082106AD620955A9C84DAB5ADCCBC9774F11063AB658D6181D6248C018675
                                            Function 00406EB0 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406EC4
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FileWrite
                                            • String ID:
                                            • API String ID: 3934441357-0
                                            • Opcode ID: 53bf0c971a6682272cbe113517155efe353acdf78c65c7717e273512bbedbf67
                                            • Instruction ID: 4d76dac8211929e62cce8888c47837621b30d3b0c7e20a3f427cea6db45cb60b
                                            • Opcode Fuzzy Hash: 53bf0c971a6682272cbe113517155efe353acdf78c65c7717e273512bbedbf67
                                            • Instruction Fuzzy Hash: 48D05B763082507AD620965BAC44DA76BDCCBC5770F11063EB558C71C1D6309C01C775
                                            Function 004235F4 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004235A0: SystemParametersInfoA.USER32(00000048,00000000,00000000,00000000), ref: 004235B5
                                            • ShowWindow.USER32(004105F8,00000009,?,00000000,0041ED4C,004238E2,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4), ref: 0042360F
                                              • Part of subcall function 004235D0: SystemParametersInfoA.USER32(00000049,00000000,00000000,00000000), ref: 004235EC
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: InfoParametersSystem$ShowWindow
                                            • String ID:
                                            • API String ID: 3202724764-0
                                            • Opcode ID: 7c25c5bb0a353a8e37e10cf4638f97e2f3f9aed69f5a03697bdf0d2729dbe22d
                                            • Instruction ID: 2a465d5d678e454343823bde05cb816eafc76b3616d44e2642b2febe52ce8396
                                            • Opcode Fuzzy Hash: 7c25c5bb0a353a8e37e10cf4638f97e2f3f9aed69f5a03697bdf0d2729dbe22d
                                            • Instruction Fuzzy Hash: F8D0A7123422343143203BB73845A8B46BC4DC62A7388043BB548CB303FD1E8F5130BC
                                            Function 0042426C Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetWindowTextA.USER32(?,00000000), ref: 00424284
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: TextWindow
                                            • String ID:
                                            • API String ID: 530164218-0
                                            • Opcode ID: 627cc26754df0e5d4ac2449ef7fa78a92304547f29cb65040aa964a78537c4ea
                                            • Instruction ID: 464bc4534e7500a79cd72818e7fe6fdc88b43f9c3cedd93f67ec80ba9b13fbd8
                                            • Opcode Fuzzy Hash: 627cc26754df0e5d4ac2449ef7fa78a92304547f29cb65040aa964a78537c4ea
                                            • Instruction Fuzzy Hash: A8D05BE270113017C741BAED54C4AC577CC4B4825671540B7F904EF257C638CD404398
                                            Function 0042CC50 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesA.KERNEL32(00000000,?,004513D1,00000000,004513EA,?,-00000001,00000000), ref: 0042CC5B
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: 36a704d27392c584da48404d951af4ee67a016d0087b0b4451a7b59f91f2b214
                                            • Instruction ID: 2bac27eb1d407cf782e128ad06cad9207e8ea826622c3fbf81ad2ed97ccd6d21
                                            • Opcode Fuzzy Hash: 36a704d27392c584da48404d951af4ee67a016d0087b0b4451a7b59f91f2b214
                                            • Instruction Fuzzy Hash: 4BD012E030129015DA1459BE29C979F02888B96735FA41F7BB96CE22E2E23DCC562018
                                            Function 004621AC Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                            Download Yara Rule
                                            APIs
                                            • KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00462E18,00000000,00000000,00000000,0000000C,00000000), ref: 004621C4
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CallbackDispatcherUser
                                            • String ID:
                                            • API String ID: 2492992576-0
                                            • Opcode ID: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                            • Instruction ID: a3a9c25b9c80179eca176ae0059a0aa24e3542550d9dc9bac8dced773014ab2a
                                            • Opcode Fuzzy Hash: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                            • Instruction Fuzzy Hash: 0ED09272210A109F8364CAADC9C4C97B3ECEF4C2213004659E54AC3B15D664FC018BA0
                                            Function 0042CC08 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesA.KERNEL32(00000000,00000000,0045084B,00000000), ref: 0042CC13
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: 2ad41afce022a7edf35b9913b4ba60846e4e43961883ad7ce5a0ddd1fe693583
                                            • Instruction ID: 1275fb06175802a4eec18308edc692cabbb6af922db63e061f4609c964e4cce9
                                            • Opcode Fuzzy Hash: 2ad41afce022a7edf35b9913b4ba60846e4e43961883ad7ce5a0ddd1fe693583
                                            • Instruction Fuzzy Hash: 41C08CE13022001A9A1065FE2CC511F02C8891423A3A42F37F42EE33D2DA3D8C17201A
                                            Function 00406E60 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,0040A86C,0040CE18,?,00000000,?), ref: 00406E7D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 789ee4ee8e8beaddf5e4773479f30132dbca981c419c15b8b597a9aeb85959e9
                                            • Instruction ID: fbce42704b7dd2fd8be74a622cf743b4adaa06f64be9adac3ea2875d17ee2119
                                            • Opcode Fuzzy Hash: 789ee4ee8e8beaddf5e4773479f30132dbca981c419c15b8b597a9aeb85959e9
                                            • Instruction Fuzzy Hash: EAC048A13C130032F92035A60C87F16008C5754F0AE60C43AB740BF1C2D8E9A818022C
                                            Function 0041F344 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                            Download Yara Rule
                                            APIs
                                            • KiUserCallbackDispatcher.NTDLL(?,?,?,00000000), ref: 0041F358
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CallbackDispatcherUser
                                            • String ID:
                                            • API String ID: 2492992576-0
                                            • Opcode ID: aa2ab5d04534ce78fd06398472ac87fc8e200d4b6eb1d54961e47d4e7a3c3f50
                                            • Instruction ID: 48f25c4fc7afed193c39a16cc91a0304f94a1296cd048c63733264e3b5f0309e
                                            • Opcode Fuzzy Hash: aa2ab5d04534ce78fd06398472ac87fc8e200d4b6eb1d54961e47d4e7a3c3f50
                                            • Instruction Fuzzy Hash: D2D0C932100108AFDB018E94AC018677B69EB48210B148815FD0485221D633E831AA91
                                            Function 00406EF0 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DeleteFileA.KERNEL32(00000000,00492628,004906E1,00000000,00490736,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406EFB
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: DeleteFile
                                            • String ID:
                                            • API String ID: 4033686569-0
                                            • Opcode ID: 34c222f4aa39b239facbaef86046878073365967e51e1b05f0a2c0fa4b12be0b
                                            • Instruction ID: f501027f96a9746725af0604134d36a8ca8c314a7ca2a7be08ed73c27bcd633e
                                            • Opcode Fuzzy Hash: 34c222f4aa39b239facbaef86046878073365967e51e1b05f0a2c0fa4b12be0b
                                            • Instruction Fuzzy Hash: 97B012E13D220A2ACE0079FE4CC191700CC462C6163405A3A3406EB1C3D93CC4180414
                                            Function 00407248 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetCurrentDirectoryA.KERNEL32(00000000,?,0048FE4A,00000000,0049001D,?,?,00000005,00000000,00490051,?,?,00000000), ref: 00407253
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CurrentDirectory
                                            • String ID:
                                            • API String ID: 1611563598-0
                                            • Opcode ID: 9535ee1be264027bcd2620f9ebef8565d8f2b6e57c19aceceeb3ce428e827e8a
                                            • Instruction ID: c18bf430a4858a09d5fd0626d157798880aaaa8ea81a5298b6cf69089c3012d4
                                            • Opcode Fuzzy Hash: 9535ee1be264027bcd2620f9ebef8565d8f2b6e57c19aceceeb3ce428e827e8a
                                            • Instruction Fuzzy Hash: B0B012E03D161B27CA0079FE4CC191A01CC46292163501B3A3006E71C3D83CC8080514
                                            Function 0044F2F4 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNEL32(00000000,0044F500,00000000,?,004639BE,0000000C,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 0044F312
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID:
                                            • API String ID: 3664257935-0
                                            • Opcode ID: c7a475cd488f875e49ece2157d1206e67af3b2205c6f394a6688a0f7d43359a1
                                            • Instruction ID: 6ecd22b7d6a4bd64001c9983af65653951bcb0c24671cf7e7e2e4cdc083c116c
                                            • Opcode Fuzzy Hash: c7a475cd488f875e49ece2157d1206e67af3b2205c6f394a6688a0f7d43359a1
                                            • Instruction Fuzzy Hash: 17D0C9B44122059ADB109F65EA1431232A4F760346F08017BB400D2171CB799485CB0C
                                            Function 0044FC44 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetEndOfFile.KERNEL32(?,?,004599C5,00000000,00459B68,?,00000000,00000002,00000002), ref: 0044FC4B
                                              • Part of subcall function 0044F9CC: GetLastError.KERNEL32(0044F7E8,0044FA8E,?,00000000,?,0048FEBC,00000001,00000000,00000002,00000000,0049001D,?,?,00000005,00000000,00490051), ref: 0044F9CF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorFileLast
                                            • String ID:
                                            • API String ID: 734332943-0
                                            • Opcode ID: 8565589d8368efb46956d1874a8e26a129873ee61e8d9e49f27d8550732299f7
                                            • Instruction ID: 11690378e1580f57f3c17dd11fe21b7b3ca8148d791c98b53b9e0a2d440cb67b
                                            • Opcode Fuzzy Hash: 8565589d8368efb46956d1874a8e26a129873ee61e8d9e49f27d8550732299f7
                                            • Instruction Fuzzy Hash: 4DC04CA130055197DF00A6AE85C1A0767D86E083083505076B909CF217E668D8044A18
                                            Function 0042E23B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(?,0042E259), ref: 0042E24C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: 0a051d32a78ad3617f7ea1dbaf78ac9652f3e2ca0c092313af1445ab26d6b84d
                                            • Instruction ID: 74ebc363d3dd9adc156b0186d58570fa2bbeeb99e87a8c897359723e7ad10afe
                                            • Opcode Fuzzy Hash: 0a051d32a78ad3617f7ea1dbaf78ac9652f3e2ca0c092313af1445ab26d6b84d
                                            • Instruction Fuzzy Hash: ABB09B7670C6009DB709D6D6755552D63D8D7C47203E145B7F015E2580D53C58004928
                                            Function 00476344 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNEL32(00000000,0047A6D6), ref: 0047635A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID:
                                            • API String ID: 3664257935-0
                                            • Opcode ID: 89572602d291b516dbb91569fe541cff3f70df9bb6bcb712ac8eb03508536d17
                                            • Instruction ID: 33d8f5f36b897b4a22f09290cd909843d3577c0e39989f8199a04e4b2ecda284
                                            • Opcode Fuzzy Hash: 89572602d291b516dbb91569fe541cff3f70df9bb6bcb712ac8eb03508536d17
                                            • Instruction Fuzzy Hash: A8C002715507409EC760EF75DD8474536E4B716716F55C5375804DA160EB348A84CF08
                                            Function 0047A908 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostMessageA.USER32(00000000,00000012,00000000,00000000), ref: 0047A910
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessagePost
                                            • String ID:
                                            • API String ID: 410705778-0
                                            • Opcode ID: fd921ee12ed53937ef9beeb787a8c4516caee7dc516e45fafbf488b4906553f2
                                            • Instruction ID: 99d67813a2b21335afc3d4281e01727494b67aba3c321737ecd4854f4d206f17
                                            • Opcode Fuzzy Hash: fd921ee12ed53937ef9beeb787a8c4516caee7dc516e45fafbf488b4906553f2
                                            • Instruction Fuzzy Hash: 5EA002343D530570F470A2514D03F5400001744F15EE1405573093D0C304D92428201E
                                            Function 00406EDC Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointer.KERNEL32(?,?,00000000), ref: 00406EE1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FilePointer
                                            • String ID:
                                            • API String ID: 973152223-0
                                            • Opcode ID: 2b7715437b97f5ee2490ed70c3dc45042df1d0f416209c13716975d1de1a2196
                                            • Instruction ID: 8ab35750f3efd4d99fa83ee5673b62d8a6256d966d57501d01fbbdede9c777f2
                                            • Opcode Fuzzy Hash: 2b7715437b97f5ee2490ed70c3dc45042df1d0f416209c13716975d1de1a2196
                                            • Instruction Fuzzy Hash: 459002D465160138F81462614C5BF3B001CD7C0B14FD0465D3100A50C254AC6C000879
                                            Function 00416594 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: da20a264590b8da76bcc673a24629bda81143ece4f0058ab807c22f450b41b4b
                                            • Instruction ID: 444a78761fbc6a727879d8c4239369b0bde5fc0390465f01f64749401816922a
                                            • Opcode Fuzzy Hash: da20a264590b8da76bcc673a24629bda81143ece4f0058ab807c22f450b41b4b
                                            • Instruction Fuzzy Hash: CDA002756015049ADE04A7A5C849F662298BB44204FC915F971449B092C53C99008E58
                                            Function 0045B160 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0045B1F0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 40e67bd12d84b901d644a32061550c5eab03b59ca4c5dcb87dd2f004890e4884
                                            • Instruction ID: 4e53742ce62a887a6b6d1ed8658a57c71b670a96a09bd10cc268158586706a5e
                                            • Opcode Fuzzy Hash: 40e67bd12d84b901d644a32061550c5eab03b59ca4c5dcb87dd2f004890e4884
                                            • Instruction Fuzzy Hash: D01175716006049BDB00EF15C88175B77A4EF8435AF04846AFD589B2C7DB38EC09CBEA
                                            Function 0041F36C Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041ED4C,?,00423837,00423BB4,0041ED4C), ref: 0041F38A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 12d8c903e1d35d4ed3e61744099085c4d88952c6e60055fc50c96d732ccf1ffc
                                            • Instruction ID: 0cc0efa10282cde451e00f43d434c8f6590961a15256f6519a3dd582a972fe71
                                            • Opcode Fuzzy Hash: 12d8c903e1d35d4ed3e61744099085c4d88952c6e60055fc50c96d732ccf1ffc
                                            • Instruction Fuzzy Hash: 21115E746407059BC710DF19C880B86FBE5EF98750F10C53BE9A88B785D374E945CBA9
                                            Function 00451740 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(00000000,004517A9), ref: 0045178B
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast
                                            • String ID:
                                            • API String ID: 1452528299-0
                                            • Opcode ID: 0cb30aea8e3a05673a7cba1544d5d7a5fd50794015932abe3ecd9c104f2fad2b
                                            • Instruction ID: 09dacfa996f3112939fbf8ed8dcb85d913dce43742346e85e53a3a3cb706c9d1
                                            • Opcode Fuzzy Hash: 0cb30aea8e3a05673a7cba1544d5d7a5fd50794015932abe3ecd9c104f2fad2b
                                            • Instruction Fuzzy Hash: 5E01FC396042486F8B11DF699C019AEBBECDB4D32076082B7EC68D3351D7344D159664
                                            Function 0045B108 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualFree.KERNEL32(?,00000000,00008000,?,0045B1E6), ref: 0045B11F
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FreeVirtual
                                            • String ID:
                                            • API String ID: 1263568516-0
                                            • Opcode ID: 738f9e8baf208e14bafd32a0a90fff7df9624ba6fd4da3bc033a9b1b79592317
                                            • Instruction ID: 6d5ad091bc6b63f34aeb1917c6f1250fd7e3330d7d8b7736af9f6265ced051ec
                                            • Opcode Fuzzy Hash: 738f9e8baf208e14bafd32a0a90fff7df9624ba6fd4da3bc033a9b1b79592317
                                            • Instruction Fuzzy Hash: 5BD0E9B17557045BDF90EE794C81B1677D8BB48741F5044766904DB286E774E8048A58

                                            Non-executed Functions

                                            Function 0044AD34 Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 252libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0044ACE0: GetVersionExA.KERNEL32(00000094), ref: 0044ACFD
                                            • LoadLibraryA.KERNEL32(uxtheme.dll,?,0044EE61,00490B49), ref: 0044AD5B
                                            • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044AD73
                                            • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044AD85
                                            • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044AD97
                                            • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044ADA9
                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044ADBB
                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044ADCD
                                            • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044ADDF
                                            • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044ADF1
                                            • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044AE03
                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044AE15
                                            • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044AE27
                                            • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044AE39
                                            • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044AE4B
                                            • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044AE5D
                                            • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044AE6F
                                            • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044AE81
                                            • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044AE93
                                            • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0044AEA5
                                            • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0044AEB7
                                            • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0044AEC9
                                            • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0044AEDB
                                            • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0044AEED
                                            • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0044AEFF
                                            • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0044AF11
                                            • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0044AF23
                                            • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0044AF35
                                            • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0044AF47
                                            • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0044AF59
                                            • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0044AF6B
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0044AF7D
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0044AF8F
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0044AFA1
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0044AFB3
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0044AFC5
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0044AFD7
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0044AFE9
                                            • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0044AFFB
                                            • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0044B00D
                                            • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0044B01F
                                            • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0044B031
                                            • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0044B043
                                            • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0044B055
                                            • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0044B067
                                            • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0044B079
                                            • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0044B08B
                                            • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0044B09D
                                            • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0044B0AF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoadVersion
                                            • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                            • API String ID: 1968650500-2910565190
                                            • Opcode ID: 8e47860778318749720a18b19026728520ae29cba2d0c5025aa9374497ebba70
                                            • Instruction ID: 5169d35cc0c40435630ad3afe2d7a88fabdc5ea4a28e3ebae144798e7e1bad85
                                            • Opcode Fuzzy Hash: 8e47860778318749720a18b19026728520ae29cba2d0c5025aa9374497ebba70
                                            • Instruction Fuzzy Hash: 1891D6B0A40B50EBEF00EFF59DC6A2636A8EB15B14714457BB444EF295D7B8C804CF99
                                            Function 004566B8 Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 186pipeprocessfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTickCount.KERNEL32 ref: 0045671F
                                            • QueryPerformanceCounter.KERNEL32(00000000,00000000,004569B2,?,?,00000000,00000000,?,004570AE,?,00000000,00000000), ref: 00456728
                                            • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000), ref: 00456732
                                            • GetCurrentProcessId.KERNEL32(?,00000000,00000000,004569B2,?,?,00000000,00000000,?,004570AE,?,00000000,00000000), ref: 0045673B
                                            • CreateNamedPipeA.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 004567B1
                                            • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000,?,00000000,00000000), ref: 004567BF
                                            • CreateFileA.KERNEL32(00000000,C0000000,00000000,00491A80,00000003,00000000,00000000,00000000,0045696E), ref: 00456807
                                            • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,0045695D,?,00000000,C0000000,00000000,00491A80,00000003,00000000,00000000,00000000,0045696E), ref: 00456840
                                              • Part of subcall function 0042D7A8: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D7BB
                                            • CreateProcessA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 004568E9
                                            • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0045691F
                                            • CloseHandle.KERNEL32(000000FF,00456964,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00456957
                                              • Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                            • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$h$helper %d 0x%x
                                            • API String ID: 770386003-3739555822
                                            • Opcode ID: 511ac07a6f16eab246a5010f175ee30873f5ce9ce0bbe421f575c89b33f0ddce
                                            • Instruction ID: 11cc02d5b4c65d74a0167c6227b1ef0bb38041da715edce79722e55ed4dc78f9
                                            • Opcode Fuzzy Hash: 511ac07a6f16eab246a5010f175ee30873f5ce9ce0bbe421f575c89b33f0ddce
                                            • Instruction Fuzzy Hash: FD713370A00744AEDB11DB69CC41B9EBBF8EB09305F5181BAF908FB282D7785944CF69
                                            Function 0045A0E8 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 172libraryloadermemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetVersion.KERNEL32 ref: 0045A102
                                            • GetModuleHandleA.KERNEL32(advapi32.dll), ref: 0045A122
                                            • GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoA), ref: 0045A12F
                                            • GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoA), ref: 0045A13C
                                            • GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 0045A14A
                                            • AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045A31E), ref: 0045A1E9
                                            • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045A31E), ref: 0045A1F2
                                            • LocalFree.KERNEL32(?,0045A2CC), ref: 0045A2BF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc$AllocateErrorFreeHandleInitializeLastLocalModuleVersion
                                            • String ID: GetNamedSecurityInfoA$SetEntriesInAclW$SetNamedSecurityInfoA$W$advapi32.dll
                                            • API String ID: 4088882585-3389539026
                                            • Opcode ID: 23972e836f43ceaa603229ab9895b7a465ff4bffcad2d0873925f749a3d20612
                                            • Instruction ID: 53dbb0a0fcd2a75aff2a5c1782a6a4235bf2da2959e2968fa151a2620b62acf5
                                            • Opcode Fuzzy Hash: 23972e836f43ceaa603229ab9895b7a465ff4bffcad2d0873925f749a3d20612
                                            • Instruction Fuzzy Hash: 045182B1900608AFDB10DF99C845BAEB7F8EB08315F10816AF904F7382D2799E55CF69
                                            Function 00471D70 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            • ShellExecuteEx.SHELL32(0000003C), ref: 00471DC3
                                            • GetLastError.KERNEL32(-00000010,?), ref: 00471DCC
                                            • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00471E19
                                            • GetExitCodeProcess.KERNEL32(00000000,00000000), ref: 00471E3D
                                            • CloseHandle.KERNEL32(00000000,00471E6E,00000000,00000000,000000FF,000000FF,00000000,00471E67,?,-00000010,?), ref: 00471E61
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseCodeErrorExecuteExitHandleLastMultipleObjectsProcessShellWait
                                            • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                            • API String ID: 171997614-221126205
                                            • Opcode ID: 0340b1e33f74f9816b06a37a5cdb42b4546e337b2196abe928d3c5f099f1283d
                                            • Instruction ID: 5ecb40f87429d7d11547f51ae298583b800dd69eb7e736ddd6194e700b57543d
                                            • Opcode Fuzzy Hash: 0340b1e33f74f9816b06a37a5cdb42b4546e337b2196abe928d3c5f099f1283d
                                            • Instruction Fuzzy Hash: 73216574A40104AADB10EBAD8842BDE76A8DF05358F50843BF908E72A1DB7C99458B5D
                                            Function 0041832C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsIconic.USER32(?), ref: 0041833B
                                            • GetWindowPlacement.USER32(?,0000002C), ref: 00418358
                                            • GetWindowRect.USER32(?), ref: 00418374
                                            • GetWindowLongA.USER32(?,000000F0), ref: 00418382
                                            • GetWindowLongA.USER32(?,000000F8), ref: 00418397
                                            • ScreenToClient.USER32(00000000), ref: 004183A0
                                            • ScreenToClient.USER32(00000000,?), ref: 004183AB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$ClientLongScreen$IconicPlacementRect
                                            • String ID: ,
                                            • API String ID: 2266315723-3772416878
                                            • Opcode ID: e846b1d96ad6d403d5ac4900d6db5fa2b4fc685dffe037c5368f6a7b37d89c4b
                                            • Instruction ID: acb8bb2f18b9e5a8d0717189301f77369ef91ad6b472dfe09f3ff812f2607344
                                            • Opcode Fuzzy Hash: e846b1d96ad6d403d5ac4900d6db5fa2b4fc685dffe037c5368f6a7b37d89c4b
                                            • Instruction Fuzzy Hash: 70111971505201AFDB00DF69C885F9B77E8AF49314F18067EBD58DB286C739D900CBA9
                                            Function 00453AF8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcess.KERNEL32(00000028), ref: 00453B07
                                            • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 00453B0D
                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00453B26
                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 00453B4D
                                            • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 00453B52
                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 00453B63
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                            • String ID: SeShutdownPrivilege
                                            • API String ID: 107509674-3733053543
                                            • Opcode ID: 982ff0191f50bbd9cd411f2d5bf63d981ee67892c17860e9fb891ba62e1030d4
                                            • Instruction ID: 7f7469d741d4a2fc9540d00a6168bb4e8b3a9b73c98c3c4e7b422180d550d177
                                            • Opcode Fuzzy Hash: 982ff0191f50bbd9cd411f2d5bf63d981ee67892c17860e9fb891ba62e1030d4
                                            • Instruction Fuzzy Hash: E6F06870684302B5E610AE768D07F6B6188974078AF50092ABD45EA1C3D6BDEA0C4A3E
                                            Function 00490094 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,004901D2,?,?,00000000,00492628,?,0049035C,00000000,004903B0,?,?,00000000,00492628), ref: 004900EB
                                            • SetFileAttributesA.KERNEL32(00000000,00000010), ref: 0049016E
                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,004901AA,?,00000000,?,00000000,004901D2,?,?,00000000,00492628,?,0049035C,00000000), ref: 00490186
                                            • FindClose.KERNEL32(000000FF,004901B1,004901AA,?,00000000,?,00000000,004901D2,?,?,00000000,00492628,?,0049035C,00000000,004903B0), ref: 004901A4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FileFind$AttributesCloseFirstNext
                                            • String ID: isRS-$isRS-???.tmp
                                            • API String ID: 134685335-3422211394
                                            • Opcode ID: 160a431573ac108ef575ece8bc46c4c7652be149d517b616ca723ce1a950838f
                                            • Instruction ID: aeb5e1c6dec8106b2d0d5562d2962c543317903ced43ff168440b54f7dc1d23c
                                            • Opcode Fuzzy Hash: 160a431573ac108ef575ece8bc46c4c7652be149d517b616ca723ce1a950838f
                                            • Instruction Fuzzy Hash: E1318671A006186FDF14EF65CC42ACEBBBDDB49314F5184B7A808B32A1D7389F458E58
                                            Function 00476A70 Relevance: 9.2, APIs: 6, Instructions: 195fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileA.KERNEL32(00000000,?,?,00000000,?,00000000,00476D36,?,00000000,?,00000000,?,00476E7A,00000000,00000000), ref: 00476AD1
                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,00476BE1,?,00000000,?,?,00000000,?,00000000,00476D36,?,00000000,?,00000000), ref: 00476BBD
                                            • FindClose.KERNEL32(000000FF,00476BE8,00476BE1,?,00000000,?,?,00000000,?,00000000,00476D36,?,00000000,?,00000000), ref: 00476BDB
                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,00000000,?,00000000,00476D36,?,00000000,?,00000000,?,00476E7A,00000000), ref: 00476C34
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Find$File$First$CloseNext
                                            • String ID:
                                            • API String ID: 2001080981-0
                                            • Opcode ID: d6b190be8b29de455945e98b2d6bfad648fbc177e995be75712dfce5e4038bd6
                                            • Instruction ID: 14931f8a0e3cac93bb735ea196381e3f6523e98b7e5ca17cfb4e14f2e37d7476
                                            • Opcode Fuzzy Hash: d6b190be8b29de455945e98b2d6bfad648fbc177e995be75712dfce5e4038bd6
                                            • Instruction Fuzzy Hash: 8F716F7090061DAFCF21EFA5CC41ADFBBB9EB49304F5184AAE408A7291D7399A45CF58
                                            Function 004551F4 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 235windownativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00455271
                                            • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00455298
                                            • SetForegroundWindow.USER32(?), ref: 004552A9
                                            • NtdllDefWindowProc_A.USER32(00000000,?,?,?,00000000,00455574,?,00000000,004555B0), ref: 0045555F
                                            Strings
                                            • Cannot evaluate variable because [Code] isn't running yet, xrefs: 004553E9
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessagePostWindow$ForegroundNtdllProc_
                                            • String ID: Cannot evaluate variable because [Code] isn't running yet
                                            • API String ID: 2236967946-3182603685
                                            • Opcode ID: 9c4265c8f2ac05ecb6d6849ff87f1feb5816f33a850a3577f51c7fc96d06c8db
                                            • Instruction ID: 392021ee4ceeb38a924916f9eb287e4a04e01d199228d5f5cdfc091a65a304ea
                                            • Opcode Fuzzy Hash: 9c4265c8f2ac05ecb6d6849ff87f1feb5816f33a850a3577f51c7fc96d06c8db
                                            • Instruction Fuzzy Hash: 2C91F134604604EFD701CF55C961F6ABBF5EB89701F2080BAF80497796D678AE04DF18
                                            Function 00417C78 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsIconic.USER32(?), ref: 00417CB7
                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417CD5
                                            • GetWindowPlacement.USER32(?,0000002C), ref: 00417D0B
                                            • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D32
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$Placement$Iconic
                                            • String ID: ,
                                            • API String ID: 568898626-3772416878
                                            • Opcode ID: 1384c885decf350a388a6044328c4ef6f341b8841973c44ec72f33afddd09757
                                            • Instruction ID: 3ed2450f0a7179b47446a38646254312085a05cbd9a13da21c4f815be273b126
                                            • Opcode Fuzzy Hash: 1384c885decf350a388a6044328c4ef6f341b8841973c44ec72f33afddd09757
                                            • Instruction Fuzzy Hash: 26214CB16002089BDF10EF69D8C0ADA77A8AF48314F55856AFD18DF246D638E845CBA8
                                            Function 0045F3A4 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(00000001,00000000,0045F561), ref: 0045F3D5
                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,0045F534,?,00000001,00000000,0045F561), ref: 0045F464
                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,0045F516,?,00000000,?,00000000,0045F534,?,00000001,00000000,0045F561), ref: 0045F4F6
                                            • FindClose.KERNEL32(000000FF,0045F51D,0045F516,?,00000000,?,00000000,0045F534,?,00000001,00000000,0045F561), ref: 0045F510
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Find$File$CloseErrorFirstModeNext
                                            • String ID:
                                            • API String ID: 4011626565-0
                                            • Opcode ID: 5ff3c9316716c651e03199a56028b787585eb1ccef5f84bf31e229e4ab032df1
                                            • Instruction ID: e743b63e75f8199e1de71fb1591aa20c9e7e702e030350ab1363ce7340e32dce
                                            • Opcode Fuzzy Hash: 5ff3c9316716c651e03199a56028b787585eb1ccef5f84bf31e229e4ab032df1
                                            • Instruction Fuzzy Hash: 48416870A00618AFCB11EF65DC45ADEB7B8EB48315F4044BAF804A7392D63C9E4D8E59
                                            Function 0045F820 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(00000001,00000000,0045FA07), ref: 0045F895
                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,0045F9D2,?,00000001,00000000,0045FA07), ref: 0045F8DB
                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,0045F9B4,?,00000000,?,00000000,0045F9D2,?,00000001,00000000,0045FA07), ref: 0045F990
                                            • FindClose.KERNEL32(000000FF,0045F9BB,0045F9B4,?,00000000,?,00000000,0045F9D2,?,00000001,00000000,0045FA07), ref: 0045F9AE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Find$File$CloseErrorFirstModeNext
                                            • String ID:
                                            • API String ID: 4011626565-0
                                            • Opcode ID: 688fc3638cb494c05ba6a59928aeae7272d8d12aef4c52d72fb59c0165386622
                                            • Instruction ID: b06fad13edd5318fdfd495eee050f4f7a9e8aa821ad8a724925d5bb9b3bb6141
                                            • Opcode Fuzzy Hash: 688fc3638cb494c05ba6a59928aeae7272d8d12aef4c52d72fb59c0165386622
                                            • Instruction Fuzzy Hash: E1414471A00A18ABCB11EF65CC859DEB7B9EF88315F5044B6FC04E7341D7389E488E59
                                            Function 0042E6CC Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileA.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004516BB,00000000,004516DC), ref: 0042E6EE
                                            • DeviceIoControl.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000), ref: 0042E719
                                            • GetLastError.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004516BB,00000000,004516DC), ref: 0042E726
                                            • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004516BB,00000000,004516DC), ref: 0042E72E
                                            • SetLastError.KERNEL32(00000000,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004516BB,00000000,004516DC), ref: 0042E734
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                            • String ID:
                                            • API String ID: 1177325624-0
                                            • Opcode ID: 3ccb011e9c286beb34ccccd52485b63eeaab2336a0fd19c5ca34d7f1c19b795a
                                            • Instruction ID: 1e70605f52ae136b2496113c77cf63f65d5ab7d673e450a7d96165da6ee8aff6
                                            • Opcode Fuzzy Hash: 3ccb011e9c286beb34ccccd52485b63eeaab2336a0fd19c5ca34d7f1c19b795a
                                            • Instruction Fuzzy Hash: 85F0CD713917203AF620B17A6C82F7B428C8785B68F10823ABB04FF1C1D9A84C05056D
                                            Function 0047C25C Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsIconic.USER32(?), ref: 0047C29A
                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 0047C2B8
                                            • ShowWindow.USER32(00000000,00000005,00000000,000000F0,00492F5C,0047BAE6,0047BB1A,00000000,0047BB3A,?,?,00000001,00492F5C), ref: 0047C2DA
                                            • ShowWindow.USER32(00000000,00000000,00000000,000000F0,00492F5C,0047BAE6,0047BB1A,00000000,0047BB3A,?,?,00000001,00492F5C), ref: 0047C2EE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$Show$IconicLong
                                            • String ID:
                                            • API String ID: 2754861897-0
                                            • Opcode ID: a4c9e9c356362a3b4698770b4c5553ec45d2d1930899dfa6bdfed1183fed6d3c
                                            • Instruction ID: fd372386a479fdc92fac3e2ef30eced7ce39e9e6ab59154070fbeb580aa605ee
                                            • Opcode Fuzzy Hash: a4c9e9c356362a3b4698770b4c5553ec45d2d1930899dfa6bdfed1183fed6d3c
                                            • Instruction Fuzzy Hash: E9017970E44245B6D710A7B5DD85FE633D56B15304F1840BFB8099B2A7CBBDCC42961C
                                            Function 0045DE20 Relevance: 4.6, APIs: 3, Instructions: 67fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,0045DEF4), ref: 0045DE78
                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,0045DED4,?,00000000,?,00000000,0045DEF4), ref: 0045DEB4
                                            • FindClose.KERNEL32(000000FF,0045DEDB,0045DED4,?,00000000,?,00000000,0045DEF4), ref: 0045DECE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Find$File$CloseFirstNext
                                            • String ID:
                                            • API String ID: 3541575487-0
                                            • Opcode ID: b75edb33dae9e49e7ad9191426549138d853df63d2d2bab3b523b86efdfa0259
                                            • Instruction ID: 32c984a38fc023b26ff7fc855e6f7d071233f0675ee5b85f89907f23cc5ee99f
                                            • Opcode Fuzzy Hash: b75edb33dae9e49e7ad9191426549138d853df63d2d2bab3b523b86efdfa0259
                                            • Instruction Fuzzy Hash: D121DB31D046086EDB31EB65CC42ADEB7BCDF49705F5044B7EC08E6562D63C9D49CA18
                                            Function 00424184 Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsIconic.USER32(?), ref: 0042418C
                                            • SetActiveWindow.USER32(?,?,?,0046781F), ref: 00424199
                                              • Part of subcall function 004235F4: ShowWindow.USER32(004105F8,00000009,?,00000000,0041ED4C,004238E2,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4), ref: 0042360F
                                              • Part of subcall function 00423ABC: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,022125AC,004241B2,?,?,?,0046781F), ref: 00423AF7
                                            • SetFocus.USER32(00000000,?,?,?,0046781F), ref: 004241C6
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$ActiveFocusIconicShow
                                            • String ID:
                                            • API String ID: 649377781-0
                                            • Opcode ID: abf3d26623ce3f5f1df30a1bb2ccc38e960545179f371c4c6c880d0d7118eb6a
                                            • Instruction ID: 9d7b97b1588b57ef25092538823a17ee25a728ca1780dde3acf0986de5f54100
                                            • Opcode Fuzzy Hash: abf3d26623ce3f5f1df30a1bb2ccc38e960545179f371c4c6c880d0d7118eb6a
                                            • Instruction Fuzzy Hash: 36F03A717001209BCB00AFAAECC5B9632A8AF18304B55017BBC08DF34BCABCDD5187A8
                                            Function 00417C76 Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsIconic.USER32(?), ref: 00417CB7
                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417CD5
                                            • GetWindowPlacement.USER32(?,0000002C), ref: 00417D0B
                                            • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D32
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$Placement$Iconic
                                            • String ID:
                                            • API String ID: 568898626-0
                                            • Opcode ID: ccf45bac815ac9650c1eda7d7ee920735da51ae8acefeeb5a5ed1e1968a9009b
                                            • Instruction ID: 69af1cea5ab0db390c44c228a9afcc828c7f08346dc1f1cf855d2dc861a92e07
                                            • Opcode Fuzzy Hash: ccf45bac815ac9650c1eda7d7ee920735da51ae8acefeeb5a5ed1e1968a9009b
                                            • Instruction Fuzzy Hash: AF018471204104ABDB20EE69DCC1EEB77A8AF54324F158166FD0CCF246E639EC8187E8
                                            Function 00417540 Relevance: 3.0, APIs: 2, Instructions: 44windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CaptureIconic
                                            • String ID:
                                            • API String ID: 2277910766-0
                                            • Opcode ID: 91823dd687394a4ed8ee48a39c45190aee43210de23b0732d742fca1e8511f91
                                            • Instruction ID: f3ef26a9ec4c3639b3254842bc08cf6d9feb289c2be9135b2bbb431e5f50db89
                                            • Opcode Fuzzy Hash: 91823dd687394a4ed8ee48a39c45190aee43210de23b0732d742fca1e8511f91
                                            • Instruction Fuzzy Hash: B6F03171315601ABD720962AC885AAB72B69F84319B14483BE41ACBB55EB78DCC58258
                                            Function 0042413C Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsIconic.USER32(?), ref: 00424143
                                              • Part of subcall function 00423A2C: EnumWindows.USER32(004239C4), ref: 00423A50
                                              • Part of subcall function 00423A2C: GetWindow.USER32(?,00000003), ref: 00423A65
                                              • Part of subcall function 00423A2C: GetWindowLongA.USER32(?,000000EC), ref: 00423A74
                                              • Part of subcall function 00423A2C: SetWindowPos.USER32(00000000,00424104,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,00424153,?,?,00423D1B), ref: 00423AAA
                                            • SetActiveWindow.USER32(?,?,?,00423D1B,00000000,00424104), ref: 00424157
                                              • Part of subcall function 004235F4: ShowWindow.USER32(004105F8,00000009,?,00000000,0041ED4C,004238E2,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423BB4), ref: 0042360F
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$ActiveEnumIconicLongShowWindows
                                            • String ID:
                                            • API String ID: 2671590913-0
                                            • Opcode ID: 657f3c15db0d6cf34cada4c58ec239c69b7baa88831cd667e440955cb53f6524
                                            • Instruction ID: d512277381545323e1bd2a4b4845e65b82e595a2bd73893c0d57f68d30832658
                                            • Opcode Fuzzy Hash: 657f3c15db0d6cf34cada4c58ec239c69b7baa88831cd667e440955cb53f6524
                                            • Instruction Fuzzy Hash: B0E01AA1B0010097EB00EF69DCC9B9672A8BF58304F55017ABC0CCF24BD67CC8908724
                                            Function 00412580 Relevance: 1.7, APIs: 1, Instructions: 188nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,0041277D), ref: 0041276B
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: NtdllProc_Window
                                            • String ID:
                                            • API String ID: 4255912815-0
                                            • Opcode ID: bae379de060fc15250db46a0f2d4cbe65f000405712a90414cd4f979e04d8316
                                            • Instruction ID: 0d09216766d9d5b385ece6e8cba1e36b912c6a1774b5342391935a21d5851d13
                                            • Opcode Fuzzy Hash: bae379de060fc15250db46a0f2d4cbe65f000405712a90414cd4f979e04d8316
                                            • Instruction Fuzzy Hash: 7551F431204205DFCB14DB6ADA81A9BF3E5FF98314B20817BE814C3791DBB8AC92C758
                                            Function 004722D4 Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 00472422
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: NtdllProc_Window
                                            • String ID:
                                            • API String ID: 4255912815-0
                                            • Opcode ID: 71bdfb3a4a8bfa319c19b7f3f6f66bd2acb2f58053b7cd5922986fb05d48b115
                                            • Instruction ID: c3992268c3801ed1beac7631f2e5f9cad90702d4ee9162ede732c10c083e2767
                                            • Opcode Fuzzy Hash: 71bdfb3a4a8bfa319c19b7f3f6f66bd2acb2f58053b7cd5922986fb05d48b115
                                            • Instruction Fuzzy Hash: 5F413575604108DFCB10CFA9D7809AAB7F5FB48310B25C996E848DB301D3BCEE41AB55
                                            Function 0048A9FC Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 431sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNEL32(00000000,00000000,0048AEF1,?,?,?,?,00000000,00000000,00000000), ref: 0048AA3C
                                            • FindWindowA.USER32(00000000,00000000), ref: 0048AA6D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FindSleepWindow
                                            • String ID: CALLDLLPROC$CHARTOOEMBUFF$CREATEMUTEX$FINDWINDOWBYCLASSNAME$FINDWINDOWBYWINDOWNAME$FREEDLL$LOADDLL$OEMTOCHARBUFF$POSTBROADCASTMESSAGE$POSTMESSAGE$REGISTERWINDOWMESSAGE$SENDBROADCASTMESSAGE$SENDBROADCASTNOTIFYMESSAGE$SENDMESSAGE$SENDNOTIFYMESSAGE$SLEEP
                                            • API String ID: 3078808852-3310373309
                                            • Opcode ID: 6c535dff48149e348be4f17223c4b33e43e766748f1db67647feb292777d2e31
                                            • Instruction ID: 235d6cf6b0db6f7ade2b2b1cdaf506c84c5948104d9e726c8462171498c33706
                                            • Opcode Fuzzy Hash: 6c535dff48149e348be4f17223c4b33e43e766748f1db67647feb292777d2e31
                                            • Instruction Fuzzy Hash: 52C183A0B402116BE714BF3E8C4252E559A9F95705B12CD3FB406DB78ACEBCDC1A435E
                                            Function 00455F9C Relevance: 47.5, APIs: 11, Strings: 16, Instructions: 237filesynchronizationprocessCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateMutexA.KERNEL32(00491A74,00000001,00000000,00000000,004562D1,?,?,?,00000001,?,004564EB,00000000,00456501,?,00000000,00492628), ref: 00455FE9
                                            • CreateFileMappingA.KERNEL32(000000FF,00491A74,00000004,00000000,00002018,00000000), ref: 00456021
                                            • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00002018,00000000,004562A7,?,00491A74,00000001,00000000,00000000,004562D1,?,?,?), ref: 00456048
                                            • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00456155
                                            • ReleaseMutex.KERNEL32(00000000,00000000,00000002,00000000,00000000,00002018,00000000,004562A7,?,00491A74,00000001,00000000,00000000,004562D1), ref: 004560AD
                                              • Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B
                                            • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 0045616C
                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 004561A5
                                            • GetLastError.KERNEL32(00000000,000000FF,?,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 004561B7
                                            • UnmapViewOfFile.KERNEL32(00000000,004562AE,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00456289
                                            • CloseHandle.KERNEL32(00000000,004562AE,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00456298
                                            • CloseHandle.KERNEL32(00000000,004562AE,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 004562A1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseCreateFileHandle$ErrorLastMutexView$MappingObjectProcessReleaseSingleUnmapWait
                                            • String ID: CreateFileMapping$CreateMutex$CreateProcess$D$GetProcAddress$LoadLibrary$MapViewOfFile$OleInitialize$REGDLL failed with exit code 0x%x$REGDLL mutex wait failed (%d, %d)$REGDLL returned unknown result code %d$ReleaseMutex$Spawning _RegDLL.tmp$_RegDLL.tmp %u %u$_isetup\_RegDLL.tmp$dE
                                            • API String ID: 4012871263-2761909193
                                            • Opcode ID: a7edca847ba872df3e32d74aa82f6554692616634b18d999be68c1f401cf8102
                                            • Instruction ID: f83b799fad480325abbebf32ce7824c881fe6810fb4ea4fb229400168c5a50eb
                                            • Opcode Fuzzy Hash: a7edca847ba872df3e32d74aa82f6554692616634b18d999be68c1f401cf8102
                                            • Instruction Fuzzy Hash: E0918070A402149FDF10EBA9C841B9EB7B4EB48305F91856BF814EB393DB789948CF59
                                            Function 0041F0C0 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 87libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetVersion.KERNEL32(?,00418F98,00000000,?,?,?,00000001), ref: 0041F0CE
                                            • SetErrorMode.KERNEL32(00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F0EA
                                            • LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F0F6
                                            • SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418F98,00000000,?,?,?,00000001), ref: 0041F104
                                            • GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F134
                                            • GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F15D
                                            • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F172
                                            • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F187
                                            • GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F19C
                                            • GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F1B1
                                            • GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F1C6
                                            • GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F1DB
                                            • GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F1F0
                                            • GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F205
                                            • FreeLibrary.KERNEL32(00000001,?,00418F98,00000000,?,?,?,00000001), ref: 0041F217
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc$ErrorLibraryMode$FreeLoadVersion
                                            • String ID: BtnWndProc3d$CTL3D32.DLL$Ctl3DColorChange$Ctl3dAutoSubclass$Ctl3dCtlColorEx$Ctl3dDlgFramePaint$Ctl3dRegister$Ctl3dSubclassCtl$Ctl3dSubclassDlgEx$Ctl3dUnAutoSubclass$Ctl3dUnregister
                                            • API String ID: 2323315520-3614243559
                                            • Opcode ID: c44bbbd98e059cecc08069e17c7c9aa6716694089eaec3a8336a368094c932b5
                                            • Instruction ID: 9ff2825c27a268439dd1d1bb46a0bfc7fca62d380631be57860753cffe2250cf
                                            • Opcode Fuzzy Hash: c44bbbd98e059cecc08069e17c7c9aa6716694089eaec3a8336a368094c932b5
                                            • Instruction Fuzzy Hash: C4310DB5600701FBDB00EBF5AC86A763298B768764746093BB109DB1B2E77D484ACB1D
                                            Function 0048F140 Relevance: 35.5, APIs: 3, Strings: 17, Instructions: 481COMMON
                                            Download Yara Rule
                                            Strings
                                            • Removed all? %s, xrefs: 0048F648
                                            • Setup version: Inno Setup version 5.2.3, xrefs: 0048F215
                                            • Original Uninstall EXE: , xrefs: 0048F21F
                                            • Install was done in 64-bit mode but not running 64-bit Windows now, xrefs: 0048F3F9
                                            • InitializeUninstall returned False; aborting., xrefs: 0048F576
                                            • Uninstall DAT: , xrefs: 0048F242
                                            • Will restart because UninstallNeedRestart returned True., xrefs: 0048F6CE
                                            • InitializeUninstall, xrefs: 0048F53E
                                            • Need to restart Windows? %s, xrefs: 0048F71F
                                            • Uninstall command line: , xrefs: 0048F265
                                            • Will not restart Windows automatically., xrefs: 0048F7F2
                                            • Uninstall, xrefs: 0048F1C8
                                            • Not calling UninstallNeedRestart because a restart has already been deemed necessary., xrefs: 0048F6FD
                                            • DeinitializeUninstall, xrefs: 0048F888
                                            • UninstallNeedRestart, xrefs: 0048F67E, 0048F6B7
                                            • Cannot find utCompiledCode record for this version of the uninstaller, xrefs: 0048F391
                                            • utCompiledCode[1] is invalid, xrefs: 0048F3BF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$Long$Show
                                            • String ID: Cannot find utCompiledCode record for this version of the uninstaller$DeinitializeUninstall$InitializeUninstall$InitializeUninstall returned False; aborting.$Install was done in 64-bit mode but not running 64-bit Windows now$Need to restart Windows? %s$Not calling UninstallNeedRestart because a restart has already been deemed necessary.$Original Uninstall EXE: $Removed all? %s$Setup version: Inno Setup version 5.2.3$Uninstall$Uninstall DAT: $Uninstall command line: $UninstallNeedRestart$Will not restart Windows automatically.$Will restart because UninstallNeedRestart returned True.$utCompiledCode[1] is invalid
                                            • API String ID: 3609083571-2151202259
                                            • Opcode ID: a001349257df37f91bb4bbbd2202705434c0f6c722e0be5c3c3383539cfdd9c4
                                            • Instruction ID: 2b269d8c764b7bac30a443b9f4bc23fd7acbfe7da633e0682c37f6fe37a00802
                                            • Opcode Fuzzy Hash: a001349257df37f91bb4bbbd2202705434c0f6c722e0be5c3c3383539cfdd9c4
                                            • Instruction Fuzzy Hash: 2C12B234A00244AFD711FF65D842B5E7BA1AB5A709F50487BF800AB3A6CB7C9D49CB1D
                                            Function 0041C9B4 Relevance: 33.2, APIs: 22, Instructions: 213windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • 73E9A570.USER32(00000000,?,0041A8EC,?), ref: 0041C9E8
                                            • 73EA4C40.GDI32(?,00000000,?,0041A8EC,?), ref: 0041C9F4
                                            • 73EA6180.GDI32(0041A8EC,?,00000001,00000001,00000000,00000000,0041CC0A,?,?,00000000,?,0041A8EC,?), ref: 0041CA18
                                            • 73EA4C00.GDI32(?,0041A8EC,?,00000000,0041CC0A,?,?,00000000,?,0041A8EC,?), ref: 0041CA28
                                            • SelectObject.GDI32(0041CDE4,00000000), ref: 0041CA43
                                            • FillRect.USER32(0041CDE4,?,?), ref: 0041CA7E
                                            • SetTextColor.GDI32(0041CDE4,00000000), ref: 0041CA93
                                            • SetBkColor.GDI32(0041CDE4,00000000), ref: 0041CAAA
                                            • PatBlt.GDI32(0041CDE4,00000000,00000000,0041A8EC,?,00FF0062), ref: 0041CAC0
                                            • 73EA4C40.GDI32(?,00000000,0041CBC3,?,0041CDE4,00000000,?,0041A8EC,?,00000000,0041CC0A,?,?,00000000,?,0041A8EC), ref: 0041CAD3
                                            • SelectObject.GDI32(00000000,00000000), ref: 0041CB04
                                            • 73E98830.GDI32(00000000,00000000,00000001,00000000,00000000,00000000,0041CBB2,?,?,00000000,0041CBC3,?,0041CDE4,00000000,?,0041A8EC), ref: 0041CB1C
                                            • 73E922A0.GDI32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CBB2,?,?,00000000,0041CBC3,?,0041CDE4,00000000,?), ref: 0041CB25
                                            • 73E98830.GDI32(0041CDE4,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CBB2,?,?,00000000,0041CBC3), ref: 0041CB34
                                            • 73E922A0.GDI32(0041CDE4,0041CDE4,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CBB2,?,?,00000000,0041CBC3), ref: 0041CB3D
                                            • SetTextColor.GDI32(00000000,00000000), ref: 0041CB56
                                            • SetBkColor.GDI32(00000000,00000000), ref: 0041CB6D
                                            • 73EA4D40.GDI32(0041CDE4,00000000,00000000,0041A8EC,?,00000000,00000000,00000000,00CC0020,00000000,00000000,00000000,0041CBB2,?,?,00000000), ref: 0041CB89
                                            • SelectObject.GDI32(00000000,?), ref: 0041CB96
                                            • DeleteDC.GDI32(00000000), ref: 0041CBAC
                                              • Part of subcall function 0041A000: GetSysColor.USER32(?), ref: 0041A00A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Color$ObjectSelect$E922E98830Text$A570A6180DeleteFillRect
                                            • String ID:
                                            • API String ID: 1952589944-0
                                            • Opcode ID: c8262b5c9687899cb3da658a9da79215068cbf101d5c2b8ed1964b5729b21c16
                                            • Instruction ID: ff179a34f285c3436bc621bb31859736a2280516ecfda4d40c06e70735cb6950
                                            • Opcode Fuzzy Hash: c8262b5c9687899cb3da658a9da79215068cbf101d5c2b8ed1964b5729b21c16
                                            • Instruction Fuzzy Hash: 8E61DE71A44608ABDF10EBE9DC86FDFB7B8EF48704F10446AF504E7281D67CA9408B69
                                            Function 0042DEAC Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 178memorylibraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • AllocateAndInitializeSid.ADVAPI32(00491788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042DEE6
                                            • GetVersion.KERNEL32(00000000,0042E090,?,00491788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042DF03
                                            • GetModuleHandleA.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,0042E090,?,00491788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042DF1C
                                            • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042DF22
                                            • FreeSid.ADVAPI32(00000000,0042E097,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E08A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressAllocateFreeHandleInitializeModuleProcVersion
                                            • String ID: CheckTokenMembership$advapi32.dll
                                            • API String ID: 1717332306-1888249752
                                            • Opcode ID: 90bf7855e1e027ec7cb2be59d17b4e45930f5e0fb8f3cd7f2032e79c600b80b0
                                            • Instruction ID: c9ca30b7fa2e8a9abceabce4e586e827254369ae75abf0d5bc05731ff3bd77e9
                                            • Opcode Fuzzy Hash: 90bf7855e1e027ec7cb2be59d17b4e45930f5e0fb8f3cd7f2032e79c600b80b0
                                            • Instruction Fuzzy Hash: 2B51C571B44625AEDB10EAF69D42F7F7BACDB09704F94087BB600E7282C5BC9805866D
                                            Function 004903C0 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 251synchronizationCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ShowWindow.USER32(?,00000005,00000000,00490758,?,?,00000000,?,00000000,00000000,?,00490A99,00000000,00490AA3,?,00000000), ref: 00490443
                                            • CreateMutexA.KERNEL32(00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00490758,?,?,00000000,?,00000000,00000000,?,00490A99,00000000), ref: 00490456
                                            • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00490758,?,?,00000000,?,00000000,00000000), ref: 00490466
                                            • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00490487
                                            • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00490758,?,?,00000000,?,00000000), ref: 00490497
                                              • Part of subcall function 0042D330: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D3BE,?,?,00000000,?,?,0048FE54,00000000,0049001D,?,?,00000005), ref: 0042D365
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ShowWindow$CreateFileModuleMultipleMutexNameObjectsWait
                                            • String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
                                            • API String ID: 2000705611-3672972446
                                            • Opcode ID: 5e2baa282b8d2d31c26c9cf6306373f30a95f163eb6d17839f706673ff1e9273
                                            • Instruction ID: 6666ff25eec7c53b5eb866eda449138b93a1580bdca8663c56f4b5746ffc9271
                                            • Opcode Fuzzy Hash: 5e2baa282b8d2d31c26c9cf6306373f30a95f163eb6d17839f706673ff1e9273
                                            • Instruction Fuzzy Hash: 4E91C430A04244AFDF11EBA5C852BAF7BB4EB49314F5144B7F900AB692C77CAC15CB69
                                            Function 00457FB8 Relevance: 21.2, APIs: 2, Strings: 10, Instructions: 199COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(00000000,00458252,?,?,?,?,?,00000006,?,00000000,0048F8FB,?,00000000,0048F996), ref: 00458104
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast
                                            • String ID: .chm$.chw$.fts$.gid$.hlp$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                            • API String ID: 1452528299-1593206319
                                            • Opcode ID: 2d760477754e1eb16bd365d108d316e59f5596ca76e0a06713cbcc5acb4a3289
                                            • Instruction ID: f32569dbdd6adc11da929e147044c40dcc52494f0e71e5ec630e07cd073e3049
                                            • Opcode Fuzzy Hash: 2d760477754e1eb16bd365d108d316e59f5596ca76e0a06713cbcc5acb4a3289
                                            • Instruction Fuzzy Hash: 666192307046449BDB00EB6988517AE7BA4AB49715F5184AFFC01EB383CF7C9E49CB59
                                            Function 0041B354 Relevance: 21.1, APIs: 14, Instructions: 126windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • 73EA4C40.GDI32(00000000,?,00000000,?), ref: 0041B36B
                                            • 73EA4C40.GDI32(00000000,00000000,?,00000000,?), ref: 0041B375
                                            • GetObjectA.GDI32(?,00000018,00000004), ref: 0041B387
                                            • 73EA6180.GDI32(0000000B,?,00000001,00000001,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B39E
                                            • 73E9A570.USER32(00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B3AA
                                            • 73EA4C00.GDI32(00000000,0000000B,?,00000000,0041B403,?,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B3D7
                                            • 73E9A480.USER32(00000000,00000000,0041B40A,00000000,0041B403,?,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B3FD
                                            • SelectObject.GDI32(00000000,?), ref: 0041B418
                                            • SelectObject.GDI32(?,00000000), ref: 0041B427
                                            • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B453
                                            • SelectObject.GDI32(00000000,00000000), ref: 0041B461
                                            • SelectObject.GDI32(?,00000000), ref: 0041B46F
                                            • DeleteDC.GDI32(00000000), ref: 0041B478
                                            • DeleteDC.GDI32(?), ref: 0041B481
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Object$Select$Delete$A480A570A6180Stretch
                                            • String ID:
                                            • API String ID: 1888863034-0
                                            • Opcode ID: e92431f9581d06db8cd21544c0e7e04c7f7b808437c697100934415fbb48ef82
                                            • Instruction ID: f97b2a76bc4940b7567ba323b4cd0a089c72401e81ca6e31c969396a69b82abf
                                            • Opcode Fuzzy Hash: e92431f9581d06db8cd21544c0e7e04c7f7b808437c697100934415fbb48ef82
                                            • Instruction Fuzzy Hash: 4941BF71E40609AFDF10DAE9D846FEFB7B8EB08704F104466B614FB281C77869418BA4
                                            Function 00452EAC Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 244registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60
                                            • RegQueryValueExA.ADVAPI32(0045841A,00000000,00000000,?,00000000,?,00000000,00453145,?,0045841A,00000003,00000000,00000000,0045317C), ref: 00452FC5
                                              • Part of subcall function 0042E660: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004519EF,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E67F
                                            • RegQueryValueExA.ADVAPI32(0045841A,00000000,00000000,00000000,?,00000004,00000000,0045308F,?,0045841A,00000000,00000000,?,00000000,?,00000000), ref: 00453049
                                            • RegQueryValueExA.ADVAPI32(0045841A,00000000,00000000,00000000,?,00000004,00000000,0045308F,?,0045841A,00000000,00000000,?,00000000,?,00000000), ref: 00453078
                                            Strings
                                            • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00452F1C
                                            • , xrefs: 00452F36
                                            • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00452EE3
                                            • RegOpenKeyEx, xrefs: 00452F48
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: QueryValue$FormatMessageOpen
                                            • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                            • API String ID: 2812809588-1577016196
                                            • Opcode ID: 6561e5ff5993c523931cf2ba13d224dfdfb294da0d452177df06221cfe00181c
                                            • Instruction ID: 928035bd272ea07f578a002d221a9efba8d97d5daeae889991e526f08aa7b5e3
                                            • Opcode Fuzzy Hash: 6561e5ff5993c523931cf2ba13d224dfdfb294da0d452177df06221cfe00181c
                                            • Instruction Fuzzy Hash: 70913671E00208ABDB10DFA5D941BDEB7F9EB49746F10446BF900F7282D6789E098B69
                                            Function 00456B34 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CloseHandle.KERNEL32(?), ref: 00456B6B
                                            • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00456B87
                                            • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 00456B95
                                            • GetExitCodeProcess.KERNEL32(?), ref: 00456BA6
                                            • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00456BED
                                            • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00456C09
                                            Strings
                                            • Helper process exited, but failed to get exit code., xrefs: 00456BDF
                                            • Stopping 64-bit helper process. (PID: %u), xrefs: 00456B5D
                                            • Helper process exited., xrefs: 00456BB5
                                            • Helper process exited with failure code: 0x%x, xrefs: 00456BD3
                                            • Helper isn't responding; killing it., xrefs: 00456B77
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                            • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                            • API String ID: 3355656108-1243109208
                                            • Opcode ID: 5b56649a2d40bba37211ef4175ca1734cbb3bde7ff93420d1052a04aac8d11c1
                                            • Instruction ID: 9d7a733ba7e4b400d55abe2d76827c4ec82c7121443a5166b5708a03c4d9d847
                                            • Opcode Fuzzy Hash: 5b56649a2d40bba37211ef4175ca1734cbb3bde7ff93420d1052a04aac8d11c1
                                            • Instruction Fuzzy Hash: 37217C70604B009ADB20E779C446B5BB7D49F08315F81882FB8D9CB293D67CF8488B6A
                                            Function 0048EDB4 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141fileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00452038: CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,0048EF85,_iu,?,00000000,00452172), ref: 00452127
                                              • Part of subcall function 00452038: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,0048EF85,_iu,?,00000000,00452172), ref: 00452137
                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0048EE31
                                            • SetFileAttributesA.KERNEL32(00000000,00000080,00000000,0048EF85), ref: 0048EE52
                                            • CreateWindowExA.USER32(00000000,STATIC,0048EF94,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0048EE79
                                            • SetWindowLongA.USER32(?,000000FC,0048E60C), ref: 0048EE8C
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,0048EF58,?,?,000000FC,0048E60C,00000000,STATIC,0048EF94), ref: 0048EEBC
                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 0048EF30
                                            • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,0048EF58,?,?,000000FC,0048E60C,00000000), ref: 0048EF3C
                                              • Part of subcall function 00452388: WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0045246F
                                            • 73EA5CF0.USER32(?,0048EF5F,00000000,00000000,00000000,00000000,00000000,00000097,00000000,0048EF58,?,?,000000FC,0048E60C,00000000,STATIC), ref: 0048EF52
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FileWindow$CloseCreateHandle$AttributesCopyLongMultipleObjectsPrivateProfileStringWaitWrite
                                            • String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                            • API String ID: 170458502-2312673372
                                            • Opcode ID: d286ce31f0742afd55fe71401d241f91e74279016cdde02258f129c258f02059
                                            • Instruction ID: 899c3a807d8ebef90b2c1b053718f2bfa0ca9862065cd7989ddb6901344ff065
                                            • Opcode Fuzzy Hash: d286ce31f0742afd55fe71401d241f91e74279016cdde02258f129c258f02059
                                            • Instruction Fuzzy Hash: 3E415370A44248BFDB00FBA6DD42F9E77B8EB19704F50497AF604F72D1D6799A008B58
                                            Function 0045E0C0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetActiveWindow.USER32 ref: 0045E0CC
                                            • GetModuleHandleA.KERNEL32(user32.dll), ref: 0045E0E0
                                            • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0045E0ED
                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0045E0FA
                                            • GetWindowRect.USER32(?,00000000), ref: 0045E146
                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 0045E184
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$AddressProc$ActiveHandleModuleRect
                                            • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                            • API String ID: 2610873146-3407710046
                                            • Opcode ID: 170c59ca9b76ed583b93d1e9080623799a3cea187bf70a9d391bc38250018019
                                            • Instruction ID: ef411939a0946b870fd052df56d83547aac6ed7b4a766e15f820ec3551d64de0
                                            • Opcode Fuzzy Hash: 170c59ca9b76ed583b93d1e9080623799a3cea187bf70a9d391bc38250018019
                                            • Instruction Fuzzy Hash: CE21D475705B04AFD3149669CD81F3F3299DB88B11F08453AFD44DB382DA78DD068AA9
                                            Function 0042EA60 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetActiveWindow.USER32 ref: 0042EA6C
                                            • GetModuleHandleA.KERNEL32(user32.dll), ref: 0042EA80
                                            • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0042EA8D
                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0042EA9A
                                            • GetWindowRect.USER32(?,00000000), ref: 0042EAE6
                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 0042EB24
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$AddressProc$ActiveHandleModuleRect
                                            • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                            • API String ID: 2610873146-3407710046
                                            • Opcode ID: c76122e987ccbbf4ad122bf975a6ea2cd69e31ff1eab506a42aecdfe1b08b63b
                                            • Instruction ID: de6f8a07dda85d31b5a5cc2262033447bbfd7554ac1e79db9a4c9fe52e5b2086
                                            • Opcode Fuzzy Hash: c76122e987ccbbf4ad122bf975a6ea2cd69e31ff1eab506a42aecdfe1b08b63b
                                            • Instruction Fuzzy Hash: 2A21C271701614AFD700EA79DCD1F3B3B98DB88710F48452AF945DB382DA78FC008AA9
                                            Function 00456D0C Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127pipeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00456EEB,?,00000000,00456F4E,?,?,00000000,00000000), ref: 00456D69
                                            • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00002034,00000014,00000000,?,00000000,00456E80,?,00000000,00000001,00000000,00000000,00000000,00456EEB), ref: 00456DC6
                                            • GetLastError.KERNEL32(?,-00000020,0000000C,-00002034,00000014,00000000,?,00000000,00456E80,?,00000000,00000001,00000000,00000000,00000000,00456EEB), ref: 00456DD3
                                            • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00456E1F
                                            • GetOverlappedResult.KERNEL32(?,?,00000000,00000001,00456E59,?,-00000020,0000000C,-00002034,00000014,00000000,?,00000000,00456E80,?,00000000), ref: 00456E45
                                            • GetLastError.KERNEL32(?,?,00000000,00000001,00456E59,?,-00000020,0000000C,-00002034,00000014,00000000,?,00000000,00456E80,?,00000000), ref: 00456E4C
                                              • Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                            • String ID: CreateEvent$TransactNamedPipe
                                            • API String ID: 2182916169-3012584893
                                            • Opcode ID: 48229fdc3ef61929d6ac761d7619ebca0006deda708ad69f0594bdf8de0f3da7
                                            • Instruction ID: 3505877414f257bb21a012f26b9d0d7704acec035ae139655f100219df004d2f
                                            • Opcode Fuzzy Hash: 48229fdc3ef61929d6ac761d7619ebca0006deda708ad69f0594bdf8de0f3da7
                                            • Instruction Fuzzy Hash: 6C41C275A00208AFDB05DF95CD82F9EB7F9FB08714F5140AAF904E7292C6789E44CB68
                                            Function 0042E264 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042E369,?,?,00000001,00000000,?,?,00000001,00000000,00000002,00000000,0047A008), ref: 0042E28D
                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042E293
                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042E369,?,?,00000001,00000000,?,?,00000001), ref: 0042E2E1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressCloseHandleModuleProc
                                            • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                            • API String ID: 4190037839-2401316094
                                            • Opcode ID: 76dc2bdccc5927439e47ef8f0889c5741e877ebbeb3fcf7f31c19a1313e430a6
                                            • Instruction ID: b5527917e10b0fb8c326f7aa8ff769b2caa43ea40ee794feba058f86ebb39bc0
                                            • Opcode Fuzzy Hash: 76dc2bdccc5927439e47ef8f0889c5741e877ebbeb3fcf7f31c19a1313e430a6
                                            • Instruction Fuzzy Hash: 0C215334B00219EBDB00EBA7DC55A9F77A9EB44705FA0447BA900E7291DBBC9A05CB5C
                                            Function 00416D28 Relevance: 15.2, APIs: 10, Instructions: 167windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RectVisible.GDI32(?,?), ref: 00416DBB
                                            • SaveDC.GDI32(?), ref: 00416DCF
                                            • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 00416DF2
                                            • RestoreDC.GDI32(?,?), ref: 00416E0D
                                            • CreateSolidBrush.GDI32(00000000), ref: 00416E8D
                                            • FrameRect.USER32(?,?,?), ref: 00416EC0
                                            • DeleteObject.GDI32(?), ref: 00416ECA
                                            • CreateSolidBrush.GDI32(00000000), ref: 00416EDA
                                            • FrameRect.USER32(?,?,?), ref: 00416F0D
                                            • DeleteObject.GDI32(?), ref: 00416F17
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
                                            • String ID:
                                            • API String ID: 375863564-0
                                            • Opcode ID: 9eaa094af12716ba6a712ed9638624616ca55e3879d61aed165e71946b14b20b
                                            • Instruction ID: b1e82343d8b9ba510e891f63597e6edb4555071dc73553b60de04657c1de1759
                                            • Opcode Fuzzy Hash: 9eaa094af12716ba6a712ed9638624616ca55e3879d61aed165e71946b14b20b
                                            • Instruction Fuzzy Hash: 32513C712086445FDB50EF69C8C0B9B77E8AF48314F15466AFD48CB286C778EC81CB99
                                            Function 00404ABF Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B46
                                            • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B6A
                                            • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B86
                                            • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00404BA7
                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00404BD0
                                            • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00404BDA
                                            • GetStdHandle.KERNEL32(000000F5), ref: 00404BFA
                                            • GetFileType.KERNEL32(?,000000F5), ref: 00404C11
                                            • CloseHandle.KERNEL32(?,?,000000F5), ref: 00404C2C
                                            • GetLastError.KERNEL32(000000F5), ref: 00404C46
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                            • String ID:
                                            • API String ID: 1694776339-0
                                            • Opcode ID: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                            • Instruction ID: 0555156f4d2a620bb114dc01d937536d57074fdea11cd86abdfeb4dd56d828b4
                                            • Opcode Fuzzy Hash: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                            • Instruction Fuzzy Hash: 3741B3F02093009AF7305E248905B2375E5EBC0755F208E3FE296BA6E0D7BDE8458B1D
                                            Function 00422190 Relevance: 15.1, APIs: 10, Instructions: 74windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemMenu.USER32(00000000,00000000), ref: 004221DB
                                            • DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 004221F9
                                            • DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422206
                                            • DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422213
                                            • DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422220
                                            • DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 0042222D
                                            • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 0042223A
                                            • DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 00422247
                                            • EnableMenuItem.USER32(00000000,0000F020,00000001), ref: 00422265
                                            • EnableMenuItem.USER32(00000000,0000F030,00000001), ref: 00422281
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Menu$Delete$EnableItem$System
                                            • String ID:
                                            • API String ID: 3985193851-0
                                            • Opcode ID: 2ac919316b1e548bcce60f4eb3ccb73fb66cb5d1796470b9090fa35795744f24
                                            • Instruction ID: 142bb334ff85b79c2121110e2d141a600bd35af2d4b4289324417f29a70e323f
                                            • Opcode Fuzzy Hash: 2ac919316b1e548bcce60f4eb3ccb73fb66cb5d1796470b9090fa35795744f24
                                            • Instruction Fuzzy Hash: 802136703457457BE720D725DD8BFAB7AD89B08708F0440A5B6447F2D3C6FDEA4086A8
                                            Function 0045CDF0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 82COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042CAA4: CharPrevA.USER32(?,00000000,?,00000001,?,?,0042CBD2,00000000,0042CBF8,?,00000001,?,?,00000000,?,0042CC4A), ref: 0042CACC
                                            • SHGetMalloc.SHELL32(?), ref: 0045CE2B
                                            • GetActiveWindow.USER32 ref: 0045CE8F
                                            • CoInitialize.OLE32(00000000), ref: 0045CEA3
                                            • SHBrowseForFolder.SHELL32(?), ref: 0045CEBA
                                            • 7712D120.OLE32(0045CEFB,00000000,?,?,?,?,?,00000000,0045CF7F), ref: 0045CECF
                                            • SetActiveWindow.USER32(?,0045CEFB,00000000,?,?,?,?,?,00000000,0045CF7F), ref: 0045CEE5
                                            • SetActiveWindow.USER32(?,?,0045CEFB,00000000,?,?,?,?,?,00000000,0045CF7F), ref: 0045CEEE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ActiveWindow$7712BrowseCharD120FolderInitializeMallocPrev
                                            • String ID: A
                                            • API String ID: 2286617540-3554254475
                                            • Opcode ID: a57be843ccaacac0a46b99ad4989412c07f02d64ca0905ed98f03eef16ad0010
                                            • Instruction ID: 44e22db6f723d0e43817c9017cb3acb801a4f8e8d8f4fd9594430335e44c7cfb
                                            • Opcode Fuzzy Hash: a57be843ccaacac0a46b99ad4989412c07f02d64ca0905ed98f03eef16ad0010
                                            • Instruction Fuzzy Hash: 7A310F70E00308AFDB01EFB6D886A9EBBF8EB09304F51447AF914E7252D6785A44CB59
                                            Function 00418BFC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemMetrics.USER32(0000000E), ref: 00418C18
                                            • GetSystemMetrics.USER32(0000000D), ref: 00418C20
                                            • 6F9C2980.COMCTL32(00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C26
                                              • Part of subcall function 00409958: 6F9BC400.COMCTL32((&I,000000FF,00000000,00418C54,00000000,00418CB0,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 0040995C
                                            • 6FA2CB00.COMCTL32((&I,00000000,00000000,00000000,00000000,00418CB0,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C76
                                            • 6FA2C740.COMCTL32(00000000,?,(&I,00000000,00000000,00000000,00000000,00418CB0,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001), ref: 00418C81
                                            • 6FA2CB00.COMCTL32((&I,00000001,?,?,00000000,?,(&I,00000000,00000000,00000000,00000000,00418CB0,?,00000000,0000000D,00000000), ref: 00418C94
                                            • 6F9C0860.COMCTL32((&I,00418CB7,?,00000000,?,(&I,00000000,00000000,00000000,00000000,00418CB0,?,00000000,0000000D,00000000,0000000E), ref: 00418CAA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MetricsSystem$C0860C2980C400C740
                                            • String ID: (&I
                                            • API String ID: 624341609-96580698
                                            • Opcode ID: cb724f8f61eeec6223193507a99a441db1e856c55be7018474d1ece8e95461e9
                                            • Instruction ID: 46645d9a52805bd5c852c20026195d53dd59d6b8e5b8ddd5dae0d8f2325046d5
                                            • Opcode Fuzzy Hash: cb724f8f61eeec6223193507a99a441db1e856c55be7018474d1ece8e95461e9
                                            • Instruction Fuzzy Hash: 8B113671B44604BBDB10EBA5DC82F5EB3B8DB48714F50446EBA04F73D2EAB99D408768
                                            Function 0045A7A8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetProcAddress.KERNEL32(00000000,inflateInit_), ref: 0045A7B1
                                            • GetProcAddress.KERNEL32(00000000,inflate), ref: 0045A7C1
                                            • GetProcAddress.KERNEL32(00000000,inflateEnd), ref: 0045A7D1
                                            • GetProcAddress.KERNEL32(00000000,inflateReset), ref: 0045A7E1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc
                                            • String ID: inflate$inflateEnd$inflateInit_$inflateReset
                                            • API String ID: 190572456-3516654456
                                            • Opcode ID: 3dffc787503262894019984b3336cae492994a29c5f4e8bedd10a62cfa1da0e0
                                            • Instruction ID: 8bdbbd7099bf23791bc9fd54354aee5868bc2dbadb77176a7910e3edbd90d505
                                            • Opcode Fuzzy Hash: 3dffc787503262894019984b3336cae492994a29c5f4e8bedd10a62cfa1da0e0
                                            • Instruction Fuzzy Hash: 8E0125B0500B00EED728EF32AE8872336B5A764345F14C17B9805652BBDBF8045EDA1D
                                            Function 0041A884 Relevance: 13.7, APIs: 9, Instructions: 176windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetBkColor.GDI32(?,00000000), ref: 0041A961
                                            • 73EA4D40.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020,?,00000000), ref: 0041A99B
                                            • SetBkColor.GDI32(?,?), ref: 0041A9B0
                                            • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00CC0020), ref: 0041A9FA
                                            • SetTextColor.GDI32(00000000,00000000), ref: 0041AA05
                                            • SetBkColor.GDI32(00000000,00FFFFFF), ref: 0041AA15
                                            • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00E20746), ref: 0041AA54
                                            • SetTextColor.GDI32(00000000,00000000), ref: 0041AA5E
                                            • SetBkColor.GDI32(00000000,?), ref: 0041AA6B
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Color$StretchText
                                            • String ID:
                                            • API String ID: 2984075790-0
                                            • Opcode ID: c5f223bee4bb783086f44ddf098ec2f005a4e4987d44d46892a6de9d9b7dd681
                                            • Instruction ID: e254907fa32ae31809fa254cf51b9897988a5b4c94e3051facbc65a4db038bdb
                                            • Opcode Fuzzy Hash: c5f223bee4bb783086f44ddf098ec2f005a4e4987d44d46892a6de9d9b7dd681
                                            • Instruction Fuzzy Hash: 6161E5B5A00105EFCB40EFA9D985E9AB7F8EF08314B11856AF518DB262C734ED41CF69
                                            Function 0044C864 Relevance: 13.6, APIs: 9, Instructions: 90COMMON
                                            Download Yara Rule
                                            APIs
                                            • OffsetRect.USER32(?,00000001,00000001), ref: 0044C895
                                            • GetSysColor.USER32(00000014), ref: 0044C89C
                                            • SetTextColor.GDI32(00000000,00000000), ref: 0044C8B4
                                            • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044C8DD
                                            • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044C8E7
                                            • GetSysColor.USER32(00000010), ref: 0044C8EE
                                            • SetTextColor.GDI32(00000000,00000000), ref: 0044C906
                                            • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044C92F
                                            • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044C95A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Text$Color$Draw$OffsetRect
                                            • String ID:
                                            • API String ID: 1005981011-0
                                            • Opcode ID: 51f117784bee9bf218d8e2ecb0647dee1e2294ff91932014a4f062f41d990a23
                                            • Instruction ID: b575c18274847aba3012457626d0aaea5839951ed62bd291699816a0262c3fb5
                                            • Opcode Fuzzy Hash: 51f117784bee9bf218d8e2ecb0647dee1e2294ff91932014a4f062f41d990a23
                                            • Instruction Fuzzy Hash: 0321A0B42016047FC710FB6ACD8AE9B7BDCDF19319B04457AB918EB3A3C678DD408669
                                            Function 0047174C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 92windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00471674: GetWindowThreadProcessId.USER32(00000000), ref: 0047167C
                                              • Part of subcall function 00471674: GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00471773,\/I,00000000), ref: 0047168F
                                              • Part of subcall function 00471674: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00471695
                                            • SendMessageA.USER32(00000000,0000004A,00000000,00471B06), ref: 00471781
                                            • GetTickCount.KERNEL32 ref: 004717C6
                                            • GetTickCount.KERNEL32 ref: 004717D0
                                            • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,0000000A,000000FF), ref: 00471825
                                            Strings
                                            • \/I, xrefs: 00471753
                                            • CallSpawnServer: Unexpected response: $%x, xrefs: 004717B6
                                            • CallSpawnServer: Unexpected status: %d, xrefs: 0047180E
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CountTick$AddressHandleMessageModuleMultipleObjectsProcProcessSendThreadWaitWindow
                                            • String ID: CallSpawnServer: Unexpected response: $%x$CallSpawnServer: Unexpected status: %d$\/I
                                            • API String ID: 613034392-4045567746
                                            • Opcode ID: 0bdae429eff8d1580745a98c8e118b2776b597856db30de61ff8ebb473ee6832
                                            • Instruction ID: f11b9d24a016228fd55770aab2269764d20f87266426001b19c3ff40abdb7d86
                                            • Opcode Fuzzy Hash: 0bdae429eff8d1580745a98c8e118b2776b597856db30de61ff8ebb473ee6832
                                            • Instruction Fuzzy Hash: E0317F78F002159BDB10EBBD88867EEB6A59F04704F50843AB548EB3A2D67C9D01879E
                                            Function 0048E658 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90sleepsynchronizationthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0044FC44: SetEndOfFile.KERNEL32(?,?,004599C5,00000000,00459B68,?,00000000,00000002,00000002), ref: 0044FC4B
                                              • Part of subcall function 00406EF0: DeleteFileA.KERNEL32(00000000,00492628,004906E1,00000000,00490736,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406EFB
                                            • GetWindowThreadProcessId.USER32(00000000,?), ref: 0048E6E9
                                            • OpenProcess.KERNEL32(00100000,00000000,?,00000000,?), ref: 0048E6FD
                                            • SendNotifyMessageA.USER32(00000000,0000054D,00000000,00000000), ref: 0048E717
                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 0048E723
                                            • CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 0048E729
                                            • Sleep.KERNEL32(000001F4,00000000,0000054D,00000000,00000000,00000000,?), ref: 0048E73C
                                            Strings
                                            • Deleting Uninstall data files., xrefs: 0048E65F
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FileProcess$CloseDeleteHandleMessageNotifyObjectOpenSendSingleSleepThreadWaitWindow
                                            • String ID: Deleting Uninstall data files.
                                            • API String ID: 1570157960-2568741658
                                            • Opcode ID: 9d067bf5239d494c11ca6ea2ee92c558df55eaca7c9a40dc827b20b8e50aa70c
                                            • Instruction ID: 7eb9b81ebef4b9935662b2bd99c088e093be0b50f7952a605171971ca98b3156
                                            • Opcode Fuzzy Hash: 9d067bf5239d494c11ca6ea2ee92c558df55eaca7c9a40dc827b20b8e50aa70c
                                            • Instruction Fuzzy Hash: 5B216F74744204BEE721FBBADC86B2B3698E759319F50053BF9119A1A2DA789D009B1C
                                            Function 0045E500 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004163B8: GetClassInfoA.USER32(00400000,?,?), ref: 00416427
                                              • Part of subcall function 004163B8: UnregisterClassA.USER32(?,00400000), ref: 00416453
                                              • Part of subcall function 004163B8: RegisterClassA.USER32(?), ref: 00416476
                                            • GetVersion.KERNEL32 ref: 0045E530
                                            • SendMessageA.USER32(00000000,0000112C,00000004,00000004), ref: 0045E56E
                                            • SHGetFileInfo.SHELL32(0045E60C,00000000,?,00000160,00004011), ref: 0045E58B
                                            • LoadCursorA.USER32(00000000,00007F02), ref: 0045E5A9
                                            • SetCursor.USER32(00000000,00000000,00007F02,0045E60C,00000000,?,00000160,00004011), ref: 0045E5AF
                                            • SetCursor.USER32(?,0045E5EF,00007F02,0045E60C,00000000,?,00000160,00004011), ref: 0045E5E2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ClassCursor$Info$FileLoadMessageRegisterSendUnregisterVersion
                                            • String ID: Explorer
                                            • API String ID: 2594429197-512347832
                                            • Opcode ID: 04dae18e0789727a76a8890a65ab041c4f98a0ef290a8ca75c183f3cffa742e1
                                            • Instruction ID: e5db7c9749215eeb2d02e5ed912e0b3fe28138e3e2d2d7ddb3fe69776e4d8daf
                                            • Opcode Fuzzy Hash: 04dae18e0789727a76a8890a65ab041c4f98a0ef290a8ca75c183f3cffa742e1
                                            • Instruction Fuzzy Hash: 80213D717803087AEB14BBB69C47B9A36889B05709F4100BFBE05EA1C3EDBC8D05866C
                                            Function 004019CC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 48memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlInitializeCriticalSection.KERNEL32(00492420,00000000,00401A82,?,?,0040222E,02212B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                            • RtlEnterCriticalSection.KERNEL32(00492420,00492420,00000000,00401A82,?,?,0040222E,02212B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                            • LocalAlloc.KERNEL32(00000000,00000FF8,00492420,00000000,00401A82,?,?,0040222E,02212B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                            • RtlLeaveCriticalSection.KERNEL32(00492420,00401A89,00000000,00401A82,?,?,0040222E,02212B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                            • String ID: @$I$P$I$|$I
                                            • API String ID: 730355536-2452420409
                                            • Opcode ID: 45966a33f2cca9af6227f06f99b0f7a08db919fa22154029dacd4e349c8f896d
                                            • Instruction ID: 60313ebd75f34371d34e31ab956689d8a0b747d94a089b2a958688c132db86d3
                                            • Opcode Fuzzy Hash: 45966a33f2cca9af6227f06f99b0f7a08db919fa22154029dacd4e349c8f896d
                                            • Instruction Fuzzy Hash: AA01C0706452407EFB1AAB6A9A06B263ED8E795748F11803BF440A6AF1C6FC4840CB6D
                                            Function 0045775C Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 121COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(00000000,004578DE,?,00000000,?,00000000,?,00000006,?,00000000,0048F8FB,?,00000000,0048F996), ref: 00457822
                                              • Part of subcall function 00452A2C: FindClose.KERNEL32(000000FF,00452B22), ref: 00452B11
                                            Strings
                                            • Failed to strip read-only attribute., xrefs: 004577F0
                                            • Stripped read-only attribute., xrefs: 004577E4
                                            • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 00457897
                                            • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 004577FC
                                            • Failed to delete directory (%d)., xrefs: 004578B8
                                            • Failed to delete directory (%d). Will retry later., xrefs: 0045783B
                                            • Deleting directory: %s, xrefs: 004577AB
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseErrorFindLast
                                            • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                            • API String ID: 754982922-1448842058
                                            • Opcode ID: c942cc8746309d6c4fde1d13e5877ff426f738c54e561dd9b6452c2f2059cbe1
                                            • Instruction ID: 7ed85959ced61155a0d0e848b4d98e2feb505fad3b81ad5ee62f34683386d719
                                            • Opcode Fuzzy Hash: c942cc8746309d6c4fde1d13e5877ff426f738c54e561dd9b6452c2f2059cbe1
                                            • Instruction Fuzzy Hash: 1941F830A182089BDB00EB69A8053AF76E59F49316F54857BAC01DB393D77C9E0CC75E
                                            Function 00429428 Relevance: 12.1, APIs: 8, Instructions: 62COMMON
                                            Download Yara Rule
                                            APIs
                                            • 73E9A570.USER32(00000000), ref: 00429432
                                            • GetTextMetricsA.GDI32(00000000), ref: 0042943B
                                              • Part of subcall function 0041A190: CreateFontIndirectA.GDI32(?), ref: 0041A24F
                                            • SelectObject.GDI32(00000000,00000000), ref: 0042944A
                                            • GetTextMetricsA.GDI32(00000000,?), ref: 00429457
                                            • SelectObject.GDI32(00000000,00000000), ref: 0042945E
                                            • 73E9A480.USER32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00429466
                                            • GetSystemMetrics.USER32(00000006), ref: 0042948B
                                            • GetSystemMetrics.USER32(00000006), ref: 004294A5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Metrics$ObjectSelectSystemText$A480A570CreateFontIndirect
                                            • String ID:
                                            • API String ID: 361401722-0
                                            • Opcode ID: 9834c26a9960500f6a9ecfd8d753213a1de3cd4ea19aff41d6da438e204e4863
                                            • Instruction ID: 1059aa7a6e273236e125af25209637a8817c3066b806c9f95c2c1fc45335f5e0
                                            • Opcode Fuzzy Hash: 9834c26a9960500f6a9ecfd8d753213a1de3cd4ea19aff41d6da438e204e4863
                                            • Instruction Fuzzy Hash: 830100917087503BF710B27A9CC2F6B5588DB8435CF80003FFA469A3C3DA6C8C41826A
                                            Function 0041DDCC Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • 73E9A570.USER32(00000000,?,00419001,00490B35), ref: 0041DDCF
                                            • 73EA4620.GDI32(00000000,0000005A,00000000,?,00419001,00490B35), ref: 0041DDD9
                                            • 73E9A480.USER32(00000000,00000000,00000000,0000005A,00000000,?,00419001,00490B35), ref: 0041DDE6
                                            • MulDiv.KERNEL32(00000008,00000060,00000048), ref: 0041DDF5
                                            • GetStockObject.GDI32(00000007), ref: 0041DE03
                                            • GetStockObject.GDI32(00000005), ref: 0041DE0F
                                            • GetStockObject.GDI32(0000000D), ref: 0041DE1B
                                            • LoadIconA.USER32(00000000,00007F00), ref: 0041DE2C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ObjectStock$A4620A480A570IconLoad
                                            • String ID:
                                            • API String ID: 2905290459-0
                                            • Opcode ID: 9c1e6b037cfcf526f883390b7a6738af9fd81bafc879f9cac69ea1757f065c58
                                            • Instruction ID: 4ac4bd4aadafbff56ec06caa1a3c2c499f9ae773c567f2f7cd71ce954fcb2d20
                                            • Opcode Fuzzy Hash: 9c1e6b037cfcf526f883390b7a6738af9fd81bafc879f9cac69ea1757f065c58
                                            • Instruction Fuzzy Hash: F81142706453416AE740FF795E92BA63694EB24748F00803BF604EF6D2D7BD1C449B5E
                                            Function 0045E910 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 273COMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadCursorA.USER32(00000000,00007F02), ref: 0045EA14
                                            • SetCursor.USER32(00000000,00000000,00007F02,00000000,0045EAA9), ref: 0045EA1A
                                            • SetCursor.USER32(?,0045EA91,00007F02,00000000,0045EAA9), ref: 0045EA84
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Cursor$Load
                                            • String ID: $ $Internal error: Item already expanding
                                            • API String ID: 1675784387-1948079669
                                            • Opcode ID: 86fb8ac550f143a479c111801148130c613dcda28804a46f18216edc7251b72d
                                            • Instruction ID: dca47056957fcd899ad7342011e10480afea1a1a27e56c2873f80f5661136381
                                            • Opcode Fuzzy Hash: 86fb8ac550f143a479c111801148130c613dcda28804a46f18216edc7251b72d
                                            • Instruction Fuzzy Hash: 35B1BF30A042449FDB25DF2AC585B9ABBF0BF04305F5484AAEC459B793D738EE49CB45
                                            Function 00452388 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 225COMMON
                                            Download Yara Rule
                                            APIs
                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0045246F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: PrivateProfileStringWrite
                                            • String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                            • API String ID: 390214022-3304407042
                                            • Opcode ID: 1c1ce0ddb9ef394067630f10c4084cb2c2b088ee831540a62cb7d367d0a82b32
                                            • Instruction ID: b02a2244c8ac043b1712f4d5d459e41a201eed142cab655ca7120e0de3a2e1df
                                            • Opcode Fuzzy Hash: 1c1ce0ddb9ef394067630f10c4084cb2c2b088ee831540a62cb7d367d0a82b32
                                            • Instruction Fuzzy Hash: BA91F330A001099BDB11EFA5D982BDEB7F5AF49305F50847BE90077392D7B8AE09CB59
                                            Function 004086C0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemDefaultLCID.KERNEL32(00000000,00408908,?,?,?,?,00000000,00000000,00000000,?,0040990F,00000000,00409922), ref: 004086DA
                                              • Part of subcall function 00408508: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,004924C0,00000001,?,004085D3,?,00000000,004086B2), ref: 00408526
                                              • Part of subcall function 00408554: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,00408756,?,?,?,00000000,00408908), ref: 00408567
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: InfoLocale$DefaultSystem
                                            • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                            • API String ID: 1044490935-665933166
                                            • Opcode ID: ff036df80b210b54e2fa160841ffd8a7ad68a192e85da69035cbbac9a23d53b8
                                            • Instruction ID: 056ecf6f2f1527b7684b606c263ef1e3982ac19046fe7e290d3a86a54856ae2c
                                            • Opcode Fuzzy Hash: ff036df80b210b54e2fa160841ffd8a7ad68a192e85da69035cbbac9a23d53b8
                                            • Instruction Fuzzy Hash: 21512C74B001086BDB01FBA6DE91A9E7BA9DB84304F50D47FA181BB3C6CA3CDA05875D
                                            Function 0041169C Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetVersion.KERNEL32(00000000,004118A1), ref: 00411734
                                            • InsertMenuItemA.USER32(?,000000FF,00000001,0000002C), ref: 004117F2
                                              • Part of subcall function 00411A54: CreatePopupMenu.USER32 ref: 00411A6E
                                            • InsertMenuA.USER32(?,000000FF,?,?,00000000), ref: 0041187E
                                              • Part of subcall function 00411A54: CreateMenu.USER32 ref: 00411A78
                                            • InsertMenuA.USER32(?,000000FF,?,00000000,00000000), ref: 00411865
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Menu$Insert$Create$ItemPopupVersion
                                            • String ID: ,$?
                                            • API String ID: 2359071979-2308483597
                                            • Opcode ID: baa12968a9006a52d5e4ef876005b49ebe402715d6320ec9eb47ca094d0fc02d
                                            • Instruction ID: 726e600f223273bd08914059578a8101eea6a2d33d3ff692803082349b8399f4
                                            • Opcode Fuzzy Hash: baa12968a9006a52d5e4ef876005b49ebe402715d6320ec9eb47ca094d0fc02d
                                            • Instruction Fuzzy Hash: 02511574A041419BDB10EF6ADC815DA7BF9AF09304B1185BBFA04E73B2D738D941CB58
                                            Function 0041BE0B Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetObjectA.GDI32(?,00000018,?), ref: 0041BED0
                                            • GetObjectA.GDI32(?,00000018,?), ref: 0041BEDF
                                            • GetBitmapBits.GDI32(?,?,?), ref: 0041BF30
                                            • GetBitmapBits.GDI32(?,?,?), ref: 0041BF3E
                                            • DeleteObject.GDI32(?), ref: 0041BF47
                                            • DeleteObject.GDI32(?), ref: 0041BF50
                                            • CreateIcon.USER32(00400000,?,?,?,?,?,?), ref: 0041BF6D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Object$BitmapBitsDelete$CreateIcon
                                            • String ID:
                                            • API String ID: 1030595962-0
                                            • Opcode ID: 1e4853d75d21bc1926ba7cf5224c89ea8ebb7500f7ae85efd10c66dcd062618b
                                            • Instruction ID: f0e05dfe27ce23013596edce2c43a20e6d26497d7b74886029f11bde31f0b820
                                            • Opcode Fuzzy Hash: 1e4853d75d21bc1926ba7cf5224c89ea8ebb7500f7ae85efd10c66dcd062618b
                                            • Instruction Fuzzy Hash: 2A511675E002099FCB14DFA9C8819EEB7F9EF49310B11842AF514E7391D738AD81CB64
                                            Function 0041CE80 Relevance: 10.7, APIs: 7, Instructions: 152windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetStretchBltMode.GDI32(00000000,00000003), ref: 0041CEA6
                                            • 73EA4620.GDI32(00000000,00000026), ref: 0041CEC5
                                            • 73E98830.GDI32(?,?,00000001,00000000,00000026), ref: 0041CF2B
                                            • 73E922A0.GDI32(?,?,?,00000001,00000000,00000026), ref: 0041CF3A
                                            • StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?), ref: 0041CFA4
                                            • StretchDIBits.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?,00000000,?), ref: 0041CFE2
                                            • 73E98830.GDI32(?,?,00000001,0041D014,00000000,00000026), ref: 0041D007
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Stretch$E98830$A4620BitsE922Mode
                                            • String ID:
                                            • API String ID: 4209919087-0
                                            • Opcode ID: aa7efd9841db0397c835a8e493930d486de59a27429b2987e03207e86632ff54
                                            • Instruction ID: 716ae2cbf74db7cca6ca85613245d2cbdededc4b908a0ab63d95ef833b57d340
                                            • Opcode Fuzzy Hash: aa7efd9841db0397c835a8e493930d486de59a27429b2987e03207e86632ff54
                                            • Instruction Fuzzy Hash: 4C511EB0600604AFDB14DFA9C985F9BBBE8EF08304F14455AB545D7792C778ED81CB68
                                            Function 00454F3C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageA.USER32(00000000,?,?), ref: 00454F8E
                                              • Part of subcall function 00424224: GetWindowTextA.USER32(?,?,00000100), ref: 00424244
                                              • Part of subcall function 0041EE4C: GetCurrentThreadId.KERNEL32 ref: 0041EE9B
                                              • Part of subcall function 0041EE4C: 73EA5940.USER32(00000000,0041EDFC,00000000,00000000,0041EEB8,?,00000000,0041EEEF,?,0042E7E8,?,00000001), ref: 0041EEA1
                                              • Part of subcall function 0042426C: SetWindowTextA.USER32(?,00000000), ref: 00424284
                                            • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00454FF5
                                            • TranslateMessage.USER32(?), ref: 00455013
                                            • DispatchMessageA.USER32(?), ref: 0045501C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Message$TextWindow$A5940CurrentDispatchSendThreadTranslate
                                            • String ID: [Paused]
                                            • API String ID: 1715333840-4230553315
                                            • Opcode ID: 141f149095fb27d577fc31764a328687d2f30d229be375c220db36f4bd74699d
                                            • Instruction ID: 741a01f18879a345a5b07686917d8e40ce5d5c24a876243dd54feaf600687e8f
                                            • Opcode Fuzzy Hash: 141f149095fb27d577fc31764a328687d2f30d229be375c220db36f4bd74699d
                                            • Instruction Fuzzy Hash: 3231E331908644AECB11DBB5DC51BEE7BB8EB49704F50447BE800E32D2D67C9909CBA9
                                            Function 00466210 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCursor.USER32(00000000,0046634F), ref: 004662CC
                                            • LoadCursorA.USER32(00000000,00007F02), ref: 004662DA
                                            • SetCursor.USER32(00000000,00000000,00007F02,00000000,0046634F), ref: 004662E0
                                            • Sleep.KERNEL32(000002EE,00000000,00000000,00007F02,00000000,0046634F), ref: 004662EA
                                            • SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02,00000000,0046634F), ref: 004662F0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Cursor$LoadSleep
                                            • String ID: CheckPassword
                                            • API String ID: 4023313301-1302249611
                                            • Opcode ID: dcac28800608870031fcac25a900b831df3bca65ce0f78045b4d70193f3a0fd9
                                            • Instruction ID: e12dea2b5957d6b50ca2ed371003984113864468440f1a681d17ee3b0f813ced
                                            • Opcode Fuzzy Hash: dcac28800608870031fcac25a900b831df3bca65ce0f78045b4d70193f3a0fd9
                                            • Instruction Fuzzy Hash: 2931A774644204AFD701EF69C88AF9E7BE1AF45304F5680B6F904AB3E2D7789E40CB59
                                            Function 0041C0F0 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0041BFF0: GetObjectA.GDI32(?,00000018), ref: 0041BFFD
                                            • GetFocus.USER32 ref: 0041C110
                                            • 73E9A570.USER32(?), ref: 0041C11C
                                            • 73E98830.GDI32(?,?,00000000,00000000,0041C19B,?,?), ref: 0041C13D
                                            • 73E922A0.GDI32(?,?,?,00000000,00000000,0041C19B,?,?), ref: 0041C149
                                            • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0041C160
                                            • 73E98830.GDI32(?,00000000,00000000,0041C1A2,?,?), ref: 0041C188
                                            • 73E9A480.USER32(?,?,0041C1A2,?,?), ref: 0041C195
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: E98830$A480A570BitsE922FocusObject
                                            • String ID:
                                            • API String ID: 2688936647-0
                                            • Opcode ID: 4b5817af3930a7da88de8c776c2c87f1b057dc8e6189491f9691f509f6f43723
                                            • Instruction ID: e1839615c60f4afd83c90c330261c8dd65eba5fe4d32295df669e4ba5c229ee2
                                            • Opcode Fuzzy Hash: 4b5817af3930a7da88de8c776c2c87f1b057dc8e6189491f9691f509f6f43723
                                            • Instruction Fuzzy Hash: 24116D71A44608BBDB10DBE9CC85FAFB7FCEF48700F54446AB518E7281D63898008B28
                                            Function 0047C58C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60
                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0047C644), ref: 0047C629
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseOpen
                                            • String ID: LanmanNT$ProductType$ServerNT$System\CurrentControlSet\Control\ProductOptions$WinNT
                                            • API String ID: 47109696-2530820420
                                            • Opcode ID: fafdd2843b6f507a896394f3a3414b9c40ea31042ca9b4c89a74a5876a175f0e
                                            • Instruction ID: ba25b35c1adc0b75f4f324f6cb59f82a98d74cc289aeabc78b4d1a44d03816b4
                                            • Opcode Fuzzy Hash: fafdd2843b6f507a896394f3a3414b9c40ea31042ca9b4c89a74a5876a175f0e
                                            • Instruction Fuzzy Hash: 84118E30B04204AADB10DB659AC2B9A7BA89B56308F61D0BFA408A7285DB789A018758
                                            Function 0041B40A Relevance: 10.6, APIs: 7, Instructions: 57windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SelectObject.GDI32(00000000,?), ref: 0041B418
                                            • SelectObject.GDI32(?,00000000), ref: 0041B427
                                            • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B453
                                            • SelectObject.GDI32(00000000,00000000), ref: 0041B461
                                            • SelectObject.GDI32(?,00000000), ref: 0041B46F
                                            • DeleteDC.GDI32(00000000), ref: 0041B478
                                            • DeleteDC.GDI32(?), ref: 0041B481
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ObjectSelect$Delete$Stretch
                                            • String ID:
                                            • API String ID: 1458357782-0
                                            • Opcode ID: d8fcd08cd1e6b3b068bfae977a68b3e89a280d1eb5928260e7975f8e8b8626d0
                                            • Instruction ID: 04c6450d5990685007640eea88a29337d1268334102612a79928454e9dde4d04
                                            • Opcode Fuzzy Hash: d8fcd08cd1e6b3b068bfae977a68b3e89a280d1eb5928260e7975f8e8b8626d0
                                            • Instruction Fuzzy Hash: 3F114CB2E00555ABDF10DAD9D885FEFB3BCEF08704F048556B614FB241C678A9418B54
                                            Function 0048D690 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                            Download Yara Rule
                                            APIs
                                            • 73E9A570.USER32(00000000,?,?,00000000), ref: 0048D6A1
                                              • Part of subcall function 0041A190: CreateFontIndirectA.GDI32(?), ref: 0041A24F
                                            • SelectObject.GDI32(00000000,00000000), ref: 0048D6C3
                                            • GetTextExtentPointA.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,0048DC19), ref: 0048D6D7
                                            • GetTextMetricsA.GDI32(00000000,?), ref: 0048D6F9
                                            • 73E9A480.USER32(00000000,00000000,0048D723,0048D71C,?,00000000,?,?,00000000), ref: 0048D716
                                            Strings
                                            • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 0048D6CE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Text$A480A570CreateExtentFontIndirectMetricsObjectPointSelect
                                            • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                            • API String ID: 1435929781-222967699
                                            • Opcode ID: 2b902195bd78e3a85a14461ba25cf2a461328febbf25ed1a984847a0c9924e98
                                            • Instruction ID: 56f2b7a4074af1b55b95a42d0c90d732b29dffae751eaa68173dd8b8b984e531
                                            • Opcode Fuzzy Hash: 2b902195bd78e3a85a14461ba25cf2a461328febbf25ed1a984847a0c9924e98
                                            • Instruction Fuzzy Hash: E5012575A05608AFDB01EEA5CC41F5FB7ECDB49704F51447AB504E72C1D678AD008B68
                                            Function 0042333C Relevance: 10.6, APIs: 7, Instructions: 56threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCursorPos.USER32 ref: 00423357
                                            • WindowFromPoint.USER32(?,?), ref: 00423364
                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00423372
                                            • GetCurrentThreadId.KERNEL32 ref: 00423379
                                            • SendMessageA.USER32(00000000,00000084,?,?), ref: 00423392
                                            • SendMessageA.USER32(00000000,00000020,00000000,00000000), ref: 004233A9
                                            • SetCursor.USER32(00000000), ref: 004233BB
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                            • String ID:
                                            • API String ID: 1770779139-0
                                            • Opcode ID: 7a1fa5eb43588ed905b36272748367152b50e279982f14557b7e119d831a34ac
                                            • Instruction ID: 0b857e85cec8b006a236e34f0c55496e129225b07c91d7ef35ca05f8a9fb34e8
                                            • Opcode Fuzzy Hash: 7a1fa5eb43588ed905b36272748367152b50e279982f14557b7e119d831a34ac
                                            • Instruction Fuzzy Hash: 5801D42230431026D620BB795C86F2F62A9DFC5B25F50453FBA09AB283DE3D8D1063AD
                                            Function 0048D4B4 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(user32.dll), ref: 0048D4C4
                                            • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 0048D4D1
                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0048D4DE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc$HandleModule
                                            • String ID: GetMonitorInfoA$MonitorFromRect$user32.dll
                                            • API String ID: 667068680-2254406584
                                            • Opcode ID: 6786598ab4ed6b29e551e4434715b5d92cf041e967db77cd6a5fdf9f42b76a8d
                                            • Instruction ID: 67b51c375aa01bca0c5088982691f1e3d037f3b871651ee40e205a1bc027e1e2
                                            • Opcode Fuzzy Hash: 6786598ab4ed6b29e551e4434715b5d92cf041e967db77cd6a5fdf9f42b76a8d
                                            • Instruction Fuzzy Hash: 19F0C292E42B1476DA1035BA0C82E7F628CCB8A768F140837BD45A72C2E9688D0543AD
                                            Function 0045A67C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 34libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetProcAddress.KERNEL32(00000000,ISCryptGetVersion), ref: 0045A685
                                            • GetProcAddress.KERNEL32(00000000,ArcFourInit), ref: 0045A695
                                            • GetProcAddress.KERNEL32(00000000,ArcFourCrypt), ref: 0045A6A5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc
                                            • String ID: ArcFourCrypt$ArcFourInit$ISCryptGetVersion
                                            • API String ID: 190572456-508647305
                                            • Opcode ID: b50286813e04f81c7a6efa6a560a2cc7dac75f01e1440ccd7e3cdc890a972b89
                                            • Instruction ID: 4e0395d972810c9416c3368882ebdde2c5e01ffaaeaf982be760f48a4fca4704
                                            • Opcode Fuzzy Hash: b50286813e04f81c7a6efa6a560a2cc7dac75f01e1440ccd7e3cdc890a972b89
                                            • Instruction Fuzzy Hash: 3DF062B1532700FBDB08DF729EC422736B5B364396F18C13BA804551AAD7BC0458EA0D
                                            Function 0045AB7C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressInit), ref: 0045AB85
                                            • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompress), ref: 0045AB95
                                            • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressEnd), ref: 0045ABA5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc
                                            • String ID: BZ2_bzDecompress$BZ2_bzDecompressEnd$BZ2_bzDecompressInit
                                            • API String ID: 190572456-212574377
                                            • Opcode ID: 06ad267ddbe9a67695a24deefdef499722044127c2f74fee0a459ad65b6435b0
                                            • Instruction ID: 78c3aec0c34357df070bc40c46de1e5cd03a4b776be7e77430bdb5cc110f23ad
                                            • Opcode Fuzzy Hash: 06ad267ddbe9a67695a24deefdef499722044127c2f74fee0a459ad65b6435b0
                                            • Instruction Fuzzy Hash: 66F06DB0500742EADB14DF32AE44B3237A6A368306F04913BA909552AAD7FC145EEE5E
                                            Function 0044BEB8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 28libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(oleacc.dll,?,0044E775), ref: 0044BEC7
                                            • GetProcAddress.KERNEL32(00000000,LresultFromObject), ref: 0044BED8
                                            • GetProcAddress.KERNEL32(00000000,CreateStdAccessibleObject), ref: 0044BEE8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: CreateStdAccessibleObject$LresultFromObject$oleacc.dll
                                            • API String ID: 2238633743-1050967733
                                            • Opcode ID: abacc1ed5ed1df711e1e8ee03ae90b21d03a72e98de670892c8574e2f0669abe
                                            • Instruction ID: 119d9ded96c8020385292050e9bd4a1b60054d62b4ab52501d4127c2865211ec
                                            • Opcode Fuzzy Hash: abacc1ed5ed1df711e1e8ee03ae90b21d03a72e98de670892c8574e2f0669abe
                                            • Instruction Fuzzy Hash: 62F0FE70545745AAEB10ABE49E86B223294E320709F10157BA005B52E1C7FDC48CCE5D
                                            Function 0042E744 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 20libraryloaderwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0048DD4A,QueryCancelAutoPlay,00490B7B), ref: 0042E75A
                                            • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E760
                                            • InterlockedExchange.KERNEL32(00492660,00000001), ref: 0042E771
                                            • ChangeWindowMessageFilter.USER32(0000C15D,00000001), ref: 0042E782
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressChangeExchangeFilterHandleInterlockedMessageModuleProcWindow
                                            • String ID: ChangeWindowMessageFilter$user32.dll
                                            • API String ID: 1365377179-2498399450
                                            • Opcode ID: eab0b65c3067cf7eebd20b0fa5e3b11d0b4fe551875263116f1b4c2d8dfe968a
                                            • Instruction ID: 232ca1bda8f30e1dbeb1e37a17564225c323fdce3e6d3ccf23913f9b659c3ecd
                                            • Opcode Fuzzy Hash: eab0b65c3067cf7eebd20b0fa5e3b11d0b4fe551875263116f1b4c2d8dfe968a
                                            • Instruction Fuzzy Hash: 50E0ECB1742310BAEA247BB26E8AF5A2594A774715F900037F000655E6C6FD0D44D91D
                                            Function 00472434 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 14libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,00490B71), ref: 0047243A
                                            • GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00472447
                                            • GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00472457
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc$HandleModule
                                            • String ID: VerSetConditionMask$VerifyVersionInfoW$kernel32.dll
                                            • API String ID: 667068680-222143506
                                            • Opcode ID: 0f9ecaba7a057c0ff261be8817688d558130c40e5a9a1257119e418d6d35d74a
                                            • Instruction ID: 2634119a36086f07b4582bff0c6698110bc0db6046ba951e872dfe9231fcc97c
                                            • Opcode Fuzzy Hash: 0f9ecaba7a057c0ff261be8817688d558130c40e5a9a1257119e418d6d35d74a
                                            • Instruction Fuzzy Hash: 7AC0C9E0641700AEAA08B7B11E8397A2168D520B29B10813B704869187D6FC08045A2C
                                            Function 0041B614 Relevance: 9.1, APIs: 6, Instructions: 144windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFocus.USER32 ref: 0041B6ED
                                            • 73E9A570.USER32(?), ref: 0041B6F9
                                            • 73E98830.GDI32(00000000,?,00000000,00000000,0041B7C4,?,?), ref: 0041B72E
                                            • 73E922A0.GDI32(00000000,00000000,?,00000000,00000000,0041B7C4,?,?), ref: 0041B73A
                                            • 73EA6310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041B7A2,?,00000000,0041B7C4,?,?), ref: 0041B768
                                            • 73E98830.GDI32(00000000,00000000,00000000,0041B7A9,?,?,00000000,00000000,0041B7A2,?,00000000,0041B7C4,?,?), ref: 0041B79C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: E98830$A570A6310E922Focus
                                            • String ID:
                                            • API String ID: 184897721-0
                                            • Opcode ID: 2189f248925abbd8b3ed1d854bd6b727da44b470d0452cebfb9837d533ec30a6
                                            • Instruction ID: 8a3990a2e5d6fcee7426173f9b26f44009bdffde0bb17d68edab7397fe7bbe52
                                            • Opcode Fuzzy Hash: 2189f248925abbd8b3ed1d854bd6b727da44b470d0452cebfb9837d533ec30a6
                                            • Instruction Fuzzy Hash: 8C513D70A00608AFCF11DFA9C895AEEBBF4EF49704F10446AF510A7390D7789D81CBA9
                                            Function 0041B8E4 Relevance: 9.1, APIs: 6, Instructions: 142windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFocus.USER32 ref: 0041B9BF
                                            • 73E9A570.USER32(?), ref: 0041B9CB
                                            • 73E98830.GDI32(00000000,?,00000000,00000000,0041BA91,?,?), ref: 0041BA05
                                            • 73E922A0.GDI32(00000000,00000000,?,00000000,00000000,0041BA91,?,?), ref: 0041BA11
                                            • 73EA6310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041BA6F,?,00000000,0041BA91,?,?), ref: 0041BA35
                                            • 73E98830.GDI32(00000000,00000000,00000000,0041BA76,?,?,00000000,00000000,0041BA6F,?,00000000,0041BA91,?,?), ref: 0041BA69
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: E98830$A570A6310E922Focus
                                            • String ID:
                                            • API String ID: 184897721-0
                                            • Opcode ID: d8a2f350e31498a5aae0f9e9012618de704534965e1e336577d5547a4b9cf6c8
                                            • Instruction ID: 5f2264137962bc3366777cb0a2f232ffee2f3444c58f5864d32a49a15d3a62ac
                                            • Opcode Fuzzy Hash: d8a2f350e31498a5aae0f9e9012618de704534965e1e336577d5547a4b9cf6c8
                                            • Instruction Fuzzy Hash: FF512A75A002089FCB11DFA9C891AAEBBF9EF48700F118066F904EB751D7389D40CBA4
                                            Function 0041B4B0 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFocus.USER32 ref: 0041B526
                                            • 73E9A570.USER32(?,00000000,0041B600,?,?,?,?), ref: 0041B532
                                            • 73EA4620.GDI32(?,00000068,00000000,0041B5D4,?,?,00000000,0041B600,?,?,?,?), ref: 0041B54E
                                            • 73ECE680.GDI32(?,00000000,00000008,?,?,00000068,00000000,0041B5D4,?,?,00000000,0041B600,?,?,?,?), ref: 0041B56B
                                            • 73ECE680.GDI32(?,00000000,00000008,?,?,00000000,00000008,?,?,00000068,00000000,0041B5D4,?,?,00000000,0041B600), ref: 0041B582
                                            • 73E9A480.USER32(?,?,0041B5DB,?,?), ref: 0041B5CE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: E680$A4620A480A570Focus
                                            • String ID:
                                            • API String ID: 2226671993-0
                                            • Opcode ID: 01c1ab1f7a911bde34d09cc2a342371f0a4accf8ff51a2ca553a34b6587143a8
                                            • Instruction ID: 7d01233871e956700e45bbdad6d64e5c71f2ea9c135790645ddd3605e450c40d
                                            • Opcode Fuzzy Hash: 01c1ab1f7a911bde34d09cc2a342371f0a4accf8ff51a2ca553a34b6587143a8
                                            • Instruction Fuzzy Hash: 75410831A04258AFCB10DFA9C885EAFBBB5EF49704F1484AAF540E7341D3389D10CBA9
                                            Function 004571F4 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 98COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000030,00000FFF,00000000,00457320,?,?,00000000,00000000), ref: 0045725B
                                              • Part of subcall function 00456B34: CloseHandle.KERNEL32(?), ref: 00456B6B
                                              • Part of subcall function 00456B34: WaitForSingleObject.KERNEL32(?,00002710,?), ref: 00456B95
                                              • Part of subcall function 00456B34: GetExitCodeProcess.KERNEL32(?), ref: 00456BA6
                                              • Part of subcall function 00456B34: CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00456BED
                                              • Part of subcall function 00456B34: Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00456C09
                                              • Part of subcall function 00456B34: TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00456B87
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseHandleProcess$ByteCharCodeExitFullMultiNameObjectPathSingleSleepTerminateWaitWide
                                            • String ID: HelperRegisterTypeLibrary: StatusCode invalid$ITypeLib::GetLibAttr$LoadTypeLib$RegisterTypeLib$UnRegisterTypeLib
                                            • API String ID: 3965036325-83444288
                                            • Opcode ID: 31fa15a7aa2b9dc1df737989e8f984843badd8c4bd41ebd74a324bbfd4558fd6
                                            • Instruction ID: f74eade9246c561d7eda77dee430a1fc41308778ed490b298c47d2a514b049d7
                                            • Opcode Fuzzy Hash: 31fa15a7aa2b9dc1df737989e8f984843badd8c4bd41ebd74a324bbfd4558fd6
                                            • Instruction Fuzzy Hash: 1A318F30708604EBD711EB7A9882A5EB7E8EB44316F50847BBC45D7393DB38AE09D61D
                                            Function 0045A540 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 73COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetLastError.KERNEL32(00000057,00000000,0045A60C,?,?,?,?,00000000), ref: 0045A5AB
                                            • SetLastError.KERNEL32(00000000,00000002,?,?,?,0045A678,?,00000000,0045A60C,?,?,?,?,00000000), ref: 0045A5EA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast
                                            • String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
                                            • API String ID: 1452528299-1580325520
                                            • Opcode ID: 068a73805bbc91043a3266f77ff4c4ee40905737be1478f272e1aee34357c8d5
                                            • Instruction ID: 2c7cc5846e01bfe9336b3e21a4f35d5db95fca715acc3ac4ded287c5e5725028
                                            • Opcode Fuzzy Hash: 068a73805bbc91043a3266f77ff4c4ee40905737be1478f272e1aee34357c8d5
                                            • Instruction Fuzzy Hash: 3611A53560420CFBDB11DAA5C941F9E7AACDB84306F644137BD0166283E67C5F1E992F
                                            Function 0041BD34 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemMetrics.USER32(0000000B), ref: 0041BD7D
                                            • GetSystemMetrics.USER32(0000000C), ref: 0041BD87
                                            • 73E9A570.USER32(00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BD91
                                            • 73EA4620.GDI32(00000000,0000000E,00000000,0041BE04,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BDB8
                                            • 73EA4620.GDI32(00000000,0000000C,00000000,0000000E,00000000,0041BE04,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BDC5
                                            • 73E9A480.USER32(00000000,00000000,0041BE0B,0000000E,00000000,0041BE04,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BDFE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: A4620MetricsSystem$A480A570
                                            • String ID:
                                            • API String ID: 4120540252-0
                                            • Opcode ID: c0f607c4832dab40e87e7b844f37412e582122e43c2ccad9e229f5b09a45b98f
                                            • Instruction ID: ff93124ca59b6ac00208e06d0df3eb10c0faf638cbb47b26d2833e339793a6eb
                                            • Opcode Fuzzy Hash: c0f607c4832dab40e87e7b844f37412e582122e43c2ccad9e229f5b09a45b98f
                                            • Instruction Fuzzy Hash: 54213C74E00649AFEB04EFA9C942BEEB7B4EB48714F10802AF514B7780D7785940CFA9
                                            Function 00477494 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowLongA.USER32(?,000000EC), ref: 004774A2
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,00467815), ref: 004774C8
                                            • GetWindowLongA.USER32(?,000000EC), ref: 004774D8
                                            • SetWindowLongA.USER32(?,000000EC,00000000), ref: 004774F9
                                            • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 0047750D
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 00477529
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$Long$Show
                                            • String ID:
                                            • API String ID: 3609083571-0
                                            • Opcode ID: c41eeb88aa2c4be8c20c0d4bdc52dfa49bc3e122ae2c45cc5b3722405c0ca91b
                                            • Instruction ID: d82ed46f6b466fc3f8bc0bdcacefb2f605830931c017ceeb26b2ec5954116533
                                            • Opcode Fuzzy Hash: c41eeb88aa2c4be8c20c0d4bdc52dfa49bc3e122ae2c45cc5b3722405c0ca91b
                                            • Instruction Fuzzy Hash: 46015EB5655310BBD700DBA8CE41F263798AB0D334F090266B558DF7E3C279DC008BA8
                                            Function 0041B218 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0041A688: CreateBrushIndirect.GDI32 ref: 0041A6F3
                                            • UnrealizeObject.GDI32(00000000), ref: 0041B224
                                            • SelectObject.GDI32(?,00000000), ref: 0041B236
                                            • SetBkColor.GDI32(?,00000000), ref: 0041B259
                                            • SetBkMode.GDI32(?,00000002), ref: 0041B264
                                            • SetBkColor.GDI32(?,00000000), ref: 0041B27F
                                            • SetBkMode.GDI32(?,00000001), ref: 0041B28A
                                              • Part of subcall function 0041A000: GetSysColor.USER32(?), ref: 0041A00A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                            • String ID:
                                            • API String ID: 3527656728-0
                                            • Opcode ID: f29873dfcf61593aa75cb2549b6a9cf3e48997b8b5295c1044d98b88f295631e
                                            • Instruction ID: 991835cd13d00b1ecf70cab2c5668301369c46a92689b2ced77f157eaba3f874
                                            • Opcode Fuzzy Hash: f29873dfcf61593aa75cb2549b6a9cf3e48997b8b5295c1044d98b88f295631e
                                            • Instruction Fuzzy Hash: F1F0BFB1151500ABCF00FFAAD9CBE4B27A89F043097148057B944DF197C538D8504B3A
                                            Function 00473910 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 210registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000000,jPG,?,00000000,00000000,00000001,00000000,00473BAD,?,00000000), ref: 00473B71
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Close
                                            • String ID: Cannot access a 64-bit key in a "reg" constant on this version of Windows$Failed to parse "reg" constant$jPG$yNG
                                            • API String ID: 3535843008-3932832818
                                            • Opcode ID: 060162428fbd346b3ea393dfc701f1b9723bcb90f8050bc7c49164b157cea94a
                                            • Instruction ID: b7c2468eb7ac37771866f0ed0bbac7860b45a2d6c62ae04d18380af0e8b21fb7
                                            • Opcode Fuzzy Hash: 060162428fbd346b3ea393dfc701f1b9723bcb90f8050bc7c49164b157cea94a
                                            • Instruction Fuzzy Hash: D6816474E00148AFCB10DFA5C442ADEBBF9AF48315F5085AAE454B7391D738AF05CB98
                                            Function 00453BEC Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60
                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,00453D83,?,00000000,00453DC3), ref: 00453CC9
                                            Strings
                                            • WININIT.INI, xrefs: 00453CF8
                                            • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00453C4C
                                            • PendingFileRenameOperations, xrefs: 00453C68
                                            • PendingFileRenameOperations2, xrefs: 00453C98
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseOpen
                                            • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
                                            • API String ID: 47109696-2199428270
                                            • Opcode ID: 69e41d6f96c70b33ef2c31ab27252c38ab08a8415981eb295cc66caaa63ef1cf
                                            • Instruction ID: aa5cd69e504587c061a58de22e540fe2c0eb6883408e267526cdea27caab368f
                                            • Opcode Fuzzy Hash: 69e41d6f96c70b33ef2c31ab27252c38ab08a8415981eb295cc66caaa63ef1cf
                                            • Instruction Fuzzy Hash: AF51D730E002489BDB10EF61DC52ADEB7B9EF44745F50857BE804A7292DB3CAF09CA18
                                            Function 0048FDEC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 97COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042426C: SetWindowTextA.USER32(?,00000000), ref: 00424284
                                            • ShowWindow.USER32(?,00000005,00000000,00490051,?,?,00000000), ref: 0048FE22
                                              • Part of subcall function 0042D7A8: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D7BB
                                              • Part of subcall function 00407248: SetCurrentDirectoryA.KERNEL32(00000000,?,0048FE4A,00000000,0049001D,?,?,00000005,00000000,00490051,?,?,00000000), ref: 00407253
                                              • Part of subcall function 0042D330: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D3BE,?,?,00000000,?,?,0048FE54,00000000,0049001D,?,?,00000005), ref: 0042D365
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                            • String ID: .dat$.msg$IMsg$Uninstall
                                            • API String ID: 3312786188-1660910688
                                            • Opcode ID: 784f23c22bc4089779bce205d7ff3f28a2137267b823b7c18b58de954d51b763
                                            • Instruction ID: 7c6a2e238760992e5c67a20dbafbe681e3287029f6f793f122bf29b0ac37eaf5
                                            • Opcode Fuzzy Hash: 784f23c22bc4089779bce205d7ff3f28a2137267b823b7c18b58de954d51b763
                                            • Instruction Fuzzy Hash: 33316134A002049FCB11FF65DC52A5E7BB5EB89308F50847BF900A7751CB39AD05DB58
                                            Function 0042DC6C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32registrylibraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegDeleteKeyA.ADVAPI32(?,00000000), ref: 0042DC78
                                            • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,?,00000000,0042DDFB,00000000,0042DE13,?,?,?,?,00000006,?,00000000,0048F8FB), ref: 0042DC93
                                            • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042DC99
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressDeleteHandleModuleProc
                                            • String ID: RegDeleteKeyExA$advapi32.dll
                                            • API String ID: 588496660-1846899949
                                            • Opcode ID: 7a80425bfa703e483b3faf6f338cf9008a09661c63399848f89508ca22aefea6
                                            • Instruction ID: f6d26141eb233d03b94b2ed72026fa1db25b9960d6d40d8c32de7d906beb62d4
                                            • Opcode Fuzzy Hash: 7a80425bfa703e483b3faf6f338cf9008a09661c63399848f89508ca22aefea6
                                            • Instruction Fuzzy Hash: AAE06DF0B41230BAD62067ABBE4AF9326289F64725F544537F145A62D182FC4C41DE5C
                                            Function 00471674 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowThreadProcessId.USER32(00000000), ref: 0047167C
                                            • GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00471773,\/I,00000000), ref: 0047168F
                                            • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00471695
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProcProcessThreadWindow
                                            • String ID: AllowSetForegroundWindow$user32.dll
                                            • API String ID: 1782028327-3855017861
                                            • Opcode ID: aea0b27367123c46f2d2ab027466b49d23c9b655d45f9b28428bbd603b637824
                                            • Instruction ID: a3f3d1e0e2b6813b030e7eba76e2e5281102dca64866dc994b1bbab78c7268d3
                                            • Opcode Fuzzy Hash: aea0b27367123c46f2d2ab027466b49d23c9b655d45f9b28428bbd603b637824
                                            • Instruction Fuzzy Hash: ACD05EA0A017016BDE20B2B98D46D9B229C8D9471571C842B3404E21A6CA7CE800593C
                                            Function 00416BD4 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                            Download Yara Rule
                                            APIs
                                            • BeginPaint.USER32(00000000,?), ref: 00416BFA
                                            • SaveDC.GDI32(?), ref: 00416C2B
                                            • ExcludeClipRect.GDI32(?,?,?,?,?,?,00000000,00416CED), ref: 00416C8C
                                            • RestoreDC.GDI32(?,?), ref: 00416CB3
                                            • EndPaint.USER32(00000000,?,00416CF4,00000000,00416CED), ref: 00416CE7
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Paint$BeginClipExcludeRectRestoreSave
                                            • String ID:
                                            • API String ID: 3808407030-0
                                            • Opcode ID: 05b91c705dead32c22d601d06aaaaefc09bf00903a581cfd1e69d9044e53cd27
                                            • Instruction ID: 511e07c03593910ab38166e7e8fb99fbe2c7a584a9aae09983b44cf3f48c28fc
                                            • Opcode Fuzzy Hash: 05b91c705dead32c22d601d06aaaaefc09bf00903a581cfd1e69d9044e53cd27
                                            • Instruction Fuzzy Hash: E3414F70A04204AFCB14DFA9C985FAEB7F8EF48304F1640AAE84497362D778ED41CB58
                                            Function 004147A8 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1db4e5bd5f3073e3ba55cd164d497178988a2e4975f87a427fd18fb625363a14
                                            • Instruction ID: 16203bcbef39f9c243701adad7e95064df465d958f07c31b5226583d855f1c1b
                                            • Opcode Fuzzy Hash: 1db4e5bd5f3073e3ba55cd164d497178988a2e4975f87a427fd18fb625363a14
                                            • Instruction Fuzzy Hash: 26311F746047409FC320EB69C985BABB7E8AF89714F04891EF9D5C7791C678EC818B19
                                            Function 00429774 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 004297B0
                                            • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 004297DF
                                            • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 004297FB
                                            • SendMessageA.USER32(00000000,000000B1,00000000,00000000), ref: 00429826
                                            • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 00429844
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID:
                                            • API String ID: 3850602802-0
                                            • Opcode ID: 4dd9bf55c7c84a0b3396b3554a59a90620238bc04d6e8efcc95ab0f776c5b98c
                                            • Instruction ID: 5d1141d17212aa5e1ef3752c12f2028c23e494b9df8dcdef2cd4cdfe20676ed7
                                            • Opcode Fuzzy Hash: 4dd9bf55c7c84a0b3396b3554a59a90620238bc04d6e8efcc95ab0f776c5b98c
                                            • Instruction Fuzzy Hash: 3D21A1707507047AD710AB67DC82F9B76ACEB42B04F95443E7502BB2D2DA79DD428258
                                            Function 0041BB60 Relevance: 7.6, APIs: 5, Instructions: 83COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemMetrics.USER32(0000000B), ref: 0041BB72
                                            • GetSystemMetrics.USER32(0000000C), ref: 0041BB7C
                                            • 73E9A570.USER32(00000000,00000001,0000000C,0000000B,?,?), ref: 0041BBBA
                                            • 73EA6310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041BD25,?,00000000,00000001,0000000C,0000000B,?,?), ref: 0041BC01
                                            • DeleteObject.GDI32(00000000), ref: 0041BC42
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MetricsSystem$A570A6310DeleteObject
                                            • String ID:
                                            • API String ID: 3435189566-0
                                            • Opcode ID: 9adb9e8c89caf01d0a638f348740fc7edbd2731d44c2c24643151140fb28a82b
                                            • Instruction ID: 7d0d535dbebdf4f070bae8ba3fc8fcac1153e0bddf000454aa628fb6ab968105
                                            • Opcode Fuzzy Hash: 9adb9e8c89caf01d0a638f348740fc7edbd2731d44c2c24643151140fb28a82b
                                            • Instruction Fuzzy Hash: 0D317174E00209EFDB04DFA5C941AAEF7F5EB48700F10846AF514AB385D7389E80DB94
                                            Function 0046D898 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0045A540: SetLastError.KERNEL32(00000057,00000000,0045A60C,?,?,?,?,00000000), ref: 0045A5AB
                                            • GetLastError.KERNEL32(00000000,00000000,00000000,0046D96C,?,?,00000001,0049307C), ref: 0046D925
                                            • GetLastError.KERNEL32(00000000,00000000,00000000,0046D96C,?,?,00000001,0049307C), ref: 0046D93B
                                            Strings
                                            • Could not set permissions on the registry key because it currently does not exist., xrefs: 0046D92F
                                            • Setting permissions on registry key: %s\%s, xrefs: 0046D8EA
                                            • Failed to set permissions on registry key (%d)., xrefs: 0046D94C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast
                                            • String ID: Could not set permissions on the registry key because it currently does not exist.$Failed to set permissions on registry key (%d).$Setting permissions on registry key: %s\%s
                                            • API String ID: 1452528299-4018462623
                                            • Opcode ID: 18f77fade0994c6fc899b5d9ef85e329e14ba50152d782af13df1c5d82336a90
                                            • Instruction ID: 2fb07483fd0a7251048a58d7dedf702ee348f7c8dbf283d8b9408d2b96eb0a9e
                                            • Opcode Fuzzy Hash: 18f77fade0994c6fc899b5d9ef85e329e14ba50152d782af13df1c5d82336a90
                                            • Instruction Fuzzy Hash: CB21A4B0F046445FCB00DBA9C8826AEBAE4DB49314F50417BA414E7392E6785D09CBAE
                                            Function 00403CA4 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                            • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403CFC
                                            • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403D06
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403D15
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$AllocString
                                            • String ID:
                                            • API String ID: 262959230-0
                                            • Opcode ID: ec9330e6fa7a8659c1beb9ec543e50d139d4e0e8a78981a79d0ac640ed5c34b8
                                            • Instruction ID: 657f84db466bd1c54801a2b30447fc2084338491f8142acf58a262d5883cef98
                                            • Opcode Fuzzy Hash: ec9330e6fa7a8659c1beb9ec543e50d139d4e0e8a78981a79d0ac640ed5c34b8
                                            • Instruction Fuzzy Hash: FCF0A4917442043BF21025A65C43F6B198CCB82B9BF50053FB704FA1D2D87C9D04427D
                                            Function 00414388 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                            • 73E98830.GDI32(00000000,00000000,00000000), ref: 004143C1
                                            • 73E922A0.GDI32(00000000,00000000,00000000,00000000), ref: 004143C9
                                            • 73E98830.GDI32(00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 004143DD
                                            • 73E922A0.GDI32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 004143E3
                                            • 73E9A480.USER32(00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 004143EE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: E922E98830$A480
                                            • String ID:
                                            • API String ID: 3692852386-0
                                            • Opcode ID: a82122af31a8aec246995b2a86ca6dd819a62577bbe41f01694e2b233259fffd
                                            • Instruction ID: 075c4eaa6eababf39ef1bcc04ba03af1ed36323413641ea814e4f99408aec64f
                                            • Opcode Fuzzy Hash: a82122af31a8aec246995b2a86ca6dd819a62577bbe41f01694e2b233259fffd
                                            • Instruction Fuzzy Hash: E501DF3131C3806AD200B63E8C85A9F6BED8FCA314F05546EF498DB382CA7ACC018766
                                            Function 00401548 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 45memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(?,00100000,00002000,00000004,P$I,?,?,?,004018B4), ref: 00401566
                                            • VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,00100000,00002000,00000004,P$I,?,?,?,004018B4), ref: 0040158B
                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00100000,00002000,00000004,P$I,?,?,?,004018B4), ref: 004015B1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Virtual$Alloc$Free
                                            • String ID: @$I$P$I
                                            • API String ID: 3668210933-2914900308
                                            • Opcode ID: fce1606467af8550c5b018af38dd943930b60dea47268f49170f1643513630e1
                                            • Instruction ID: 87006be24bad80dd1cc56b86a6ffae3645cf31722f94d2f4d5d5d4de76e86b34
                                            • Opcode Fuzzy Hash: fce1606467af8550c5b018af38dd943930b60dea47268f49170f1643513630e1
                                            • Instruction Fuzzy Hash: 48F0C2B1640320BAEB315A294C85F133AD8DBC5794F1040B6BE09FF3DAD6B8980082AC
                                            Function 00406F44 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 156shareCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WNetGetUniversalNameA.MPR(00000000,00000001,?,00000400), ref: 00406FA3
                                            • WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,?), ref: 0040701D
                                            • WNetEnumResourceA.MPR(?,FFFFFFFF,?,?), ref: 00407075
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Enum$NameOpenResourceUniversal
                                            • String ID: Z
                                            • API String ID: 3604996873-1505515367
                                            • Opcode ID: b45eb0edb20795645dcbd4fc4cc9de1517ba2fb8e3a3a1bdfe5558624a41bfc2
                                            • Instruction ID: bd8e5ae94ca74df4e9131491a9bde93b7ed2ce1d7e59c57d2d509c2ab305fdf4
                                            • Opcode Fuzzy Hash: b45eb0edb20795645dcbd4fc4cc9de1517ba2fb8e3a3a1bdfe5558624a41bfc2
                                            • Instruction Fuzzy Hash: C3516370E04248AFDB11DF65C981A9FB7B9EF09304F1041BAE500BB3D1D778AE458B5A
                                            Function 0042E8AC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON
                                            Download Yara Rule
                                            APIs
                                            • 73E9A570.USER32(00000000,00000000,0042E9FF,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0042E8D6
                                              • Part of subcall function 0041A190: CreateFontIndirectA.GDI32(?), ref: 0041A24F
                                            • SelectObject.GDI32(?,00000000), ref: 0042E8F9
                                            • 73E9A480.USER32(00000000,?,0042E9E4,00000000,0042E9DD,?,00000000,00000000,0042E9FF,?,?,?,?,00000000,00000000,00000000), ref: 0042E9D7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: A480A570CreateFontIndirectObjectSelect
                                            • String ID: ...\
                                            • API String ID: 2998766281-983595016
                                            • Opcode ID: 0abe42e3825d138716532803585986b19ef8b1cd23e6fed3d9a5b7748e7d04e5
                                            • Instruction ID: 807027aef349940e21883cde7310681b589974d129d52fe5cab9b03fce9682ec
                                            • Opcode Fuzzy Hash: 0abe42e3825d138716532803585986b19ef8b1cd23e6fed3d9a5b7748e7d04e5
                                            • Instruction Fuzzy Hash: E43163B0B00228AFDF11EB9AD841BAEB7F8EF49304F90447BF400A7291D7785D41CA59
                                            Function 00452038 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,0048EF85,_iu,?,00000000,00452172), ref: 00452127
                                            • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,0048EF85,_iu,?,00000000,00452172), ref: 00452137
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseCreateFileHandle
                                            • String ID: .tmp$_iu
                                            • API String ID: 3498533004-10593223
                                            • Opcode ID: 79798266e3e7fe8cfb16cd5262dff786532df88c62617b077530375ed073addb
                                            • Instruction ID: 8b1672352a1cca793e1e6cdfbdd22016e493eddba5fdcbb921eb9ed9b7b44ad0
                                            • Opcode Fuzzy Hash: 79798266e3e7fe8cfb16cd5262dff786532df88c62617b077530375ed073addb
                                            • Instruction Fuzzy Hash: 0A31B470A00219ABCB11EBA5C982B9FBBB5AF55305F60452BF900B73C2D6785F05C769
                                            Function 0048B200 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 92registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60
                                            • RegCloseKey.ADVAPI32(?,0048B2FE,?,?,00000001,00000000,00000000,0048B319), ref: 0048B2E7
                                            Strings
                                            • %s\%s_is1, xrefs: 0048B278
                                            • Inno Setup CodeFile: , xrefs: 0048B2AA
                                            • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0048B25A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseOpen
                                            • String ID: %s\%s_is1$Inno Setup CodeFile: $Software\Microsoft\Windows\CurrentVersion\Uninstall
                                            • API String ID: 47109696-1837835967
                                            • Opcode ID: eb713ef3831718b8d163b7e2be6bc0042853b394d4cef771d76c16a134f9b0b6
                                            • Instruction ID: 0bbfca5d8e67a63f19b98566c4155a9780f55c0bd593ce93c1bd7f852685ee81
                                            • Opcode Fuzzy Hash: eb713ef3831718b8d163b7e2be6bc0042853b394d4cef771d76c16a134f9b0b6
                                            • Instruction Fuzzy Hash: 6C319970A042485FDB11EF96CC5169EBBF8EB48304F904477E814E7391D7789D058B98
                                            Function 004163B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClassInfoA.USER32(00400000,?,?), ref: 00416427
                                            • UnregisterClassA.USER32(?,00400000), ref: 00416453
                                            • RegisterClassA.USER32(?), ref: 00416476
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Class$InfoRegisterUnregister
                                            • String ID: @
                                            • API String ID: 3749476976-2766056989
                                            • Opcode ID: 6907ebacbc425d203c19feeaa3f3a701a2d9c4ec905367e3aa45e9c701751293
                                            • Instruction ID: 74af36b6803d41f6853cd3ce3d24e6ffc0c269dd3492e9de927f187c4c73ed65
                                            • Opcode Fuzzy Hash: 6907ebacbc425d203c19feeaa3f3a701a2d9c4ec905367e3aa45e9c701751293
                                            • Instruction Fuzzy Hash: AA315C702042409BDB10EF69C981B9A77E5AB88308F04457FFA45DB392DB39D985CB6A
                                            Function 0044F630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageA.USER32(00000000,0000000E,00000000,00000000), ref: 0044F694
                                            • SendMessageA.USER32(00000000,0000044B,00000000,?), ref: 0044F6D6
                                            • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 0044F707
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend$ExecuteShell
                                            • String ID: open
                                            • API String ID: 2179883421-2758837156
                                            • Opcode ID: 5d65bdf1a68a50360177b59e1b17de20557ee183efcfcb1c09acd8af14c107c4
                                            • Instruction ID: 27722ccdd30e14b9079027b813231ec9417c8d596d109131258b3d0fa24c6570
                                            • Opcode Fuzzy Hash: 5d65bdf1a68a50360177b59e1b17de20557ee183efcfcb1c09acd8af14c107c4
                                            • Instruction Fuzzy Hash: 1C215070E40204BFEB10DFA9DC82B9EBBB8EF44714F11857AB501A7292D67C9A458A48
                                            Function 00490200 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesA.KERNEL32(00000000,00490ACD,00000000,004902F6,?,?,00000000,00492628), ref: 00490270
                                            • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00490ACD,00000000,004902F6,?,?,00000000,00492628), ref: 00490299
                                            • MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 004902B2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: File$Attributes$Move
                                            • String ID: isRS-%.3u.tmp
                                            • API String ID: 3839737484-3657609586
                                            • Opcode ID: 8d501dbe8754779fbbc4551a6ef16c6ba155ba939730555f28b22adbbd9d1952
                                            • Instruction ID: 84ec0ba2a7a86931400e9934c1aa84bf5b308f9588d1f16149e0ac51d8a7354a
                                            • Opcode Fuzzy Hash: 8d501dbe8754779fbbc4551a6ef16c6ba155ba939730555f28b22adbbd9d1952
                                            • Instruction Fuzzy Hash: CE216271E01219AFCF11EFA9C885AAFBBB8EF44314F10457BB814B72D1D6389E018A59
                                            Function 00454A08 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042C6FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C720
                                              • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                              • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                            • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00454A5C
                                            • RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00454A89
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Type$AllocByteCharFullLoadMultiNamePathRegisterStringWide
                                            • String ID: LoadTypeLib$RegisterTypeLib
                                            • API String ID: 1312246647-2435364021
                                            • Opcode ID: 719ad4b60c32aa3cbd6ed5885918d9ea123e5aed305bc0886390dd49f36b663c
                                            • Instruction ID: 783231ea94435fc0087f34711460946af1774244c06649ca950b936fb7940314
                                            • Opcode Fuzzy Hash: 719ad4b60c32aa3cbd6ed5885918d9ea123e5aed305bc0886390dd49f36b663c
                                            • Instruction Fuzzy Hash: 8911A230B40604AFDB51DBA6DD51A5EB7B9DB89309B104476B800D7652DA389D44C618
                                            Function 00471F00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowkeyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042426C: SetWindowTextA.USER32(?,00000000), ref: 00424284
                                            • GetFocus.USER32 ref: 00471F6B
                                            • GetKeyState.USER32(0000007A), ref: 00471F7D
                                            • WaitMessage.USER32(?,00000000,00471FA4,?,00000000,00471FCB,?,?,00000001,00000000,?,?,?,?,004791FF,00000000), ref: 00471F87
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: FocusMessageStateTextWaitWindow
                                            • String ID: Wnd=$%x
                                            • API String ID: 1381870634-2927251529
                                            • Opcode ID: 904e366136cff3dcaea322836a94cc964bf7325938357fb60853c8530aeb4b31
                                            • Instruction ID: c5684f2cadfa6479c06ce6299043275e4b927561dd953dc9e3c22c30dc13880d
                                            • Opcode Fuzzy Hash: 904e366136cff3dcaea322836a94cc964bf7325938357fb60853c8530aeb4b31
                                            • Instruction Fuzzy Hash: 51115434A04144AFC701EFA9DC51A9E77B8EB49714B5184B7F408E3661D73C6E00CA69
                                            Function 0042EB68 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetActiveWindow.USER32 ref: 0042EB9F
                                            • MessageBoxA.USER32(?,00000000,00000000,00000001), ref: 0042EBCB
                                            • SetActiveWindow.USER32(?,0042EBF9,00000000,0042EC47,?,?,00000000,?), ref: 0042EBEC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ActiveWindow$Message
                                            • String ID: t}G
                                            • API String ID: 2113736151-3734030870
                                            • Opcode ID: 29a5b97e5e16aea11bd18ac248af5cdc38bd738e31227901ecfe22b68a917f0a
                                            • Instruction ID: 93637352c78226270701b452ebd95810c2fea060df2177fc870e4549b641cd3b
                                            • Opcode Fuzzy Hash: 29a5b97e5e16aea11bd18ac248af5cdc38bd738e31227901ecfe22b68a917f0a
                                            • Instruction Fuzzy Hash: 1B010030A00218AFD701EBB6DC02D5BBBACEB09714B42487AB400D3261D6789C10CA68
                                            Function 00468DA4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FileTimeToLocalFileTime.KERNEL32(?), ref: 00468DAC
                                            • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00468DBB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Time$File$LocalSystem
                                            • String ID: %.4u-%.2u-%.2u %.2u:%.2u:%.2u.%.3u$(invalid)
                                            • API String ID: 1748579591-1013271723
                                            • Opcode ID: 7e5271fab70280bf4b606e1d52b7b41780ffbf2908240b8135230958cc2b66a9
                                            • Instruction ID: af565f08344929a1575728fac9f51d9e1992ec61425725bc294c4af9dfcd658b
                                            • Opcode Fuzzy Hash: 7e5271fab70280bf4b606e1d52b7b41780ffbf2908240b8135230958cc2b66a9
                                            • Instruction Fuzzy Hash: 4D11F8A140C3919ED340DF6AC44432FBBE4AB89704F44496EF9D8D6381E77AC948DB67
                                            Function 004525CE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFileAttributesA.KERNEL32(00000000,00000020), ref: 004525DB
                                              • Part of subcall function 00406EF0: DeleteFileA.KERNEL32(00000000,00492628,004906E1,00000000,00490736,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406EFB
                                            • MoveFileA.KERNEL32(00000000,00000000), ref: 00452600
                                              • Part of subcall function 00451C18: GetLastError.KERNEL32(00000000,00452689,00000005,00000000,004526BE,?,?,00000000,00492628,00000004,00000000,00000000,00000000,?,00490395,00000000), ref: 00451C1B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: File$AttributesDeleteErrorLastMove
                                            • String ID: DeleteFile$MoveFile
                                            • API String ID: 3024442154-139070271
                                            • Opcode ID: 83ba370e3e64a4e704fc70349a51a9e3dceb6ba2ad42e3b2449a01ecd04fdfa4
                                            • Instruction ID: 4e1aed58776595ab6c7b67b54cba174f3ed66ee01ab59955a5ec3a7bb6030dfd
                                            • Opcode Fuzzy Hash: 83ba370e3e64a4e704fc70349a51a9e3dceb6ba2ad42e3b2449a01ecd04fdfa4
                                            • Instruction Fuzzy Hash: 5AF086706441045BEB01FBA5DA5266F63ECEB4930AFA0443BB800B76C3DA7C9D094939
                                            Function 0047C4E4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60
                                            • RegQueryValueExA.ADVAPI32(?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 0047C525
                                            • RegCloseKey.ADVAPI32(?,?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 0047C548
                                            Strings
                                            • CSDVersion, xrefs: 0047C51C
                                            • System\CurrentControlSet\Control\Windows, xrefs: 0047C4F2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseOpenQueryValue
                                            • String ID: CSDVersion$System\CurrentControlSet\Control\Windows
                                            • API String ID: 3677997916-1910633163
                                            • Opcode ID: d11d8727812d4bf653ba9fad472cff514831df08cf90a113c7cc6589666a2937
                                            • Instruction ID: 2b22ae4652a4094afc35098fa0d5140fa3c6298d341fdca8ef5f3daa64d39871
                                            • Opcode Fuzzy Hash: d11d8727812d4bf653ba9fad472cff514831df08cf90a113c7cc6589666a2937
                                            • Instruction Fuzzy Hash: 9EF03175A40218B6DF10DBD58C85BDFB3BCAB04704F20856BE518E7280E779EB04CB99
                                            Function 0042D7D4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,004522D6,00000000,00452379,?,?,00000000,00000000,00000000,00000000,00000000,?,00452645,00000000), ref: 0042D7EE
                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D7F4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: GetSystemWow64DirectoryA$kernel32.dll
                                            • API String ID: 1646373207-4063490227
                                            • Opcode ID: 8f34210d132ffad2d78c7e395ddc2585d5b3368dd4f076d4c173a15340c37754
                                            • Instruction ID: 72f845c82f3cbe693efe641176354b007bcea55f3b4776dcd007fff52ee4f80f
                                            • Opcode Fuzzy Hash: 8f34210d132ffad2d78c7e395ddc2585d5b3368dd4f076d4c173a15340c37754
                                            • Instruction Fuzzy Hash: CEE04F61F40B9012D71079BA6C87B6B158D8B88724F94843B39A4E62C3DEBCD9441A9E
                                            Function 0044EE30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00490B49), ref: 0044EE6B
                                            • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044EE71
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: NotifyWinEvent$user32.dll
                                            • API String ID: 1646373207-597752486
                                            • Opcode ID: 83da1b54e2e08ddaedeaff43434809e0da95789e88c77915d5179acc8f46ea33
                                            • Instruction ID: 3299c0b031c0e1fe2281b99bd24a528ff0331131e662fdb77b0e16fc83453d47
                                            • Opcode Fuzzy Hash: 83da1b54e2e08ddaedeaff43434809e0da95789e88c77915d5179acc8f46ea33
                                            • Instruction Fuzzy Hash: B0E012E0E42741AAEB01BBF79A46B0A3AD1B73471DF1004BBF10467192CBBC0458CB1E
                                            Function 00490914 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00490B95,00000001,00000000,00490BB9), ref: 0049091E
                                            • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00490924
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: DisableProcessWindowsGhosting$user32.dll
                                            • API String ID: 1646373207-834958232
                                            • Opcode ID: 4b48ddbf2ae65069f6fda05345d4f43ab7ae7b2b768fb27b4b75cf04a15282ea
                                            • Instruction ID: 838b278ec98e31f4c73fd57d7bfbee2b42f08c5e91e18395c18da76804b5d864
                                            • Opcode Fuzzy Hash: 4b48ddbf2ae65069f6fda05345d4f43ab7ae7b2b768fb27b4b75cf04a15282ea
                                            • Instruction Fuzzy Hash: EEB092C064170168EC1033F60D12B1F0C084881724B1400373810B10C3CD6CD800582D
                                            Function 0045FCBC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0044AD34: LoadLibraryA.KERNEL32(uxtheme.dll,?,0044EE61,00490B49), ref: 0044AD5B
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044AD73
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044AD85
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044AD97
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044ADA9
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044ADBB
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044ADCD
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044ADDF
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044ADF1
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044AE03
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044AE15
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044AE27
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044AE39
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044AE4B
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044AE5D
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044AE6F
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044AE81
                                              • Part of subcall function 0044AD34: GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044AE93
                                            • LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,00490B67), ref: 0045FCCB
                                            • GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 0045FCD1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: SHPathPrepareForWriteA$shell32.dll
                                            • API String ID: 2238633743-2683653824
                                            • Opcode ID: 674b9a410425b3b73cfc06970759500dafabbd6af8f586181f23aa40a50daa10
                                            • Instruction ID: 337f9dc4bf1040498e6f486c22bc5dde57220a7dd07e65f04bb4b60c7b67ef44
                                            • Opcode Fuzzy Hash: 674b9a410425b3b73cfc06970759500dafabbd6af8f586181f23aa40a50daa10
                                            • Instruction Fuzzy Hash: 83B092D0A81785B88E01B7B2998391A2514A650B0F720047B7C04B94C7CEBC008D6A6F
                                            Function 00413CA0 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDesktopWindow.USER32 ref: 00413CEE
                                            • GetDesktopWindow.USER32 ref: 00413DA6
                                              • Part of subcall function 00418E68: 6FA2C6F0.COMCTL32(?,00000000,00413F6B,00000000,0041407B,?,?,00492628), ref: 00418E84
                                              • Part of subcall function 00418E68: ShowCursor.USER32(00000001,?,00000000,00413F6B,00000000,0041407B,?,?,00492628), ref: 00418EA1
                                            • SetCursor.USER32(00000000,?,?,?,?,00413A9B,00000000,00413AAE), ref: 00413DE4
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CursorDesktopWindow$Show
                                            • String ID:
                                            • API String ID: 2074268717-0
                                            • Opcode ID: c0a5a9a3f23ddf0fdb38005436cf92fc6adf24d58530c29053f60a471aec8e15
                                            • Instruction ID: c44ea819ba4037f48297b9dda5801cfcbd8121a3a152854b6b02c08412c937c2
                                            • Opcode Fuzzy Hash: c0a5a9a3f23ddf0fdb38005436cf92fc6adf24d58530c29053f60a471aec8e15
                                            • Instruction Fuzzy Hash: 90414C75600110BFCB10EF29FAD9B9637E5AB64325F16807BE404CB365DAB8EC81DB58
                                            Function 004089F4 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleFileNameA.KERNEL32(00400000,?,00000100), ref: 00408A15
                                            • LoadStringA.USER32(00400000,0000FF9E,?,00000040), ref: 00408A84
                                            • LoadStringA.USER32(00400000,0000FF9F,?,00000040), ref: 00408B1F
                                            • MessageBoxA.USER32(00000000,?,?,00002010), ref: 00408B5E
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: LoadString$FileMessageModuleName
                                            • String ID:
                                            • API String ID: 704749118-0
                                            • Opcode ID: e08be93b19a1cddc4bd5487b5509b10aac953965d6ff4287a83413ce4527f0a1
                                            • Instruction ID: 4e3ae3d55980ca36df37c0f6f31f55762440d7de19fd646938f5a693a080efc6
                                            • Opcode Fuzzy Hash: e08be93b19a1cddc4bd5487b5509b10aac953965d6ff4287a83413ce4527f0a1
                                            • Instruction Fuzzy Hash: 0F3143706083849AD330EB65C945F9B77E89B86704F40483FB6C8E72D1DB795908876B
                                            Function 0044DFB0 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageA.USER32(00000000,000001A1,?,00000000), ref: 0044DFF9
                                              • Part of subcall function 0044C62C: SendMessageA.USER32(00000000,000001A0,?,00000000), ref: 0044C65E
                                            • InvalidateRect.USER32(00000000,00000000,00000001,00000000,000001A1,?,00000000), ref: 0044E07D
                                              • Part of subcall function 0042BB5C: SendMessageA.USER32(00000000,0000018E,00000000,00000000), ref: 0042BB70
                                            • IsRectEmpty.USER32(?), ref: 0044E03F
                                            • ScrollWindowEx.USER32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000006), ref: 0044E062
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend$Rect$EmptyInvalidateScrollWindow
                                            • String ID:
                                            • API String ID: 855768636-0
                                            • Opcode ID: a016e4b893d0b61d6fc16ea788ceac071314e27b0018c062adb4e940fa0ff4d7
                                            • Instruction ID: 7aee670bcfb8eb3b6de293677f7b28f2d941b2dfee79f0c9038e744660d2ac79
                                            • Opcode Fuzzy Hash: a016e4b893d0b61d6fc16ea788ceac071314e27b0018c062adb4e940fa0ff4d7
                                            • Instruction Fuzzy Hash: BD11907174031027E610BA3E9C86B5F76899B88748F05493FB545EB383DDBDDC094399
                                            Function 0048DAAC Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                            Download Yara Rule
                                            APIs
                                            • OffsetRect.USER32(?,?,00000000), ref: 0048DB10
                                            • OffsetRect.USER32(?,00000000,?), ref: 0048DB2B
                                            • OffsetRect.USER32(?,?,00000000), ref: 0048DB45
                                            • OffsetRect.USER32(?,00000000,?), ref: 0048DB60
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: OffsetRect
                                            • String ID:
                                            • API String ID: 177026234-0
                                            • Opcode ID: fc16b123eb7b5af0d1f41d7d74d95bc65ca2d2300f8b1348e127f489464c5e53
                                            • Instruction ID: 20aeee4d2b07ae62cc9dc5e78f47db44159e8b2d0969b42eb6e8c3539826bbe7
                                            • Opcode Fuzzy Hash: fc16b123eb7b5af0d1f41d7d74d95bc65ca2d2300f8b1348e127f489464c5e53
                                            • Instruction Fuzzy Hash: DA218EB6B04201ABD700DE69CD85E5BB7EEEBD4304F14CA2AF544C7389D634F84487A6
                                            Function 0048D764 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                            Download Yara Rule
                                            APIs
                                            • MulDiv.KERNEL32(8B500000,00000008,?), ref: 0048D779
                                            • MulDiv.KERNEL32(50142444,00000008,?), ref: 0048D78D
                                            • MulDiv.KERNEL32(F77DE7E8,00000008,?), ref: 0048D7A1
                                            • MulDiv.KERNEL32(8BF88BFF,00000008,?), ref: 0048D7BF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1c7c6c338261a481ad8b7901dc756b9c3c7a5dc3a5f053bd0898b94715f12a61
                                            • Instruction ID: 600d8a0932f196341a5d2119bb187cb8608b3b3d374fe33bc178acc1610e68b6
                                            • Opcode Fuzzy Hash: 1c7c6c338261a481ad8b7901dc756b9c3c7a5dc3a5f053bd0898b94715f12a61
                                            • Instruction Fuzzy Hash: 7D113376A04204AFCB40EFA9D8C4D9B77ECEF4D370B14456AF918DB286D634ED408BA4
                                            Function 0041F428 Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClassInfoA.USER32(00400000,0041F418,?), ref: 0041F449
                                            • UnregisterClassA.USER32(0041F418,00400000), ref: 0041F472
                                            • RegisterClassA.USER32(00491598), ref: 0041F47C
                                            • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 0041F4B7
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Class$InfoLongRegisterUnregisterWindow
                                            • String ID:
                                            • API String ID: 4025006896-0
                                            • Opcode ID: 761ca2ece1ab3754932666086e5ff0fe31a56c3d7f92931e99de52f18d346379
                                            • Instruction ID: 0e76fd6e7c714867a95bae8c9fe2d4343c59fb837708c2c10e589f0ce1237785
                                            • Opcode Fuzzy Hash: 761ca2ece1ab3754932666086e5ff0fe31a56c3d7f92931e99de52f18d346379
                                            • Instruction Fuzzy Hash: 380192712401057BCB10EBA8DD81E9B3798A759324B11423BBA16E72E2C6359D198BAC
                                            Function 0040D1A8 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                            • FindResourceA.KERNEL32(00400000,?,00000000), ref: 0040D1BF
                                            • LoadResource.KERNEL32(00400000,72756F73,0040A960,00400000,00000001,00000000,?,0040D11C,00000000,?,00000000,?,?,00475D88,0000000A,REGDLL_EXE), ref: 0040D1D9
                                            • SizeofResource.KERNEL32(00400000,72756F73,00400000,72756F73,0040A960,00400000,00000001,00000000,?,0040D11C,00000000,?,00000000,?,?,00475D88), ref: 0040D1F3
                                            • LockResource.KERNEL32(74536563,00000000,00400000,72756F73,00400000,72756F73,0040A960,00400000,00000001,00000000,?,0040D11C,00000000,?,00000000,?), ref: 0040D1FD
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Resource$FindLoadLockSizeof
                                            • String ID:
                                            • API String ID: 3473537107-0
                                            • Opcode ID: 06d5a2224ff0889236480c5d79a412c4b439f6556495b070d29e0fa02e81d982
                                            • Instruction ID: bdc6fd998ef4e88b0830a639bb7e725ca803f690ad01cf79ba3c1cf188caca31
                                            • Opcode Fuzzy Hash: 06d5a2224ff0889236480c5d79a412c4b439f6556495b070d29e0fa02e81d982
                                            • Instruction Fuzzy Hash: 9FF0FBB2A056046F9744EE9EA881D6B76DCDE88364320016FF908EB246DA38DD118B78
                                            Function 0046A298 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(00000000,00000000), ref: 0046A2E9
                                            Strings
                                            • Failed to set NTFS compression state (%d)., xrefs: 0046A2FA
                                            • Unsetting NTFS compression on directory: %s, xrefs: 0046A2CF
                                            • Setting NTFS compression on directory: %s, xrefs: 0046A2B7
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast
                                            • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on directory: %s$Unsetting NTFS compression on directory: %s
                                            • API String ID: 1452528299-1392080489
                                            • Opcode ID: 4d3942e9cc61f02bf791f275095a639e0222dadc5439085e038e50f3473c57ee
                                            • Instruction ID: fae52b56698cbef2ef65a100aaaf1ff6f22f0878e20b839bb13b77e1b18f05a4
                                            • Opcode Fuzzy Hash: 4d3942e9cc61f02bf791f275095a639e0222dadc5439085e038e50f3473c57ee
                                            • Instruction Fuzzy Hash: 62018430D18648A6CB0097ED50512DDBBE49F09304F4481EBA855EB382EB791A184F9B
                                            Function 004542B0 Relevance: 6.0, APIs: 4, Instructions: 41registrywindowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0042DC44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0047C503,?,00000001,?,?,0047C503,?,00000001,00000000), ref: 0042DC60
                                            • RegDeleteValueA.ADVAPI32(?,00000000,?,00000002,00000000,?,?,00000000,00458EC3,?,?,?,?,?,00000000,00458ED6), ref: 004542EC
                                            • RegCloseKey.ADVAPI32(00000000,?,00000000,?,00000002,00000000,?,?,00000000,00458EC3,?,?,?,?,?,00000000), ref: 004542F5
                                            • RemoveFontResourceA.GDI32(00000000), ref: 00454302
                                            • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 00454316
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
                                            • String ID:
                                            • API String ID: 4283692357-0
                                            • Opcode ID: 99ab77ea899cdd361c13434c307c17863ab6f9ac3ca4949502ef423a2822a1bc
                                            • Instruction ID: 6bcd884f58daa4cf242193067a8401f82c1379502e7cf10432dee752efbb2f93
                                            • Opcode Fuzzy Hash: 99ab77ea899cdd361c13434c307c17863ab6f9ac3ca4949502ef423a2822a1bc
                                            • Instruction Fuzzy Hash: 9CF05EB574535136EA10B6B65C87F5B228C8F94749F10883BBA00EF2D3D97CDC05962D
                                            Function 0046AB88 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,00000000), ref: 0046ABD9
                                            Strings
                                            • Unsetting NTFS compression on file: %s, xrefs: 0046ABBF
                                            • Failed to set NTFS compression state (%d)., xrefs: 0046ABEA
                                            • Setting NTFS compression on file: %s, xrefs: 0046ABA7
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLast
                                            • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on file: %s$Unsetting NTFS compression on file: %s
                                            • API String ID: 1452528299-3038984924
                                            • Opcode ID: 1e8bcf552af8bc3392dbf0996a1f185d8ced690d2f94648fef7693de0000dbcf
                                            • Instruction ID: e77f6018277675d8139a31bc4823810fa5650a54dc532de9f13faf9e2e869009
                                            • Opcode Fuzzy Hash: 1e8bcf552af8bc3392dbf0996a1f185d8ced690d2f94648fef7693de0000dbcf
                                            • Instruction Fuzzy Hash: 4F016230E186486ACB04D7AD90512EEBBE49F09304F4481EFA455E7382EA791A188F9B
                                            Function 00471CE4 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcess.KERNEL32(00000008,?,00479787,?,?,00000001,00000000,00000002,00000000,0047A008,?,?,?,?,?,00490C38), ref: 00471CED
                                            • OpenProcessToken.ADVAPI32(00000000,00000008,?,00479787,?,?,00000001,00000000,00000002,00000000,0047A008), ref: 00471CF3
                                            • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008,?,00479787,?,?,00000001,00000000,00000002,00000000,0047A008), ref: 00471D15
                                            • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008,?,00479787,?,?,00000001,00000000,00000002,00000000), ref: 00471D26
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                            • String ID:
                                            • API String ID: 215268677-0
                                            • Opcode ID: b8dd8522978c37078a23bae837822d7669e7a9385b1b3912b8ae2519caf80a33
                                            • Instruction ID: c12eef84649cb6e2f6a6854870b7cf4ad062ba222e75244fe963afc4875e72bb
                                            • Opcode Fuzzy Hash: b8dd8522978c37078a23bae837822d7669e7a9385b1b3912b8ae2519caf80a33
                                            • Instruction Fuzzy Hash: 2DF037616443056BD610E6B5CD81E5B77DCEB44354F04493A7E98C71D1D678DC089B26
                                            Function 004241E8 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastActivePopup.USER32(?), ref: 004241F4
                                            • IsWindowVisible.USER32(?), ref: 00424205
                                            • IsWindowEnabled.USER32(?), ref: 0042420F
                                            • SetForegroundWindow.USER32(?), ref: 00424219
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window$ActiveEnabledForegroundLastPopupVisible
                                            • String ID:
                                            • API String ID: 2280970139-0
                                            • Opcode ID: d9228b7f269806e4fe8e97f345a82837c2af6ea24a9e24666224f8ff684892d2
                                            • Instruction ID: e71b939943bb08068cd538cfbf2adeec964b373e7692791c6f26669312c8020f
                                            • Opcode Fuzzy Hash: d9228b7f269806e4fe8e97f345a82837c2af6ea24a9e24666224f8ff684892d2
                                            • Instruction Fuzzy Hash: 23E08CA178253593AE22B6A72D81A9B018CCD453C434A01A7BC08FB283DBACCC0082BC
                                            Function 00406284 Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GlobalHandle.KERNEL32 ref: 00406287
                                            • GlobalUnWire.KERNEL32(00000000), ref: 0040628E
                                            • GlobalReAlloc.KERNEL32(00000000,00000000), ref: 00406293
                                            • GlobalFix.KERNEL32(00000000), ref: 00406299
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Global$AllocHandleWire
                                            • String ID:
                                            • API String ID: 2210401237-0
                                            • Opcode ID: ccca6f24380267978f803e90f3f817f3fcf2956047d1379c6398f3f6a54b6072
                                            • Instruction ID: ad050c8fb554795a0ca7e59246f03ac17dd57b6c6051e6027a9978793207e39e
                                            • Opcode Fuzzy Hash: ccca6f24380267978f803e90f3f817f3fcf2956047d1379c6398f3f6a54b6072
                                            • Instruction Fuzzy Hash: A0B009C5814A05B9EC0833B24C0BD3F141CD88072C3808A6FB458BA1839C7C9C402A3D
                                            Function 00465C24 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 247windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemMenu.USER32(00000000,00000000,0000F060,00000001), ref: 00465E11
                                            • EnableMenuItem.USER32(00000000,00000000,00000000), ref: 00465E17
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Menu$EnableItemSystem
                                            • String ID: CurPageChanged
                                            • API String ID: 3692539535-2490978513
                                            • Opcode ID: b1625e4752ee74af58aba40311290ea900500bae59df2d2b2d41ad1c9696669c
                                            • Instruction ID: ab7830cd034902a018f3633d5f7e813821d05f3ecf729ff0a8a04420c7cd6334
                                            • Opcode Fuzzy Hash: b1625e4752ee74af58aba40311290ea900500bae59df2d2b2d41ad1c9696669c
                                            • Instruction Fuzzy Hash: 7CA10734604604EFC741DB69D989EAA73F5EF89304F2541F6F8049B362EB38AE41DB49
                                            Function 00467704 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
                                            Download Yara Rule
                                            Strings
                                            • Failed to proceed to next wizard page; aborting., xrefs: 004677F0
                                            • Failed to proceed to next wizard page; showing wizard., xrefs: 00467804
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Failed to proceed to next wizard page; aborting.$Failed to proceed to next wizard page; showing wizard.
                                            • API String ID: 0-1974262853
                                            • Opcode ID: ca7d52e32b1f50b24c16d12faf74625e74990e5f2a97b77bfd751917ec34c771
                                            • Instruction ID: 54b8d4b4028f273aede26eca5f3620dfaa6aeb886877892ecf599f8e019bb906
                                            • Opcode Fuzzy Hash: ca7d52e32b1f50b24c16d12faf74625e74990e5f2a97b77bfd751917ec34c771
                                            • Instruction Fuzzy Hash: BF31E034A08204EFDB01EB65C985E9D77F5EB49718F6140BBF80497352EB78AE00CA59
                                            Function 00402584 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlEnterCriticalSection.KERNEL32(00492420,00000000,)), ref: 004025C7
                                            • RtlLeaveCriticalSection.KERNEL32(00492420,0040263D), ref: 00402630
                                              • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(00492420,00000000,00401A82,?,?,0040222E,02212B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                              • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(00492420,00492420,00000000,00401A82,?,?,0040222E,02212B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                              • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,00492420,00000000,00401A82,?,?,0040222E,02212B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                              • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(00492420,00401A89,00000000,00401A82,?,?,0040222E,02212B20,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                            • String ID: )
                                            • API String ID: 2227675388-1084416617
                                            • Opcode ID: 4485ac256982a062d4fa7b498a16ced20a2b64ccb8ee85a4042039cc97c61c73
                                            • Instruction ID: 5ca06efdeebc3fba4ee02943ae555fbbec684c5e6e5b72b014691e2301117c59
                                            • Opcode Fuzzy Hash: 4485ac256982a062d4fa7b498a16ced20a2b64ccb8ee85a4042039cc97c61c73
                                            • Instruction Fuzzy Hash: 9B1101317052047FEB25AB7A9F1A62B6AD4D795758B24087FF404F32D2D9FD8C02826C
                                            Function 0048EC92 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 0048ECCB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Window
                                            • String ID: /INITPROCWND=$%x $@
                                            • API String ID: 2353593579-4169826103
                                            • Opcode ID: 9fceb97f9dee9116b4f9cd4460141dcdd6850024def755ee183cc3526b898cc5
                                            • Instruction ID: f0e425cee1880468264a3bcbee4eb035e6200ab2a1fbac31d2564d6a1bb1e37f
                                            • Opcode Fuzzy Hash: 9fceb97f9dee9116b4f9cd4460141dcdd6850024def755ee183cc3526b898cc5
                                            • Instruction Fuzzy Hash: 9B11D371A042499FDB01EBA5D841BEE7BF8EB49314F50487BE404E7292D77CA909CB9C
                                            Function 00446AF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                              • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                            • SysFreeString.OLEAUT32(?), ref: 00446BA2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: String$AllocByteCharFreeMultiWide
                                            • String ID: NIL Interface Exception$Unknown Method
                                            • API String ID: 3952431833-1023667238
                                            • Opcode ID: 362162391730a25950e7aa170bba04378c1fce2f874df6f4840bb5fc14c81873
                                            • Instruction ID: 34182cf724be706de40d5a6da2d3ea217801cbd4a50a487fa4911f02854a4a1d
                                            • Opcode Fuzzy Hash: 362162391730a25950e7aa170bba04378c1fce2f874df6f4840bb5fc14c81873
                                            • Instruction Fuzzy Hash: F211B9706003489FDB10DFA5CC52AAEBBBCEB49704F52407AF500E7681D679AD04C76A
                                            Function 0048E504 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,0048E5CC,?,0048E5C0,00000000,0048E5A7), ref: 0048E572
                                            • CloseHandle.KERNEL32(0048E60C,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,0048E5CC,?,0048E5C0,00000000), ref: 0048E589
                                              • Part of subcall function 0048E45C: GetLastError.KERNEL32(00000000,0048E4F4,?,?,?,?), ref: 0048E480
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CloseCreateErrorHandleLastProcess
                                            • String ID: D
                                            • API String ID: 3798668922-2746444292
                                            • Opcode ID: ae870745a4cac2ffd9d929a47141e3125d0b46157059bed4d3fb6d2d61e0bba6
                                            • Instruction ID: 6a615ac2cff9bf009bed2b39286a60f6aa18dfcc8d35b7c44523146efba21c0d
                                            • Opcode Fuzzy Hash: ae870745a4cac2ffd9d929a47141e3125d0b46157059bed4d3fb6d2d61e0bba6
                                            • Instruction Fuzzy Hash: 060165B1604248BFDB04EBD2CC52E9F7BECDF08718F51043AB504E7291E6785E05C658
                                            Function 00454DEC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageA.USER32(00000000,00000B06,00000000,00000000), ref: 00454E01
                                            • SendMessageA.USER32(00000000,00000B00,00000000,00000000), ref: 00454E93
                                            Strings
                                            • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 00454E2D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)
                                            • API String ID: 3850602802-809544686
                                            • Opcode ID: 54083ba9fccb401c7464610d778857259814b88aca41352c3b28b729242d415b
                                            • Instruction ID: c0f4a4cb65a707f69109a7cbf24843c611ca21f6354bed41214754854ac40189
                                            • Opcode Fuzzy Hash: 54083ba9fccb401c7464610d778857259814b88aca41352c3b28b729242d415b
                                            • Instruction Fuzzy Hash: 2F11C8716443506BD300EB699C82B5F7BA89B95308F04847FFA81DF3D2C3B95844D76A
                                            Function 0046F8A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42fileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00406EF0: DeleteFileA.KERNEL32(00000000,00492628,004906E1,00000000,00490736,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406EFB
                                            • MoveFileA.KERNEL32(00000000,00000000), ref: 0046F906
                                              • Part of subcall function 0046F758: GetLastError.KERNEL32(00000000,0046F844,?,?,?,00493060,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0046F8CB,00000001), ref: 0046F779
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: File$DeleteErrorLastMove
                                            • String ID: DeleteFile$MoveFile
                                            • API String ID: 3195829115-139070271
                                            • Opcode ID: b0be4341a0637d195a70b7a110039d5830df33d111ea9a508efd80c07e6ee36d
                                            • Instruction ID: f1cebc0cb96c5cf1ed8be3b38952e05ad97f7cd0b069703ba66f8283a9432f3b
                                            • Opcode Fuzzy Hash: b0be4341a0637d195a70b7a110039d5830df33d111ea9a508efd80c07e6ee36d
                                            • Instruction Fuzzy Hash: 35F062A12051446BDE10BB69B54275B23889F0239DB1041BBBCC06B387EB3D9C0E87AF
                                            Function 0048F902 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00453AF8: GetCurrentProcess.KERNEL32(00000028), ref: 00453B07
                                              • Part of subcall function 00453AF8: OpenProcessToken.ADVAPI32(00000000,00000028), ref: 00453B0D
                                            • SetForegroundWindow.USER32(?), ref: 0048F934
                                            Strings
                                            • Not restarting Windows because Uninstall is being run from the debugger., xrefs: 0048F95F
                                            • Restarting Windows., xrefs: 0048F911
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Process$CurrentForegroundOpenTokenWindow
                                            • String ID: Not restarting Windows because Uninstall is being run from the debugger.$Restarting Windows.
                                            • API String ID: 3179053593-4147564754
                                            • Opcode ID: af8013956ed1e441d462507a332d2bb0e9ba5b4fab94b57e1f2de3ed3b9a88cc
                                            • Instruction ID: 6d3c2020791d7036b49287d64f904da8ce72110519df1e124044460b8ab960db
                                            • Opcode Fuzzy Hash: af8013956ed1e441d462507a332d2bb0e9ba5b4fab94b57e1f2de3ed3b9a88cc
                                            • Instruction Fuzzy Hash: 1001F2B0204240BBE701FB75E942B9C27D89748309F50847BF440AB2D3CABCAD4C8B2D
                                            Function 00403344 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(00000000,00490B12), ref: 0040334B
                                            • GetCommandLineA.KERNEL32(00000000,00490B12), ref: 00403356
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CommandHandleLineModule
                                            • String ID: @8^
                                            • API String ID: 2123368496-345478362
                                            • Opcode ID: d737cc7b9cd13b528ce14af1aacc88c8ddd298868fec6d91f7c233b30a1e07fe
                                            • Instruction ID: 15d18a38a4fda6e83645f6d70f9b704c6f366be4de143aedaa8863cd8992b112
                                            • Opcode Fuzzy Hash: d737cc7b9cd13b528ce14af1aacc88c8ddd298868fec6d91f7c233b30a1e07fe
                                            • Instruction Fuzzy Hash: EAC002609012059AE750AF7559467152A949751349F80447FB204B61E3D6BC82059BDE
                                            Function 00453B88 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.3000406795.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.3000383079.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000472369.0000000000491000.00000004.00000001.01000000.00000004.sdmpDownload File
                                            • Associated: 00000002.00000002.3000505189.00000000004A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: ErrorLastSleep
                                            • String ID:
                                            • API String ID: 1458359878-0
                                            • Opcode ID: 181e487ce04dcc9aab40a4972e77adf00e3b85c166b0b9eca42f4891cead26d2
                                            • Instruction ID: 70cd491ee1c602b8227b57ee529d2398dd08f77e1846977ffbd05afa78f388ef
                                            • Opcode Fuzzy Hash: 181e487ce04dcc9aab40a4972e77adf00e3b85c166b0b9eca42f4891cead26d2
                                            • Instruction Fuzzy Hash: 2CF0B432B04514679F20BD9F9985A6F628CDA943E7720016FFD05DF303C43AEE4956A9

                                            Non-executed Functions

                                            Function 01002A34 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                            • FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A48
                                            • SizeofResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,Windows Media Format 11 Runtime Setup,0000007F,?,00000000), ref: 01002A4C
                                            • FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 01002A68
                                            • LoadResource.KERNEL32(00000000,00000000,?,01004C70,TITLE,Windows Media Format 11 Runtime Setup,0000007F,?,00000000), ref: 01002A6C
                                            • LockResource.KERNEL32(00000000,?,01004C70,TITLE,Windows Media Format 11 Runtime Setup,0000007F,?,00000000), ref: 01002A73
                                            • FreeResource.KERNEL32(00000000,?,01004C70,TITLE,Windows Media Format 11 Runtime Setup,0000007F,?,00000000), ref: 01002A97
                                            Strings
                                            • Windows Media Format 11 Runtime Setup, xrefs: 01002A38
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2590913445.0000000001001000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true
                                            • Associated: 0000000A.00000002.2590891018.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000A.00000002.2590947263.000000000100A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000A.00000002.2590983762.000000000100C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000A.00000002.2590983762.0000000001013000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1000000_WMFDist11.jbxd
                                            Similarity
                                            • API ID: Resource$Find$FreeLoadLockSizeof
                                            • String ID: Windows Media Format 11 Runtime Setup
                                            • API String ID: 468261009-3936314281
                                            • Opcode ID: 60513ed6fa868ebe5019eda0ed49016e3eb50df202396a8709f0f5900e5d54f2
                                            • Instruction ID: b81af5958d1d79e739a71e668ea852868a10399b4e191fd1668772ccbe63b742
                                            • Opcode Fuzzy Hash: 60513ed6fa868ebe5019eda0ed49016e3eb50df202396a8709f0f5900e5d54f2
                                            • Instruction Fuzzy Hash: D301D631700148BBEB339B66AC88D7F7BADFB8A791F044019F986C7144CA768880DB61